KB User's Guide - Users Tab - Group Authorization

User Group Authorization settings can be used to grant or deny read access to internal KB sites.

To use this feature, go to Users tab > Group Authorization link on the left navigation bar.

UserTab

You will be led to the User Group Authorization screen. From here, you may enter an Attribute, choose a Condition from the dropdown list (is equal to, starts with, contains), and add the Attribute Value. Click on the Add button and a line number will be assigned to the Group Authorization entry you just created. 


In addition to working with Manifest and Grouper, the KB can also act upon any attribute that Shibboleth is capable of delivering, for example; "wiscEduUDDS" and eppn. Rules can be added for allowing members of specific Grouper/Manifest groups. Read access based on Unit Division Department Sub-department (UDDS) numbers, or any other Shibboleth attribute, can be granted. This is most ideal for institutional departments that would like to authorize large groups of employees, even if they are not using Manifest/Grouper.

The examples below demonstrate different attributes used for Group Authorization.

  • The eppn (eduPersonPrincipalName) attribute grants the institution of uchicago.edu authorization.
  • The isMemberOf attribute grants members of the DoIT Help Desk KB to authorization to the KB User's Guide (kbGuide).
  • The wiscEduUDDS attribute grants all members of A065 authorization.

***Note: For those at the University of Wisconsin - Madison, here is a link leading to the UW-Madison Departmental Look-up tool. https://www.rsp.wisc.edu/services/udds.cfm. Enter your Department name in the field provided and you will see a table listing the UDDS/ DeptID, Short Name and Long Name of the Department. You may select the UDDS/DeptID covering a range as wide or as narrow as you require.




Keywords:manifest grouper attribute shibboleth shib UDDS single sign on authentication deliver attributes eppn isMemberOf wiscEduUDDS group authorization link authentication mechanism   Doc ID:22116
Owner:Teresa A.Group:KB User's Guide
Created:2012-01-09 12:29 CDTUpdated:2016-08-29 16:33 CDT
Sites:KB User's Guide
Feedback:  0   0