Integrate with Grouper
IT Administrators can follow these instructions to integrate their service with Grouper.
Step 1: Define Community Populations
Community populations are managed by Identity Services. Integrating these populations with your service allows you to take advantage of existing information about how individuals interact with the university (as a student, employee, etc.) to automatically manage group permissions. Community populations:
- allow groups to be created once, and then used as often as necessary, to streamline processes
- ensure that groups remain up to date when individuals change roles or organizations within the university
You can define community populations based on any number of attributes.
|Affiliation||Faculty, Students, Staff, Alumni, Sponsored|
|Student Class Level||Undergraduate, graduate or freshman, sophomore|
|School College Name||Tepper School of Business, College of Fine Arts, Heinz College|
For questions on any other community types of interest (by department, location, etc.) please send a request into Identity Services.
Step 2: Complete the Integration Request Form
Step 3: Leverage Application Integration
Integrate with Web Login
You can protect your service or application with Web Login, and have group information authenticated through our single sign-on service. Visit Install & Configure SSO with Web Login for detailed instructions.
Integrate with LDAP
You can use LDAP (Lightweight Directory Access Protocol) to query group information stored in Carnegie Mellon's Directory Service.
Two options are available:
- LDAP 389 Directory Server (Red Hat/Linux) - Use the following information to submit a query:
Server name/hostname ldaps://ldap.cmu.edu Group Location ou=Groups,dc=cmu,dc=edu or isMemberOf attribute
- LDAP Active Directory (Microsoft) - Use the following information to submit a query:
Active Directory andrew.ad.cmu.edu Group Location
Contact Identity Services to request access to these directories.
Integrate with API
You can obtain read/write group membership using the Grouper Web API. Contact Identity Services for assistance.
Step 4: Provide Access to Grouper
Based on the information in the Group Management Integration request form, Identity Services will provision a managed folder with administrative privileges based on your integration needs. You will receive an email when your Grouper integration is complete and your folder is ready.
After you receive the email:
- Notify the Group Manager that Grouper integration is complete, and work with the Group Manager to validate or update defined roles that require Grouper access to your folder. Roles should have been defined as part of the planning process prior to Grouper integration. Visit Before you Begin for more information.
- Use Grouper to add the Group Manager (and/or delegated Group Managers) as a member of the appropriate group with appropriate privileges. Follow the Name a Folder or Group guidelines. In most cases, the Group Manager is added to an Administrator group with Administrative privileges.
- Share the How to Use Grouper instructions with the Group Manager(s) to help them manage subfolders, groups, member and privileges.