Manifest - Creating Manifest Groups to Invite People to Create Identities (Group Owners)
Manifest allows the creation of Identities that can get NetIDs for people who do not have NetIDs through Manifest Group invitations.
Manifest allows the creation of Identities that can get NetIDs for people who do not have NetIDs through invitations. Only groups that have been approved by the NetID Data Custodian have this feature enabled. Below are the different ways you can request the ability to invite people to create NetIDs.
It is important to remember that you don't know who has NetIDs and who does not. Many hundreds of thousands of people have NetIDs because of various associations with UW-Madison. Do not assume people do not have an existing identity with a NetID. As such, the process to get someone in to the system is to invite them to a resource (a group) that enables them to log in with an existing identity of create a new identity if needed.
There is no difference between any NetID and there is no such thing as a
Manifest NetID. Identities belong to people and those people have roles that grant them access to resources, usually based on data. Authentication with a NetID does not imply any particular relationship to the University of Wisconsin, and does not grant access to any proprietary University resources (for example, Network, VPN or Office365.) If you need your people to have access to resources other than those controlled by access control that you are responsible for, you will need to contact the owner of those resources to gain access.
You will need a group to request access, it can either be a new group or an existing group:
Create a New Group
The following steps will tell you how to request the ability to invite people to create NetIDs while creating a new Manifest group.
Log in to Manifest.
- Groups must be created within a folder. If you do not have privileges to create a group within a folder, you may request a new folder. Refer to Manifest - Request a Manifest Folder.
- Click the Create new group button.
- Select the folder that you want to create the group in from the dropdown list.
- Enter a group name of your choice. See Manifest Group and Folder Naming Advice and Philosophy if you aren't sure about a name.
- Enter a brief description of the group.
- Enter the email addresses of the contact people for this group (only one is required but multiple canentered).
- Click Advanced Options to show additional settings.
- Check the Request permission to invite external users (without NetIDs) box and fillout the questions box below it.
- Click Create Group.
Use an Existing Group
The following steps will tell you how to request the ability to invite people to create NetIDs while using an existing Manifest group.
- Log in to Manifest
- The Groups I Manage and Groups I Administer tabs show the groups that you currently manage. If no groups appear it's because you don't have the privileges on any groups.
- Click on Details by the group to which you're adding members. The page for that group will open.
- Click the Invitations tab. Click the Request Permission button.
- The page will slide down and you can fill out the request box with pertinent information.
- Click Submit Request to submit the request.
Your group must now be approved by the NetID data custodian; you will not be able to send invitations until the approval process has been completed. If approved, you will be notified via email.
Invite members without NetID to your group
Once the group is approved, you will be able invite people without NetIDs to join. To do this, group owners should use the email invitation system to invite members without NetIDs to their group, see Manifest - Send Email Invitations for instructions.
The recipient will receive an email with a link to create their new NetID as outlined in Manifest - Respond to Email Invitations . For more information on when it is appropriate to use this functionality, refer to Manifest - When to Use Spec Pop in Manifest to Create New NetIDs.
Deactivation and Authorization
Because NetIDs are attached to identities that are attached to people, and are not created for specific purposes, they are not disabled or deactivated without regard to the ecosystem of resources they may have access to.
NetIDs that are believed to be compromised should be reported to security and will be handled through the security incident management process.
If a person is no longer of interest to you, remove him or her from your group. Because NetIDs are not deactivated while they are eligible, it is important to remove people from your NetID eligible group when they are no longer of interest to you. They will still be able to authenticate, but they will not be authorized for your service and (if they are not eligible for another reason) eligible to have a NetID. After a period of ineligibility, they will be deactivated.
NetID Login Service has documentation on using access control for your application.