KB User's Guide - Using Manifest to Authorize Users for the KB
Granting Internal KB Access
-
Create a new group in Manifest: Manifest - Create a Group. Please take care to only use lowercase characters and underscores in your group name, as spaces and other characters may prevent authorization from working as expected.
-
Add the users you would like to authorize for your internal KB as group members. Users may be authorized as individuals, or authorized based on their membership to other groups. The latter is useful if your unit is already using Manifest and maintaining other groups, or if you would like to authorize users based on their university affiliation, such as their HR-designated affiliation (i.e. UDDS groups) or enrollment data (i.e. student groups).
For more information on using UDDS groups or student groups in Manifest, please see Manifest - Data Driven Groups. If you are unsure of what UDDS code to refer to, it is best to check with your HR department, or trying searching for the code.
-
Release your Manifest group to the KB's Shibboleth Service Provider. To do so, please follow the steps outlined in Manifest - Manage SAML2 EntityIDs, entering https://kb.wisc.edu/shibboleth as the EntityID.
-
Make note of your group's path. This will appear at the top of the group page in Manifest directly below your group's name, with colons as the path delimiters. All UW-Madison Manifest group paths will start with the "uw" folder and ultimately terminate in the group name. For example, the group depicted below has the path "uw:domain:kb.wisc.edu:demo_group".
-
Follow the steps in KB User's Guide - Users Tab - Group Authorization to set up a Group Authorization rule in the KB Admin Tools, where the Attribute name is entered as "isMemberOf", the Condition is set to "is equal to", and the Attribute value is the group path you copied in the previous step.
Provisioning NetIDs for KB Collaborators
If you work with someone who needs access to your internal KB, but they do not have a NetID, there are two ways to approach this:
- First, reach out to your HR to find out if the user in question to find out if the user in question should be part of an Affiliate Population that would be eligible for a NetID.
-
If HR does not believe they should be assigned a formal Affiliate Population, follow the instructions in Manifest - Using a Manifest Group to Invite People to Create Identities (NetIDs). When you reach the step where you request permission to invite external users, note that the group is being used to grant access to the KnowledgeBase service and describe the relevant user base as appropriate (e.g. visiting researchers who will be contributing to KB documentation).
Once those external users have gone through the NetID activation process, you will be able to add them to your users list like any other UW-Madison affiliate: KB User's Guide - Users Tab - Adding a User
Alternatively, you may also set up a Group Authorization rule for the new Manifest group as described in KB User's Guide - Users Tab - Group Authorization.