You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »


Wiki Home

Grouper Release Announcements

Grouper Guides

Grouper Deployment Guide

Community Contributions

Internal Developer Resources

Update Underway

UCLA is in the middle of updating contents on this page. While everything posted is accurate, it is still missing substantial content. Please pardon our dust.

Overview

UCLA's enterprise identity management program (IAMUCLA) deploys Grouper as a strategic component of its role and access management solution. Grouper is at the center of all group-like (role, access control list, service eligibility, distribution list) management activities on the IAMUCLA roadmap.

We are actively working with campus data stewards to identify/define institutional roles (types of students, types of employees, types of visitors/guests, etc.) in order to source and automate book-of-record group/role provisioning. At the same time, as opportunity arise, we work with service providers to enable streamlined, flexible, and automated role-based access for current and future applications.

As of October 2014, UCLA's MyUCLA student portal, which consists of multiple applications, is using Grouper-managed groups to perform all of its access control.

IAMUCLA now manages/asserts eduPersonEntitlement values by mapping entitlement values to Grouper-managed service eligibility groups. The service eligibility groups, in turn, maps to a mix of institutional groups and service-specific, locally managed groups.

Use Cases

IAMUCLA Deployment

Student Portal (MyUCLA) Role-Based Access

Type: Application Role-Based Access Control

Campus ID Card / Door Access Management (BruinCard)

Type: ACL-Based Access Control

Anderson School Role Management

Type: Organizational Role Management

Service Entitlement Attribute Management

Type: Service Eligibility Declaration/Management

Box Group Management

Type: Group Membership Management

Application-Specific Deployment

Faculty Information System (Opus)

Separate from the Enterprise IAM deployment, UCLA's Faculty Information System Project (Opus) has adopted Grouper as an application-specific, academic hierarchy driven, role-based access management solution.

Opus intends to operate a separate Grouper instance from the enterprise instance at its initial launch. Plans to migrate/converge with the enterprise instance is TBD.

Architecture and Design

Presentations

  • No labels