Download presentation
Presentation is loading. Please wait.
Published byAmando Riccardi Modified over 5 years ago
1
PDI: Intro to Grouper Jeff Ruch Jeff Ruch ACNS Middleware
We are really new to grouper – playing around with it for only a few months Still working on policies
2
Table of Contents Grouper Overview Grouper UI CSU Implementation
UI – Live demo CSU Implementation – source data
3
What is Grouper? Enterprise Access Management
Designed for the highly distributed management environment Open Source (java based) Created by Internet2 Funding from National Science Foundation (NSF) Grant No. OCI , OCI , and OCI , Joint Information Systems Committee (JISC), University of Chicago, University of Pennsylvania, Duke University, University of Washington, University of Memphis, University of Bristol (UK) Established v.5 in 2004 Authentication vs Authorization Leverages system of record (HR, Student)
4
Why Use Grouper? Lower cost & time to deliver new services
Simplify management by using the same group or role in many places Empower the right people to manage access, taking central IT out of the loop Increase transparency and auditability - see who can access what with a report rather than a fire drill - you don’t have to build access management on new systems. - make things more consistent by reusing same groups. - people closer to the app/service should control the access, rather than IT. – more information - doesn’t have to wait for IT to make a change, business owners have control
5
What can Grouper Control?
Grouper integrates with almost any existing access management infrastructure
6
Core Capabilities Folders are often called stems.
Folders contain groups and other folders. Indirect members also call effective members. Composite groups often called group math Intersection, Sum of two groups (union), Difference of two groups Permissions (this is really delegation) Folder – create group, create subfolder Group – admin, update membership, read membership, view group, opt-in, opt-out (take themselves in our out of group membership)
7
Additional Capabilities
Attributes Roles Permissions Management Lifecycle attribute is a specification that defines a property of an object, like a manager A role attribute that describes a position within a company, a purchase manager f Attributes are objects like groups and folders. Can create them in folders. Attributes can be assigned to groups, folders, memberships, Role is a group with a permission assigned Permission which subject can perform which actions, on which resources. Role inheritance, subgroup to group Life cycle – start/end times for membership, rules, audits
8
Grouper Components Outside - Connects into things the organization is already running Inside (green) java application, runtime Multiple ways to integrate. CSU has focused on web services -
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.