Integrate with Grouper
IT Administrators should follow these instructions to integrate a service with Grouper.
Step 1: Define Community Populations
Integrating community populations with your service allows you to take advantage of existing information about how individuals interact with the university (as a student, staff, etc.) to automatically manage group permissions. Integrations:
-
allow groups to be created once, and then used as often as necessary, to streamline processes
-
ensure that groups remain up to date when individuals change roles or organizations within the university
You can define community populations based on any number of attributes.
Defined by |
Examples |
Affiliation |
Faculty, students, staff, alumni, and sponsored |
Student Class Level |
Undergraduate, graduate or freshman, sophomore |
School College Name |
Tepper School of Business, College of Fine Arts, Heinz College |
Step 2: Complete the Integration Request Form
Please complete the Group Management Integration request form to integrate your service with Grouper.
Step 3: Leverage Application Integration
Integrate with CMU Web Login
You can protect your service or application with Web Login and have group information authenticated through our single sign-on service. Visit Install & Configure SSO with Web Login for detailed instructions.
Integrate with LDAP
You can use LDAP (Lightweight Directory Access Protocol) to query group information stored in Carnegie Mellon University's Directory Service.
Two options are available:
- LDAP 389 Directory Server (Red Hat/Linux)
Use the following information to submit a query:
Server name/hostname ldaps://ldap.cmu.edu Group Location ou=Groups,dc=cmu,dc=edu or isMemberOf attribute
- LDAP Active Directory (Microsoft)
Use the following information to submit a query:Active Directory andrew.ad.cmu.edu Group Location OU=Apps,OU=AndrewGroups,DC=andrew,DC=ad,DC=cmu,DC=edu
Please contact the Computing Services Help Center at it-help@cmu.edu or 412-268-4357 (HELP) if you have questions or need assistance.
Integrate with API
You can obtain read/write group membership using the Grouper web API.
Please contact the Computing Services Help Center at it-help@cmu.edu or 412-268-4357 (HELP) if you have questions or need assistance.
Step 4: Provide Access to Grouper
Based on the information in the Group Management Integration request form, Identity Services will provision a managed folder with administrative privileges based on your integration needs. You will receive an email when your Grouper integration is complete and your folder is ready.
After you receive the email:
- Notify the Group Manager that Grouper integration is complete, and work with the Group Manager to validate or update defined roles that require Grouper access to your folder. Roles should have been defined as part of the planning process prior to Grouper integration. Visit Before you Begin for more information.
- Use Grouper to add the Group Manager (and/or delegated Group Managers) as a member of the appropriate group with appropriate privileges. Follow the Name a Folder or Group guidelines. In most cases, the Group Manager is added to an Administrator group with Administrative privileges.
- Share the How to Use Grouper instructions with the Group Manager(s) to help them manage subfolders, groups, members, and privileges.