CUD access

Requesting use of Core User Directory (CUD) interfaces

A request must be made separately for access to CUD via each of the interfaces.

Expand All

The prerequisite for all access is to request personal access to the CUD User Interface (CUD UI)

To request access to the CUD UI, please use the service request linked from the IAM service requests page.

The initial request for access must be supported by a signed terms and conditions of CUD access form.  The signed form can either be scanned and attached to your service request, or returned to:

 

Identity and Access Management Team
Platform Services
University of Oxford
IT Services
13 Banbury Road
Oxford

Once you have access to the CUD UI you can request access to additional service interfaces.

Refer to the CUD interfaces introduction for details of the various service interfaces to determine which best suits your needs.  You are welcome to contact IAM if you're not sure, or need advice as to which may be best.

For requests to register for REST interface access please use the service request linked from the IAM service requests page.

For requests to register for non-REST interface access, please use the following email template to request access via a new service interface.

To: iam@it.ox.ac.uk
Subject: Request for access to CUD interface - <interface requested>
 
Please supply service access to CUD as follows:
Name: <your name>
ITSS: Y/N
Reason for access (required if not ITSS):
ITSS Managers:
Machine FQDN:
Interface requested:

 

When completing the email

  • the ITSS section should be answered Y/N, depending on whether you appear in the ITSS register
  • if you are not on the ITSS register you must provide a Reason for access, including why you are requesting access and the purpose CUD data will be put to
  • the ITSS Managers section requires a list of ITSS members with /itss principals, such as unit0001/itss, who should be given access to download kerberos principals or other credentials generated as a result of this request.  At least one must be provided
  • the Machine FQDN is the fully qualified network name of the server or service which will be using the interface, for example host.oucs.ox.ac.uk
  • the Interface requested should be one or more of:
    • REST  
    • SOAP query
    • SOAP push
    • SQL Push
    • LDAP push
  • If your request is for a REST or SOAP interface, and GSSAPI+Kerberos authentication is not supported by the software which will be used to access CUD, please include this information in Interface requested

Additional attributes are attributes that are not included in the CUD attribute set, these are available on application.  You must have a good reason for using additional attributes, access to which will be considered in consultation with the data owner.

Requests for access to additional SITS attributes (those within the "cud:uas_sits:" namespace) should normally be submitted by IT Support Staff.  The Identity and Access Management team will then seek further authorisation from the local Information Custodian, and/or Student Systems in the case of attributes deemed especially sensitive.

Please use the following email template to request access to additional attributes:

To: iam@it.ox.ac.uk
Subject: Request for additional CUD attributes
 
Please supply access to additional CUD attributes as follows:
Name: <your name>
SSO username/service principal name: <username or principal>
Additional attributes requested:
ITSS: Y/N
Reason for access:

 

When completing the email

  • the ITSS section should be answered Y/N, depending on whether you appear in the ITSS register
  • you must provide a Reason for access whether or not you are ITSS
  • the SSO username/service principal name is the name of the login which requires access to the additional attributes.  In the CUD UI this will be an SSO username.  For other interfaces this will be the kerberos service principal name which has already been granted access to CUD (usually via SQL Push or REST interface), and its name is normally in the form cud/<host fqdn>@OX.AC.UK
  • Additional attributes requested is the list of names of the additional attributes requested, taken from the complete list of attributes.

Please note that for requests to release additional SITS attributes (those within the cud:uas_sits: namespace), we will need to seek approval from the local Information Custodian (IC).

Once you have access to CUD, the following links will help you get started:

CUD UI for simple searching
CUD REST query examples
CUD REST interface client user guide

Get support

Local IT support provides your first line of on-the-spot help

FIND MY LOCAL IT TEAM

 

Common requests and fault reports can be logged using self-service

   USE IT SELF SERVICE      

   LOG A SUPPORT CALL     

VIEW MY SUPPORT CALLS  

 

The Central IT Service Desk is available 24x7 on +44 1865 6 12345

If you do not have access to your Single Sign-On, you can use this form to contact the Service Desk