Manifest - Creating Manifest Groups to Invite People to Create Identities (Group Owners)

Manifest allows the creation of Identities that can get NetIDs for people who do not have NetIDs through Manifest Group invitations.

For more information on populations that are eligible for NetIDs, see Getting NetIDs for Affiliate Populations

Notes:

  • Always encourage people to click "I have a NetID" if they believe they already have a NetID account through a previous affiliation with UW.
  • You must request permission and be approved before you can invite external users.
  • NetIDs that are believed to be compromised should be reported to cybersecurity and will be handled through the security incident management process.

Identities belong to people and those people have roles that grant them access to resources, usually based on data. Authentication with a NetID does not imply any particular relationship to the University of Wisconsin, and does not grant access to any proprietary University resources (for example, Network, VPN or Office365.) If you need your people to have access to resources other than those controlled by access control that you are responsible for, you will need to contact the owner of those resources to gain access.

You will need a group to request access to specific UW services. It can either be a New Group or an Existing Group:

Create a New Group

Create a New Group

The following steps will tell you how to request the ability to invite people to create NetIDs while creating a new Manifest group. For more detailed instructions, please see Manifest - Create a Group.

  1. Log in to Manifest.

  2. Groups must be created within a folder. If you do not have privileges to create a group within a folder, you may request a new folder. Refer to Manifest - Request a Manifest Folder.
  3. Click the Create new group button.
  4. Select the folder that you want to create the group in from the dropdown list.
  5. Enter a group name of your choice. See Manifest Group and Folder Naming Advice and Philosophy if you aren't sure about a name.
  6. Enter a brief description of the group.
  7. Enter the email addresses of the contact people for this group (only one is required but multiple canentered).
  8. Click Advanced Options to show additional settings.
  9. Check the Request permission to invite external users (without NetIDs) box and fillout the questions box below it.
  10. Click Create Group.

Use an Existing Group

Use an Existing Group

The following steps will tell you how to request the ability to invite people to create NetIDs while using an existing Manifest group.

  1. Log in to Manifest
  2. The Groups I Manage and Groups I Administer tabs show the groups that you currently manage. If no groups appear it's because you don't have the privileges on any groups.
  3. Click on Details by the group to which you're adding members. The page for that group will open.
  4. Click the Invitations tab. Click the Request Permission button.
  5. The page will slide down and you can fill out the request box with pertinent information.
  6. Click Submit Request to submit the request.

Your group must now be approved by the NetID data custodian; you will not be able to send invitations until the approval process has been completed. If approved, you will be notified via email.

Managing Users in Manifest

Invite members without a NetID to your group

Invite members without a NetID to your group

Once the group is approved, you will be able invite people without NetIDs to join the group using the email invitation system. 

Note: make sure to click the "request permission” button on the Manifest group overview page to request permission for external users in your group to create NetIDs:

manifest-netid-invite.png

Please see Manifest - Send Email Invitations for detailed instructions.

The recipient will receive an email with a link to create their new NetID as outlined in Manifest - Respond to Email Invitations for New NetIDs (Manifest, SpecPop) . For more information on when it is appropriate to use this functionality, refer to Getting NetIDs for Affiliate Populations.

Note: Groups that can add external people in this manner cannot also add groups as members.

Account Removal and Compromised Accounts

Account Removal and Compromised Accounts

Note:NetIDs that are believed to be compromised should be reported to cybersecurity and will be handled through the security incident management process.

If a person is no longer of interest to you, remove them from your group. It is important to remove people from your NetID eligible group when they are no longer related to this group because it ensures services are only provisioned to eligible accounts. The user will still be able to authenticate, but they will not be authorized for services through your Manifest Group or(if they are not eligible for another reason) eligible to have a NetID.

FAQs

Are Service Owners responsible for adding NetIDs to groups, or should this step be owned by the overarching department?

In most cases, Departments should set up their own Manifest groups and are responsible for adding/removing users and requesting services. The department can also re-use that list for their own purposes (eg, securing a website, maintaining a mailing list). Note: If someone has access because they are a paying customer of a service, the Service Owner should maintain the group (eg, removing people or setting expiration dates appropriately).

If the user only needs access for a short period, how can I keep track of service access and decommissioning when they no longer need it?

Manifest has capabilities to set an end date for someone's access to a certain Manifest Group using steps on Manifest - Membership Start and End Date.

Should users create new NetIDs if they already have one?

No, people should only have one NetID. Always encourage people to click "I have a NetID" if they believe they already have a NetID account through a previous affiliation with UW, and try to recover it if needed using steps on NetID - Recovering a Forgotten NetID. This will prevent users having duplicate accounts. Creating a second NetID can cause confusion, has the potential for data loss, and should be a last resort after contacting support.

See Also:




Keywords:enterprise groups grouping gams manifest create group netid spec pop invite invitation guest netid   Doc ID:28826
Owner:Naomi S.Group:Identity and Access Management
Created:2013-02-27 11:55 CDTUpdated:2021-04-30 11:13 CDT
Sites:DoIT Help Desk, Identity and Access Management, Learn@UW-Madison
Feedback:  2   1