Grouper at the University of Minnesota Christopher A. Bongaarts Grouper Virtual Working Group May 20, 2013.

Slides:



Advertisements
Similar presentations
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Advertisements

April 22nd 2008 Internet2 Spring member meeting Caleb Racey Newcastle University UK Studies in Advanced Access Management.
Kerry Osborne Senior Oracle Guy. Caveats The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much.
Outsourcing IAM in North Carolina
Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.
John Langsford 13 September 2006 CI Implementation Project.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Directory Services Project University of Colorado at Boulder.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.
Identity & Access Management / Oracle Unified Directory
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Signet and Grouper for Distributed Attribute Administration
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Cloud Control Senior Project Summer Overview Cloud Control is a platform to control data transmission to/from internet connected devices from the.
Chris Hyzer University of Pennsylvania
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
The University of Wisconsin University Directory Service UDS A repository of people information Has been in production for about a year. Serves White pages,
BfB: Supporting Collaboration with Infrastructure.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
IAM Online - Grouper Permissions Chris Hyzer University of Pennsylvania / Internet2 September 14, /14/20151.
Document Management CategoryTracking Information Company:Citrix Systems, Inc. Author(s):Adolfo Montoya Owner(s):Worldwide Support Readiness Last modified:2/20/2012.
Integration Broker at Cornell Kevin Leonard CIT/Integration and Delivery May 9, 2002.
Penn Groups PennGroups Central Authorization System June 2009.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
Intro to Grouper There’s nothing fishy about Identity Management with Grouper.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.
Grouper after Groups Enabling Net+ Services with PAP, PEP, and PDP...Oh My! October 3rd, 2012 Bill Thompson IAM Architect, Unicon Chris Hyzer Grouper Developer,
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
The I-Trust Federation: Federating the University of Illinois Keith Wessel Identity Management Service Manager University of Illinois at Urbana-Champaign.
Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327
Using Grouper and Signet for Access Management Kathryn Huxtable GPN Annual Meeting 30 May 2008
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
Identity and Access Management Roadmap Presentations for Committee on Technology and Architecture March 21, 2012 Amy Day, MBA Director of GME IAM Committee.
Grouper at Duke Klara Jelinkova, Duke University Shilen Patel, Duke University Internet 2 Fall Meeting San Diego 2007.
Identity and Access Management Siddharth Karnik. Identity Management -> Oracle Identity Management is a product set that allows enterprises to manage.
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Technical Coordinators Meeting Chris Bongaarts Steve Siirila March 9, 2005.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
Oracle HFM Implementation Boot Camp
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Technical Coordinators Meeting Chris Bongaarts September 10, 2008.
Duo UI Demo Christopher Bongaarts. CONTEXT/MOTIVATION Two-factor auth already in use –“M Key” – Safeword Silver tokens, Safeword PremierAccess software.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV
What’s new with Grouper 26-April-2010, Spring Member Meeting Chris Hyzer, Grouper developer.
Grouper attributes and privileges FUTURE features in Internet2 MACE Grouper June 2009 Chris Hyzer University of Pennsylvania Internet2.
Google Code Libraries Dima Ionut Daniel. Contents What is Google Code? LDAPBeans Object-ldap-mapping Ldap-ODM Bug4j jOOR Rapa jongo Conclusion Bibliography.
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.
IBM Software Group © 2008 IBM Corporation IBM Tivoli Provisioning Manager 7.1 Security Aspects of TPM 7.1.
Oracle Virtual Directory
What is the future of OFA?. Bryan Eckle FullNorth Technology Group Provide expert resources for Oracle Applications and Business Intelligence from scoping,
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Contents Software components All users in one location:
LIGO Identity and Access Management
An authorization service for Virtual Organizations (VO)
Identity and Access Management Services
ESA Single Sign On (SSO) and Federated Identity Management
Shibboleth for Non-Web-Based Applications: GridShib
Today Introducing IAMUCLA ISIS to Shibboleth Migration
Presentation transcript:

Grouper at the University of Minnesota Christopher A. Bongaarts Grouper Virtual Working Group May 20, 2013

In the beginning… Grouper in production August 2008 Driver: BPEL access management for Enterprise Financial System project –Using LDAP groups to represent roles –Wanted UI with delegated administration Similar desires for helpdesk access to user management interface

Timeline, continued Upgraded to in March 2010 Switched to UW LDAP source adaptor April 2010 Upgrade to planned for summer 2013

Applications using Grouper for access management BPEL workflows Helpdesk account management WorkFlowGen VPN groups Oracle Business Intelligence (OBIEE) Various departmental sites

Other uses Google Apps provisioning –Overrides for health care component Netfiles (Xythos WFS) central groups Identifying test directory users

Example group

Another example group

Deployment Architecture

Access methods Group management via web UI only –Requires two-factor authN (OTP fob) Client access –LDAP (expressed as group objects, isMemberOf) –Shibboleth (SAML isMemberOf attribute) Gets data from LDAP Attribute filters with stem regexes work slick

Directory provisioning Using Grouper Loader changelog API Locally written Java class sends updates to person registry database Person registry pushes updated group data to LDAP directory

Future directions Investigate using the PSP for LDAP provisioning Create local documentation Encourage more applications to use Grouper for access control

Contact Chris Bongaarts Identity Management University of Minnesota

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.