Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The following following uhReleasedGrouping values are made available by ITS as an added convenience.  Developers may find it useful to check for these values as part of their application authorization step.

Curated Groupings

Our UH Group Store has a wealth of groups that would be useful to UH applications.  ITS will work with the Data Governance Program to curate a collection of groups from the UH Group Store and make them available via uhReleasedGrouping.

Having a curated collection of groupings in uhReleasedGrouping means your application can check against a lot of official data without having to create a grouping. Of course, if you expect to manage exceptions, you should create your own grouping (usually with some of the groups in our curated collection) and release it.

Remember that uhReleasedGrouping data is only for official use within the UH community and not for release to external parties, except under the terms of a written memorandum of agreement or contract. 

Value of uhReleasedGrouping

Description

Available Since

hawaii.edu:store:uhims:general:mfa-

enrolled

enabled

Person has registered for multi-factor authentication (MFA)

, and therefore must pass

and is not in Duo bypass mode. 

If CAS returns this value after a successful authentication, it can be surmised that the person has passed the Duo prompts in the UH Login screen.

  This will eventually be replaced by the mfa-enabled value described below.1/22/2018under-age-of-majority(warning) This grouping will no longer be freely available for general use. Contact its-iam-help@lists.hawaii.edu if you need to build a grouping with this information.

1/31/2018

Coming Soon: New Format, More Data

Our UH Group Store has a wealth of groups that would be useful to UH applications.   We will work with the Data Governance Program to curate a collection of groups from the UH Group Store and make them available via uhReleasedGrouping.

This means that both, your groupings and our curated collection of groups will appear in uhReleasedGrouping.  There won't be namespace collisions because of the nomenclature for each:

  •  uhReleasedGrouping value for groupings:
    • The name of the grouping (not the full path).  It should only have letters, numbers and hyphens.
    • An obfuscated grouping begins with "obf:" and is followed by a long hex string.
  • uhReleasedGrouping value for groups in curated collection:
    • The full path to the actual store group, which usually begins with hawaii.edu:store:
    • The full path to the group actually provides important information about the group.
      • For example, hawaii.edu:store:hris:aff:uhsystem:staff.apt tells us that these are all the APT Staff at a system-level office according to the PeopleSoft HR system.
      • If there is already a nomenclature for the UH Group Store, it does not make sense to come up with a new nomenclature for use with uhReleasedGrouping.  It would be cumbersome, confusing and harder to maintain.

Look Ma, No Grouping!

Having a curated collection of groups in uhReleasedGrouping means your application can check against a lot of official data without having to create a grouping.

Of course, if you expect to manage exceptions, you should create your own grouping (usually with some of the groups in our curated collection) and release it.

Tentative List

Value of uhReleasedGroupingDescriptionhawaii.edu:store:uhims:general:mfa-enabledWill deprecate mfa-enrolled grouping because this grouping excludes users that are in bypass modehawaii.edu:store:<dataOrigin>:aff:<org>:<roleOrRoleCombinations>

If you require MFA and it didn't happen, your application can redirect the user to our generic MFA-required page.

(warning) Departmental usernames are currently not supported!

Non-personal usernames who are registered and enabled for Duo will not have this uhReleasedGrouping value.  This might change in the future, but as of this writing, UH Groupings was designed with people as grouping members (as opposed to usernames or email addresses). Departmental usernames are often used by multiple individuals, so their ambiguity seems counter-productive to authentication, authorization and MFA.

(info) Updated every 2 minutes

9/19/2018

hawaii.edu:store:uhims:general:gcn-compliant

Person has a current acknowledgement of the University of Hawaii General Confidentiality Notice (GCN). See https://www.hawaii.edu/its/acer/

  • Does not expire until the person leaves the University.

  • Usually part of the ISAT (see below)

(warning) Updated on a nightly basis only.

1/29/2019

hawaii.edu:store:uhims:general:isat-compliant

Person has a current certification for the UH Information Security Awareness Training Certification (ISAT). See https://www.hawaii.edu/its/acer/

  • Renewed annually.

  • Can be renewed a month in advance

(warning) Updated on a nightly basis only.

1/29/2019

hawaii.edu:store:uhims:general:isat-compliant-renew

Those who are currently ISAT-compliant and can renew for the upcoming ISAT compliance period.  Useful for sending reminders to those who should renew their ISAT compliance.

3/19/2019

hawaii.edu:store:uhims:general:faculty-staff

People who are considered faculty/staff.  PeopleSoft and RCUH are the main sources of this information, but it also takes into account faculty data in Banner and staff data (including postdocs) in UHIMS.

This is useful for websites that need to restrict content to faculty/staff and don't expect to make exceptions to that rule.

9/10/2019

hawaii.edu:store:any-dataOrigin:aff:hawcc:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:hcc:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:kauaicc:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:kcc:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:lcc:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:mauicc:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:uhh:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:uhm:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:uhwo:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:wcc:studentEmployee
hawaii.edu:store:any-dataOrigin:aff:uhsystem:studentEmployee

Person has employee role at the campus shown in the curated grouping path.

3/1/2023