Identity Services provides support for creating groups of individuals via our Identity Manager.

The use-case for group tagging is that a group owner can manually tag individuals as belonging to a particular group, and then use that tag programmatically to identify individuals later (e.g. to authorize access to a particular application or service).

Any employee can request a group tag be created for their particular need.

We'll create a group tag – a string of the form [dept]_[application] – and assign one or more owners to the tag.

Once created, the tag owners can use our Group Tagger application to manage assignment of individuals to their group tags. A group tag can also be set to be automatically assigned to individuals based on their home department.

The group tag assigned will be reflected in the individual's Identity Services record via the ucsbGroup attribute. This attribute can be queried via LDAP or requested as part of a SSO attribute request.