For Grouper v2.6+. 

Provisioning configuration is set up in the Grouper UI with helpful documentation, wizard-like interfaces, descriptive validations, and diagnostic tests.

Example assigning provisionable

Assign provisioning actions on a folder:

See that groups in the folder will be provisioned

UI actions

  • Edit LDAP configs (grouper loader properties)
  • Enable a provisioning target type (grouper loader properties)
  • Enable a provisioning target
  • Disable/Enable a provisioning target for folder or group
  • See grouper loader logs for change log consumers
  • Manage change log bookmark for change log listeners
  • Trigger a full sync (send message), look at provisioningLastFullMillisSince1970 until complete
  • Reporting can do a report of a full sync


  • In provisioning configuration you identify readers, assigners, and (soon) admins.  Users also need READ on a group to view/assign/admin provisionable


Use the "More actions" button to access Provisioning

List of assigned targets for a folder

Assigning a target to a folder

Attribute definitions

DefinitionAssigned ToPurposeValueCardinality


folder, groupidentify a group typemarkerMulti assign


folder assignment, group assignmentname/value pairsstringSingle assign, single valued

Attribute names





provisioningValueDefRelated to a config in which links this provisioner to entend the class GrouperProvisionerBase


provisioningValueDefif this is directly assigned or inherited


provisioningValueDefif this is not a direct assignment, then this is the stem id where it is inherited from


provisioningValueDefIf folder provisioning applies to only this folder or this folder and subfolders. one|sub


provisioningValueDefIf you should provisioning (default to true)


provisioningValueDefMillis since 1970 that this was last full provisioned


provisioningValueDefMillis since 1970 that this was last incremental provisioned. Even if the incremental did not change the target


provisioningValueDefSummary of last full run


provisioningValueDefSummary of last incremental run

  • No labels


  1. It would be great if attributesNames could supply a "search" (to use a list of Grouper objects: groups, attribute names from another attribute definition, a grouper config property set of values, others?) to provide the user a fixed list of values that can be used for that attributeName.

      Which would be very specifically useful for the provisioningTarget, provisioningDirectAssign, provisioningStemScope,  attribute names above. ( And I would think for a whole host of attribute names.)

  2. "By default you have to be grouper admin to do provisioning"  What do you specifically mean by that?

     Maybe this access control? " ..." Something else?

    Maybe it could be driven by the ability to see Grouper objects that feed provisioningTarget ? That way each provisioner could be managed by different groups ( after being established by the Grouper System owners/operators.