Overview

Grouper maintains a repository of groups of people.  It offers automatic groups which are regularly updated from official sources such as Banner, PeopleSoft, RCUH, SECE and UHIMS. There are also custom groups which anyone can create.  Custom groups can have ad hoc members, can reference other groups (automatic or custom), or it can be any combination of these.  Even automatic groups can be a combination of other automatic groups.   Applications can use Grouper to manage authorizations or any other feature that would benefit from managing groups of people.

Production URL: https://grouper.hawaii.edu/

Automatic groups include students, faculty and staff, collectively and also per campus.  As people change status, their group memberships will change accordingly.  Applications that reference these groups will always have accurate information since UHIMS has connections to Banner, PeopleSoft HR, etc.  Some applications will benefit from referencing the automatic groups for role-based-access-control (RBAC).  If a person is not in the group, access can be denied or restricted.  Automatic groups organized by EAC are also available.   More recently, groups organized by academic program and course registration have also been added.  Refer to the UH Group Store to see what is available.

Features and Benefits:

• Grouper provides foundational functionality:
  
  • Define your group once and use it to:
  1. 1. Create and manage the group of people who are allowed to access your application or system.
     2. Integrate Grouper with your application so that membership in your group equates to authorization.
  • Take advantage of the depth and breadth of our automatically populated groups.
• It is highly recommended that you use UH Groupings to take advantage of additional group functionality:
  • Most groups are made up of a combination of a well-defined population plus some exceptions for inclusion and/or exclusion. UH Groupings models this behavior and makes it easy to use.
  • Use UH Grouping's LISTSERV release feature so that your group can be used for access control with CAS.
  • Use UH Grouping's LISTSERV sync feature so that your group is automatically synchronized with a LISTSERV mailing list
  • Use UH Grouping's term transition feature to automatically change the group membership when semesters change.
  • Use the UH Grouping's lifecycle feature so that you receive email when a person in your group leaves or changes position, for example, if authorizations need to be revoked.
    
    • It is very easy to grant access to someone, but it is even easier to forget to remove such access when the person is no longer authorized. UH Groupings can provide that reminder when someone in the group has left or changed positions
    • If an email notification is not appropriate (e.g. need real-time message for automatic deprovisioning), use the UH Message Broker instead. The underlying events that cause a person to enter or leave a group are available as a message.

Getting Started with Grouper

• You can use the Grouper API to talk to Grouper.
• If you use UH Groupings (recommended), you should follow these guidelines:
  • UH Groupings Developer Documentation

About the Data in Grouper

• Grouper Data
• UH Group Store

References

• May 2011 ITS IAM presentation to the UH Developer community <powerpoint>
• The Grouper Groups Management toolkit is an open source software solution provided by Internet2.  For more information:
  • http://www.internet2.edu/grouper/
  • https://spaces.internet2.edu/display/Grouper/Grouper+Web+Services
  • Glossary
  • Tom Barton's Presentation
  • Web Services
    • Samples
• How do we compare to other institutions?
  •  https://spaces.internet2.edu/display/Grouper/Statistics+from+the+Community