A Division of Information Services
Identity Management Services
Grouper Group Management Service
Identity Management Services provides a Grouper instance for
managing groups of people. Access is provided via a web interface
at
https://www.aims.ku.edu/grouper.
Users must be authorized to use Grouper by Identity Management
Services. A stem will be created in the Grouper database mirroring
the user's place in the University's administrative structure.
Provisioning Grouper base groups
Identity management provisions groups in the ku:base stem
on a nightly basis from data in our LDAP directory. These groups can
be used to construct more complex groups using "group math", which
is essentially set operations, e.g. union, intersection, and
complement.
The base groups are created as needed for more complex groups and
consist of such things as "all students", "all freshmen", "all
english majors", "all unclassified professional staff", "all english
department employee", etc. If a new base group is needed, contact
Identity Management.
Provisioning external groups
To provision an entitlement or a distribution list using Grouper you
must arrange with Identity Management to have a group created in the
ku:is:it:idms:provision stem. This group will contain
information telling our software how to provision the entitlement or
distribution list from this group.
The provisioning group will usually have only one member: another
group. This other group will be managed by the owner of the external
group being provisioned. This separates the management of the group
membership from the linkage to external provisioning and allows
Identity Management Services to manage the namespaces of the
entitlements, distribution lists, etc., which is in the
charge of Identity Mangaement Services.
To provision LDAP groups, all you need to do is check the
ldapGroup box when creating the group. See the
documentation below for more information, because there are
currently some "gotchas".
Copyright
© 2005 by the University of Kansas