Designate a high-assurance group for use with restricted data

When managing access to restricted data in guest collections, permissions may assign access to groups as well as to individuals. Each group must be flagged as a high-assurance group.

To designate a high-assurance group, locate the group in the Groups section of the Globus Web App. If the group isn’t listed on the main page, search for it by name.

Once you’ve located the group, click the group’s name to view its configuration, then click "Edit Group". In the "Policies" section, tick the checkbox labeled "Enable High Assurance".

Change the authentication timeout to the value required by your institution. (The default is eight hours, or 28800 seconds.) Click "Save."

At this point, your group is now designated for high-assurance use.

When you return to the group settings page, you may see a notice that you must authenticate as a specific identity to make further changes to the group. Because the group is now using strict authentication, this is expected if you haven’t authenticated to the required identity in the current session. Follow the prompts to re-authenticate.