KleUpdate service
Danish municipalities use a taxonomy named KL Emnesystematik (KLE) to register municipal tasks (topics) and administrative actions in relation to the task (action facets) on cases. KLE reflects the part of the Danish legislation that covers the municipal administration. KLE information is managed in the supporting system named Fælleskommunalt Klassifikationssystem. The KleUpdate service imports the KLE taxonomy in to WorkZone and ensures that the scheme is automatically updated when changes are made in KLE.
Multitenant app registration
The LocalGovApi and KleUpdate services require access to WorkZone OData. To enable the access, you need to create an app registration for each service. Follow these steps for each service:
-
Follow steps 1 and 2 in Set up third-party integrations in Azure.
-
Give your application a meaningful name as it will be linked to a system user in WorkZone (See step 7).
-
Make sure to note the Directory (Tenant) Id, Application (Client) ID and Client Secret from the previous step.
-
Go to Entra ID > App Registration and select your app.
-
Click the app name/link next to Managed Application in local directory.
-
Copy the Object ID (Enterprise Application Object ID) and note it down for later use.
-
Update the WorkZone users in the database with the corresponding Object ID using the following command:
update users set oid='{Object ID}' where user_name ='KLESYNCUSER';
Adding secrets
You need to create secrets using the values that you noted down in step 3 of the Multitenant app registration registration process. The secrets must be assigned to a predefined secret key. Below is the mapping of secret keys to their corresponding required values:
| Secret key | Secret value owner |
|---|---|
|
WORKZONE-AZURE-SYS-TENANTID |
The Directory (Tenant) ID corresponding to the KleUpdate service, see Multitenant app registration (step 3). |
|
WORKZONE-AZURE-SYS_KLESYNCUSER-CLIENTID |
The Application (Client) ID for the KleUpdate service, see Multitenant app registration (step 3). |
|
WORKZONE-AZURE-SYS-KLESYNCUSER-CLIENTSECRET |
Recorded Client Secret for the KleUpdate service, see Multitenant app registration (step 3). |
Customer specific secrets (azure-aks-key-vault)
The KleUpdate service requires access to external services for synchronizing facets and classifications. The necessary access information is customer-specific and must be provided by the customer. The customer needs to provide a Client ID and a Client Secret to access STS-Bridge system. Client ID and Client Secret must be assigned to the following predefined secret keys:
-
WORKZONE-KOMSERVICE-STSBRIDGE-CLIENTID
-
WORKZONE-KOMSERVICE-STSBRIDGE-CLIENTSECRET
Environment variables and Helm chart variables
The table below lists the variables and corresponding values that specific to the KLEUpdate service.
| Variable | Test value |
Production value |
|---|---|---|
|
identityProviderScope |
urn:sts-bridge-api.test/Access |
urn:sts-bridge-api.prod/Access |
|
identityProviderConfiguration |
https://kmd-stsbridge-test1-webapp.azurewebsites.net/ |
https://kmd-stsbridge-prod2-webapp.azurewebsites.net/ |
|
identityProviderConfigurationOpenData |
https://kmd-stsbridge-test1-webapp.azurewebsites.net/ |
https://kmd-stsbridge-prod2-webapp.azurewebsites.net/ |