Identity Services provides support for creating ad-hoc groups of individuals via our Group Tagging service. The use-case for group tagging is that a group owner can manually tag individuals as belonging to a particular group, and then use that tag programatically to identify individuals later (e.g. to authorize access to a particular application or service).
- Any employee can request a group tag be created for their particular need.
- We'll create a group tag a string of the form [dept]_[application] and assign one or more owners to the tag.
- Once created, the tag owners can use our Group Tagger application to manage assignment of individuals to their group tags.
- The group tag assigned will be reflected in the individual's Identity Services record via the ucsbGroup attribute. This attribute can be queried via LDAP or requested as part of a Shibboleth attribute request.