KB User's Guide - Users Tab - Group Authorization
User Group Authorization settings can be used to grant or deny read access to internal KB sites.
To use this feature, go to Users tab > Group Authorization link on the left navigation bar.
You will be led to the User Group Authorization screen. From here, you may enter an Attribute, choose a Condition from the dropdown list (is equal to, starts with, contains), and add the Attribute Value. Click on the Add button and a line number will be assigned to the Group Authorization entry you just created.
In addition to working with Manifest and Grouper, the KB can also act upon any attribute that Shibboleth is capable of delivering, for example; "wiscEduUDDS" and eppn. Rules can be added for allowing members of specific Grouper/Manifest groups. Read access based on Unit Division Department Sub-department (UDDS) numbers, or any other Shibboleth attribute, can be granted. This is most ideal for institutional departments that would like to authorize large groups of employees, even if they are not using Manifest/Grouper.
The examples below demonstrate different attributes used for Group Authorization.
eppn(eduPersonPrincipalName) attribute grants the institution of uchicago.edu authorization.
isMemberOfattribute grants members of the DoIT Help Desk KB to authorization to the KB User's Guide (kbGuide).
wiscEduUDDSattribute grants all members of
***Note: For those at the University of Wisconsin - Madison, here is a link leading to the UW-Madison Departmental Look-up tool. https://www.rsp.wisc.edu/services/udds.cfm. Enter your Department name in the field provided and you will see a table listing the UDDS/ DeptID, Short Name and Long Name of the Department. You may select the UDDS/DeptID covering a range as wide or as narrow as you require.