Grouper Administration Guides


  Grouper documentation requests and suggestions

Grouper Video Training

Grouper Deployment Guide

Release Information

Installation & Configuration

Architectural and High Level Diagrams 
Planning Guide 
Components Overview - lists components (including connectors) in Grouper and provides links to more info.
Product Specifications - "Specsheet" for Grouper
Grouper Installer - Installs the Grouper API, quickstart data, UI, WS, and client; also used to do upgrading and patching
API Installation - Configure the API and integrate with existing identity stores.
Configuration Files and Overlays - Configuration approaches including using cascaded configuration files.
WS Installation - Build, secure, and deploy Grouper Web Services.
Initializing Administration of Privileges (the wheel group) - The first stem and group you should create.
Group and folder design ideas - Examples of how institutions have organized and delegated their folders and groups
Externalize and Encrypt Grouper LDAP and Database Passwords
Getting Ready for Production with Grouper - steps to think about after Grouper installation
InCommon Trusted Access Platform Grouper Docker Documentation - step by step instructions on how to bring up Grouper in a Docker Swarm environment
Authentication to the Grouper UI - examples using Shibboleth or CAS
Authentication to the UI and Web Services in 2.5+

User Interfaces

Grouper new UI - Allows navigating the tree structure, managing groups, managing favorites and more.
Grouper Custom UIHelps end users and administrators view and troubleshoot access
Grouper UI Templates - Allows Grouper users to accomplish multiple tasks at once and save time and be more consistent
Grouper Visualization - API to see the relationships between Grouper objects
Grouper Visualization UI - Using the Visualization UI to build and display graphs

Grouper LITE UIs - OLD - Information on Grouper LITE UIs (used from v2.0 to v2.3 for Attribute Framework and External Subjects)
Customizing the Administrative UI - OLD and OUTDATED APPROACH - applies only to Grouper versions prior to Grouper 2.2

On-Going Administration

GrouperShell -  The gsh command line utility.
Grouper Daemon -  Background processing including: GrouperLoader, notifications and membership expiry.
Grouper Client - Client for Grouper LDAP and Web Services.
Move and Copy - How to move or copy groups or folders/stems.
Web Services  - Exposing common Grouper business logic through SOAP and REST
Always Available Web Services and Client -  Web services that do not have a single point of failure.
Attribute Framework -  A framework for assigning metadata to Grouper objects.
Grouper Reporting - Flexible reporting capability
Grouper subject filter and attribute decorator - Restrict access to Subject attributes.
Grouper local entities - Manage access within Grouper for Subjects not managed in a Subject Source.
User Audit Log - How to review who made what changes and when.
Point in Time Auditing - Query the state of Grouper in the past.
Organizing Services In Grouper - Allows filtering of the registry by a service.
XML Import/Export Tool - Documentation for the XML Import/Export tool.
Grouper Diagnostics - Gives the health of Grouper
Grouper overall summary administrative report - daily email report of status of Grouper 
Grouper Security Issues and Patches 

Ongoing Administration Tasks - Suggestions for ongoing Grouper administration tasks, including pruning the logs and registry, performing monitoring, and setting up notifications.

Custom Group Types & Fields - (Deprecated as of Grouper 2.2)

Access Management

Access Management Features Overview - An overview of when to use rules, roles, limits, and other access management features
Role and permission management - Allowing external applications to centrally manage roles and permissions in Grouper
Permission Limits - Setting up runtime constraints on permissions
Enabled and disabled (Start/End) dates - Setting up memberships to apply only in the future, or for a certain period of time
Rules - Attach actions on certain events to trigger certain results
Attribute based access control (ABAC) with scripted groups - Using scripted groups to increase efficiency in implementing access policy 
Deprovisioning - Remove access when someone leaves
Attestation - Get reminders to review groups periodically
Grouper Automatically Managed Recent Memberships - grace periods

Provisioning and Integration

Provisioning Framework - Grouper v4 and above

Integration Overview  - Considerations for integrating Grouper with an application

Provisioning Service Provider Next Generation -  Grouper 2.3 through Grouper 2.5

Provisioning Service Provider  - Handles provisioning in Grouper  2.1 through Grouper 2.5 (replaced Ldappc and Ldappc-ng)

Grouper Messaging - allows messages to be sent and received from a messaging system 
Grouper Loader - Automatically manage Grouper memberships based on a data source
Subject API - Used to integrate a java application with a site's existing Identity Management operations
Notification (Change Log)  - Grouper can incrementally integrate with or provision external systems.
Hooks - Create connections from the Grouper API to your custom code
External Subjects - Managing external subjects.
Sync Grouper with another Grouper - Allows two group management systems to share a group.
Integer ID's on Grouper Objects - These integers can be used, for instance, as UNIX GIDs.
Shibboleth Integration (Grouper 2.1 and above) - Grouper as a Data Connector Extension for Shibboleth (newer architecture)
Shibboleth Integration (Prior to Grouper 2.1) - Grouper as a Data Connector Extension for Shibboleth.
Exposing Groups Through Shibboleth 
ESB Connector - Integrating Grouper with an event-driven ESB architecture.
Notifications - Java interface for handling Grouper events
XMPP Notifications - Handling XMPP Notifications
Grouper integration with uPortal -  Grouper uPortal integration.
Grouper integration with SCIM - SCIM stands for System for Cross-domain Identity Management (this integration is available in Grouper 2.2 and above).
Grouper Atlassian Connector - Allows you to manage Atlassian (Jira, Confluence) groups and person information.
Grouper VOOT Connector - Implements the VOOT specification for cross-domain read access to groups.
SQL Integration - Accessing Grouper data from SQL
Grouper Remedy Integrationintegration with Remedy (SaaS) and Digital Marketplace
Grouper Azure Provisioner -  synchronizes Grouper groups and users to Microsoft Azure Active Directory/Office 365
Using SQL to do things in Grouper


Glossary, Roadmap and Other

Glossary - Important Definitions

Grouper Provisioning Glossary 

Community Contributions (read about other Grouper deployments and share your own)

Grouper Online Training Videos

Getting Started with Grouper Book (not complete, from 2014)

Grouper Roadmap


  • No labels