Apereo Grouper Seminar Part 2 – Penn and Grouper Chris Hyzer University of Pennsylvania and Internet2.

Slides:



Advertisements
Similar presentations
Grouper Training End Users Lite UI – External Users
Advertisements

Recruitment Booster.
Grouper Training - Admin Loader - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?
Grouper Training End Users Lite UI – Permissions – Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
With TimeCard appointments are tagged with information that converts them into time sheets. This way users can report time and expenses from their Outlook.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
Create trial invitations Create purchase offers Create delegated admin requests Search for customers (by domain) Perform delegated admin tasks All previous.
User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.
Using PennGroups Chris Hyzer ISC/ASTT Sept 19, /17/2015ISC1.
Opening SharePoint to External Users.  Centralize all files  Eliminate the need for Matching Subs RFI’s to our RFI’s (Dan Campbell, ETC)  Create a.
Getting Started and Introduction. Free to Receive messages and files Free low use account or Professional account allow file sending Easy and completely.
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
MAE Atlassian Tool Suite Administration Training July 8 th, 2013.
Chris Hyzer University of Pennsylvania
Grouper Training End Users Admin UI – Part 5 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Kuali eDoclite and Grouper for access forms workflow at Penn 9-Nov-2010, Kuali Days Chris Hyzer, University of Pennsylvania developer.
Trimble Connected Community
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
Introduction to Grouper
IAM Online - Grouper Permissions Chris Hyzer University of Pennsylvania / Internet2 September 14, /14/20151.
Grouper Training - Admin - WS - Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Grouper Training - Admin - Client Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Access Management with Grouper Tom Barton University of Chicago.
Penn Groups PennGroups Central Authorization System June 2009.
RMsis – v Simplify Requirement Management for JIRA.
Grouper Training Developers and Architects Web Services - Part 5 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper after Groups Enabling Net+ Services with PAP, PEP, and PDP...Oh My! October 3rd, 2012 Bill Thompson IAM Architect, Unicon Chris Hyzer Grouper Developer,
What’s new with Grouper 10/5/9 Internet2 Fall Member Meeting Chris Hyzer, University of Pennsylvania.
Grouper Training Developers and Architects Client - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper Training - Admin Connectors Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Grouper Training Developers and Architects Client - Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.
Getting Started with REACH Delivery. Free to Receive messages and files Easy and completely free to install Comprehensive online help Free Support Forum.
Windows Role-Based Access Control Longhorn Update
Microsoft Management Seminar Series SMS 2003 Change Management.
Grouper Training Developers and Architects Integration Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
1 © Xchanging 2010 no part of this document may be circulated, quoted or reproduced without prior written approval of Xchanging. MOSS Training – UI customization.
Grouper Training Developers and Architects Client - Part 3 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper Training – Admin – Provisioning Service Provider (PSP) – Part 1 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
Grouper Multiple Deployments and Upgrading Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Apereo Grouper Seminar Part 3 – Hands on Grouper Chris Hyzer University of Pennsylvania and Internet2.
Grouper Training End Users Lite UI – Memberships – Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Grouper Training Developers and Architects How to Design Groups Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
The Claromentis Digital Workplace An Introduction
What’s new with Grouper 26-April-2010, Spring Member Meeting Chris Hyzer, Grouper developer.
RMsis – v now with JIRA 5.0 support Simplify Requirement Management for JIRA.
Grouper attributes and privileges FUTURE features in Internet2 MACE Grouper June 2009 Chris Hyzer University of Pennsylvania Internet2.
Grouper Training Admin Minor Upgrade Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training - Admin - Installer Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper Training Developers and Architects Web Services - Part 4 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Troubleshooting Workflow 8 Raymond Cruz, Software Support Engineer.
Document Module Features Streamlines the control, routing and revision process for critical documents and records Controls documents in any format (Excel,
Grouper Training Developers and Architects Web Services - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |
Grouper Training - Admin - WS - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365
Core LIMS Training: Project Management
Chris Hyzer, University of Pennsylvania
External users in Grouper example
Central Authorization System (Grouper) June 2009
Grouper Training End Users Lite UI – Permissions – Part 3
Grouper Training End Users Lite UI – Rules
Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.
Presentation transcript:

Apereo Grouper Seminar Part 2 – Penn and Grouper Chris Hyzer University of Pennsylvania and Internet2

Agenda New & improved in latest & upcoming releases Qualtrics Confluence Kuali Rice eDoclite workflow Loader and provisioning External users and Secure Space April

Roadmap – v2.2 3 April 2012 ReleaseItemDescription 2.2 New Grouper UI Provide new UI capabilities that better meet community needs. 2.2 Services in Grouper Tag objects in Grouper so that folders, groups, permissions can be associated with a "service“ to make it easier for users to perform tasks in Grouper. 2.2 Improved Grouper configuration Make Grouper more easily deployable and upgradeable across environments with cascaded config files and expression language in config file entries. On-goingGrouper Core Continue adding capabilities to meet requirements from the field. On-going Community contributions Solicit and publicize community contributions of extensions and complements to Grouper.community contributions

Roadmap – v2.2 4 April 2012 ReleaseItemDescription 2.2 Legacy attribute migration Migrate legacy attributes into the new attribute framework. 2.2 Unix GID management Built-in support for managing unix GIDs

Penn and Grouper Used Grouper centrally at Penn for 5 years 120k groups 2.7 million immediate memberships 10k permission assignments We use: UI, WS, GSH, loader, LDAP, client, external users, workflow with Kuali Rice edoclite, heavily delegated 5 April 2012

