Carnegie Mellon University
Office of the CIO  ›  Computing Services  ›  Services  ›  Security Services  ›  Identity and Access Management  ›  Group Management  ›  How to Use Grouper  ›  Integrate with Grouper

Integrate with Grouper

IT Administrators should follow these instructions to integrate a service with Grouper.

Integrating community populations with your service allows you to take advantage of existing information about how individuals interact with the university (as a student, staff, etc.) to automatically manage group permissions. Integrations:

  • allow groups to be created once, and then used as often as necessary, to streamline processes

  • ensure that groups remain up to date when individuals change roles or organizations within the university

You can define community populations based on any number of attributes.   

Defined by

Examples

Affiliation

Faculty, students, staff, alumni, and sponsored

Student Class Level

Undergraduate, graduate or freshman, sophomore

School College Name

Tepper School of Business, College of Fine Arts, Heinz College

 

Please complete the Group Management Integration request form to integrate your service with Grouper.

Integrate with CMU Web Login

You can protect your service or application with Web Login and have group information authenticated through our single sign-on service. Visit Install & Configure SSO with Web Login for detailed instructions.

Integrate with LDAP

You can use LDAP (Lightweight Directory Access Protocol) to query group information stored in Carnegie Mellon University's Directory Service

Two options are available:

  1. LDAP 389 Directory Server (Red Hat/Linux)
    Use the following information to submit a query: 
    Server name/hostname ldaps://ldap.cmu.edu
    Group Location ou=Groups,dc=cmu,dc=edu or isMemberOf attribute
  1. LDAP Active Directory (Microsoft)
    Use the following information to submit a query:
    Active Directory andrew.ad.cmu.edu
    Group Location

    OU=Apps,OU=AndrewGroups,DC=andrew,DC=ad,DC=cmu,DC=edu

Please contact the Computing Services Help Center at it-help@cmu.edu or 412-268-4357 (HELP) if you have questions or need assistance.

Integrate with API

You can obtain read/write group membership using the Grouper web API. 

Please contact the Computing Services Help Center at it-help@cmu.edu or 412-268-4357 (HELP) if you have questions or need assistance.

Based on the information in the Group Management Integration request form, Identity Services will provision a managed folder with administrative privileges based on your integration needs.  You will receive an email when your Grouper integration is complete and your folder is ready.

After you receive the email:

  • Notify the Group Manager that Grouper integration is complete, and work with the Group Manager to validate or update defined roles that require Grouper access to your folder. Roles should have been defined as part of the planning process prior to Grouper integration. Visit Before you Begin for more information.  
  • Use Grouper to add the Group Manager (and/or delegated Group Managers) as a member of the appropriate group with appropriate privileges.  Follow the Name a Folder or Group guidelines. In most cases, the Group Manager is added to an Administrator group with Administrative privileges.
  • Share the How to Use Grouper instructions with the Group Manager(s) to help them manage subfolders, groups, members, and privileges. 

Resources