Manifest - Data Driven Groups
Manifest has the ability to consume some pre-populated groups.
Manifest users can consume UDDS groups by entering a group location with the following naming convention:
[UDDS] can use any valid UDDS number. Employment data can be complicated(especially when using a unit's UDDS) so it may be best to consult your HR if you're unsure of what UDDS you need to use, but a UDDS search can be found here as well: Madison UDDS.
- For all employees use A:
- For a division add the 2 digit identifier:
- For a department add the next two digit identifier onto that:
- For a unit add the additional 2 digit identifier:
An important thing to note is that when people leave a job HR may not actually end their job in HRS right away. Because of this they will still be an employee of the UDDS after they are gone and be a part of the group membership.
Level of Assurance Groups
Level of Assurance groups allows for application owners to limit access to users based on their level of identity proofing. See "Application of NIST 800-63 to UW-Madison" on: https://www.cio.wisc.edu/security-initiatives-levels.aspx for the official source on level of access(Please note Level 0 is now part of Level 1). Manifest merely provides the groups for applications to consume, it does not define them.
The above link is the definitive source on Level of Assurance, but the following is general information:
- Level 1: No identity proofing. Spec Pop identies(NetIDs created in Manifest) fall in this category.
- Level 2: Idenities have some proofing done. HR System and Student System Identies fall in this category.
- There are times where people from Level 2 would move to Level 1. Such as when they have too many failed password attempts.
Manifest users can consume LoA groups by entering a group location with the following naming convention:
[LOA] can be replaced with "loa_1", or "loa_2"