The access control models described in this guide all assume some mechanism to communicate Grouper group and membership changes to target services or an intermediary like an LDAP based enterprise directory service. Provisioning may be set up to keep various groups in sync with target systems, translate a group membership to an eduPersonEntitlement value, or create and keep remote identity records up to date.
Grouper provisioning mechanisms broadly fall into several categories:
Group and membership changes are provisioned to target services with two main strategies:
It is best to do both full and incremental provisioning if possible. The full and incremental sync should not run at the same time (they should wait until the other is done).
Whether you use one or the other, or both models, largely depends on your specific situation and provisioning targets.
Previous: Access Control Models