| Include Page | ||||
|---|---|---|---|---|
|
---Update on this service - November 2017
Carnegie Mellon have been extensively using Grouper and the Grouper Active-MQ Provisioner (GAP) framework for over 4 years now. This GAP infrastructure is our ‘central hub’ for distributing Grouper group change messages, via Apache ActiveMQ, to our central provisioning services. Our provisioning systems consist primarily of the GAP provisioners (custom code) and Oracle Identity Manager (OIM). This GAP infrastructure allows us to provision downstream resources, driven by institutional data through Grouper, in near real-time.
See below diagram for how an on-boarding staff member at Carnegie Mellon flows through our IAM infrastructure, and is provisioned resources thanks to Grouper and the GAP framework.
We've also found that application owners across campus, are able to leverage our ActiveMQ infrastructure, for provisioning/deprovisioning accounts into their own applications (hosted or in the cloud). For example, an application owner can come to us with the need to provision new staff into their on-premise (or cloud) application. We can provide them with sample ActiveMQ consumer code (which they can then adopt and host themselves) which will allows them to pick up on Grouper group change log messages and subsequently call the provisioning API for their application. This type of pattern has worked successfully for us, for services including Canvas and Slack.
Any questions/comments on the above, please drop me a line: Garrett King garrettk@cmu.edu
---
Grouper 2.1.4 was successfully deployed at Carnegie Mellon University in January 2013. Below is an architecture diagram that shows how we use Grouper in our Identity Management infrastructure.
...