Versions Compared

Old Version 19

changes.mady.by.user user-c1a6f

Saved on

compared with

New Version 20

changes.mady.by.user user-c1a6f

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
spaceKeyGrouper
pageTitleNavigation

UCLA Grouper Deployment

Note
titleUpdate Underway

UCLA is in the middle of updating contents on this page. While everything posted is accurate, it is still missing substantial content. Please pardon our dust.

Table of Contents
maxlevel3
minlevel3

Overview

UCLA's enterprise identity management program (IAMUCLA) deploys Grouper as a strategic component of its role and access management solution. Grouper is at the center of all group-like (role, access control list, service eligibility, distribution list) management activities on the IAMUCLA roadmap.

We are actively working with campus data stewards to identify/define institutional roles (types of students, types of employees, types of visitors/guests, etc.) in order to source and automate book-of-record group/role provisioning. At the same time, as opportunity arise, we work with service providers to enable streamlined, flexible, and automated role-based access for current and future applications.

As of October 2014, UCLA's MyUCLA student portal, which consists of multiple applications, is using Grouper-managed groups to perform all of its access control.

IAMUCLA now manages/asserts eduPersonEntitlement values by mapping entitlement values to Grouper-managed service eligibility groups. The service eligibility groups, in turn, maps to a mix of institutional groups and service-specific, locally managed groups.

...

BruinCard is UCLA's employee and student photo ID card. It is a physical door access token, a debit card, and is used for meals and access to events on campus. UCLA is in the process of replacing the BruinCard application (moving from an old Blackboard software to Blackboard Transact). While migrating, we are integrating BruinCard systems with Grouper, using Grouper to manage/automate door access provisioning and de-provisioning.

...

Shibboleth Multi-Factor Authentication Management

Type: Organizational Role Management Service Eligibility Declaration / Group Membership Management

 Anderson School is UCLA's Management School. Today, Anderson School has over 50 applications, many with their own group management schemes and access control lists. Anderson School is using Grouper to consolidate all of its school group and role managements.

Service Entitlement Attribute Management

...