If your deployment only requires administrator access to the Grouper UI then using basic auth for the 'GrouperSystem' account may be sufficient.
If, however, you expect COmanage Registry users to also access the Grouper UI then you may wish to configure your SSO system, such as SAML/Shibboleth, so that users access the Grouper UI using SSO. Having users access the Grouper UI with SSO requires that the identifier provided by the SSO system to the Grouper UI match a login identifier for a subject or user known to Grouper. Specifically the identifier that the SSO system provides to the Grouper UI should match the identifier you configured in the Grouper Provisioner in the "Grouper subject UI login identifier" drop down menu.
Before making configuration changes to your SSO system for the Grouper UI, we recommend you first configure Grouper to enable a "wheel" group (subjects in the wheel group will be able to access Grouper as if they were the GrouperSystem user) and add at least one administrator user (often the CO administrator) to the wheel group.