Carnegie Mellon University

Integrate with Grouper

IT Administrators can follow these instructions to integrate their service with Grouper.

Community populations are managed by Identity Services. Integrating these populations with your service allows you to take advantage of existing information about how individuals interact with the university (as a student, employee, etc.) to automatically manage group permissions.  Community populations:

  • allow groups to be created once, and then used as often as necessary, to streamline processes
  • ensure that groups remain up to date when individuals change roles or organizations within the university

You can define community populations based on any number of attributes.   

Defined by Examples
Affiliation Faculty, Students, Staff, Alumni, Sponsored
Student Class Level Undergraduate, graduate or freshman, sophomore
School College Name Tepper School of Business, College of Fine Arts, Heinz College

For questions on any other community types of interest (by department, location, etc.) please send a request into Identity Services.

Please complete the Group Management Integration request form in order to integrate your service with Grouper.

Integrate with Web Login

You can protect your service or application with Web Login, and have group information authenticated through our single sign-on service. Visit Install & Configure SSO with Web Login for detailed instructions.

Integrate with LDAP

You can use LDAP (Lightweight Directory Access Protocol) to query group information stored in Carnegie Mellon's Directory Service

Two options are available:

  1. LDAP 389 Directory Server (Red Hat/Linux) - Use the following information to submit a query: 
    Server name/hostname ldaps://ldap.cmu.edu
    Group Location ou=Groups,dc=cmu,dc=edu or isMemberOf attribute
  1. LDAP Active Directory (Microsoft) - Use the following information to submit a query:
    Active Directory andrew.ad.cmu.edu
    Group Location

    OU=Apps,OU=AndrewGroups,DC=andrew,DC=ad,DC=cmu,DC=edu

Contact Identity Services to request access to these directories. 

Integrate with API

You can obtain read/write group membership using the Grouper Web API. Contact Identity Services for assistance. 

Based on the information in the Group Management Integration request form, Identity Services will provision a managed folder with administrative privileges based on your integration needs.  You will receive an email when your Grouper integration is complete and your folder is ready.

After you receive the email:

  • Notify the Group Manager that Grouper integration is complete, and work with the Group Manager to validate or update defined roles that require Grouper access to your folder. Roles should have been defined as part of the planning process prior to Grouper integration. Visit Before you Begin  for more information.  
  • Use Grouper to add the Group Manager (and/or delegated Group Managers) as a member of the appropriate group with appropriate privileges.  Follow the Name a Folder or Group  guidelines. In most cases, the Group Manager is added to an Administrator group with Administrative privileges.
  • Share the How to Use Grouper instructions with the Group Manager(s) to help them manage subfolders, groups, member and privileges.