/
Implementation 2 : Self-Service eSignet Verification (Email-Based Consent)

Implementation 2 : Self-Service eSignet Verification (Email-Based Consent)

Self-Service eSignet Verification (Email-Based Consent)

Overview

In this workflow, the Enrollment Officer sends an email invitation to the insuree containing a verification link. The insuree independently authenticates through eSignet on their own device, grants explicit consent for data sharing, and is automatically redirected to openIMIS where their information is updated seamlessly in the background. This approach is GDPR-compliant and emphasizes user autonomy.

Key Characteristics

  • Authentication Actor: Insuree performs self-service authentication via personal device

  • Communication Channel: Email-based invitation with secure verification link

  • Consent Model: Explicit user consent through eSignet platform

  • Data Flow: Asynchronous update triggered by insuree verification

  • User Experience: Transparent background synchronization after consent

  • Use Case: Remote beneficiaries, post-enrollment verification, or alternative verification methods

Process Flow

  1. Enrollment Officer Initiates Email Invitation

    • Officer completes preliminary insuree registration in openIMIS

    • Officer enters insuree email address and clicks "EMAIL" button on the insuree form creation

    • System generates secure verification link with state parameters

    • Email is composed and sent to insuree address

WhatsApp Image 2025-10-22 at 08.47.34 (1).jpeg

  1. Email Delivery and Insuree Action

    • Insuree receives email with subject line "Insuree Verification Link"

    • Email contains:

      • Call-to-action: "Verify My Details" button

      • Fallback clickable link

    • Insuree clicks button/link to proceed with verification on eSignet platform

WhatsApp Image 2025-10-22 at 08.47.34.jpeg

 

  1. eSignet Authentication and Consent

    • Insuree is redirected to eSignet authentication portal

    • eSignet displays available authentication methods (depending on MOSIP configuration):

    • Insuree selects preferred authentication method

    • System displays consent screen showing:

      • Data fields being requested (personal, contact, identity information)

      • Scope of data sharing with openIMIS

      • Purpose of data collection

    • Insuree explicitly grants consent

WhatsApp Image 2025-10-22 at 08.47.33 (1).jpeg

 

  1. Insuree Platform Access and Confirmation

    • Insuree is automatically redirected to openIMIS Digital Information Card page

    • Background Data Synchronization :

      • Upon successful authentication and consent, eSignet returns encrypted token

      • openIMIS backend receives token via secure callback

      • System retrieves authenticated insuree data from MOSIP using token

      • All insuree fields are updated automatically:

        • Personal Information (Name, Date of Birth, Gender, Marital Status)

        • Contact Information (Phone, Email)

        • Identity Details (ID Type, Document Number)

WhatsApp Image 2025-10-22 at 08.47.33.jpeg

 

Advantages

✓ Empowers insurees with self-service verification
✓ Explicit consent aligns with privacy regulations (GDPR-compliant)
✓ Works for remote/dispersed beneficiaries
✓ Reduces burden on enrollment officers
✓ Transparently updates data in background
✓ Flexible verification timeline (multiple attempts possible)

Limitations

✗ Insuree must have email access
✗ Requires insuree to take action (may have lower completion rates)
✗ Internet connectivity required by insuree

 

Github sources :

 

Github sources :

Did you encounter a problem or do you have a suggestion?

Please contact our Service Desk


This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-sa/4.0/