Penn Grouper project team ~20% technical person ~20% data analyst Small requirements from various other people: manager, sysadmins, ldap admins, etc Note: during upgrades time requirements increase, these are average times 6 April 2012

Example application: Qualtrics Cloud survey tool which is not licensed to everyone at Penn People in various schools or centers see a different branded site Loader manages affiliate groups Responsible parties can add ad hoc members Shib entitlements communicate rights to qualtrics cloud application on login 7 April 2012

Example application: Qualtrics (continued) 8 April 2012

Example application: custom app admin console Custom app framework does groups (pre-dated Grouper), though not centrally Integrated so groups could be linked externally to Grouper For admins (all powerful), it is required that users be in the admins group 9 April 2012

Example application: custom app admin console (continued) 10 April 2012

Example application: Confluence wiki Confluence (our version at least) can have external groups (hopefully ldap) We externalized users and groups so we have single signon, and ability to use Grouper features: Loader - Auto-deprovisioning Reuse groups in other apps Central report to see who has what Decentralized management 11 April 2012

Example application: Confluence wiki Note: we have a rule for auto-assigning privileges 12 April 2012

Grouper loader Daemon that periodically sync’ed external sources with Grouper Can work for groups or permissions (e.g. org chart) SQL or LDAP sources (note: PSP does LDAP too) Grouper admins can configure jobs based on attributes 13 April 2012

Grouper loader (continued) Can sync multiple groups from one query/filter (e.g. courses or orgs) Penn has 92 SQL Grouper Loader jobs Generally we run these daily, though some run a handful of times throughout the day 14 April 2012

Provisioning Grouper PSP can provision grouper data to LDAP or AD (other targets can be created) Grouper change log can send notifications to XMPP, ESB, etc (other targets can be created) Generally we aim for periodic full refresh, with near real time updates 15 April 2012

Auditing “User audit” will audit who does what Point-In-Time auditing will keep track of the history of the repository Who was in this group at a point in time (or time range) in the past Who are all the people who have been in this group What groups was this person in at a point in the past (or time range) 16 April 2012

Grouper Kuali Rice edoclite workflow 17 April 2012

In 2009 Penn wanted to convert paper access management forms to eForms 18 – 8/28/2015, © 2009 Internet2 Paper form screenshot

19 – 8/28/2015, © 2009 Internet2 Paper form screenshot (continued)

20 – 8/28/2015, © 2009 Internet2 Paper form screenshot (continued)

21 – 8/28/2015, © 2009 Internet2 Paper form screenshot (continued)

22 – 8/28/2015, © 2009 Internet2 Paper form screenshot (continued)

23 – 8/28/2015, © 2009 Internet2 Paper form existing list

Autofill personal information Common includes (privacy statement) Fill out form on behalf of someone else Org chart picker for data access Person picker from group (employee) Notification to requester when complete Report on form data Should require no Java to create forms 24 – 8/28/2015, © 2009 Internet2 Requirements

Route to members of Grouper group Route to selected group (pick school) Ability to return to previous route node Route to multiple groups at once Conditional routing Dynamic routing to someone entered on form 25 – 8/28/2015, © 2009 Internet2 Routing requirements

Submitters can see current and past forms Approvers can see current and past forms Certain people can edit certain forms 26 – 8/28/2015, © 2009 Internet2 Security requirements

27 – 8/28/2015, © 2009 Internet2 Kuali Rice overridable services Rice request grouperRice.jar Kuali DB Rice server Grouper Registry Grouper WS server Grouper.client.properties grouperClient.jar

28 – 8/28/2015, © 2009 Internet2 eForms workflow with Grouper Initiator fills out form Grouper Registry Kuali DB Get members to route to and s Grouper WS Routes to approver group Routes to approver groupN Final Add a member to a Grouper group/role and/or assign permissions On login to Rice, get subject details Archive the document data, and workflow history One in group approves Grouper UI Person / org pickers 2

29 – 8/28/2015, © 2009 Internet2 Salary management eForm

30 – 8/28/2015, © 2009 Internet2 Salary management eForm (continued)

31 – 8/28/2015, © 2009 Internet2 Salary management eForm (continued)

32 – 8/28/2015, © 2009 Internet2 eForms demo workflow Initiator fills out form If on behalf of someone else, they need to approve it, unless it is a ‘remove access’ 1 4 Supervisor (person picker) 2 On behalf of remove? 3 No Yes Grouper group selected from available schools Note: supervisor cannot be the same as ‘On behalf of’ School adminHRPayroll HR and payroll could approve in parallel in future 8 Operations Grant access that isn’t automatically provisioned Change KEW initiator to ‘on behalf of’ user 7 Data admin Assert that form is valid 9 Data admin Assert that privileges were granted correctly Final Send to ‘on behalf of’ user

33 – 8/28/2015, © 2009 Internet2 Grouper Rice demo Demo movie

34 – 8/28/2015, © 2009 Internet2 Grouper Rice group provisioning Grouper can provision groups and permissions when forms are complete, but generally Penn does not use it that way

Grouper and external users 35 April 2012

Penn’s Secure Space Penn launched Secure Space in Fall 2010 Initially it was for PennKey holders only 2011 we enabled external users 2013 we will retire this service in favor of Box.net

Penn’s Secure Space (continued) Secure Space is built on Grouper with three groups per space: admins, users, readonly When logging in, the grouper client / WS is used to cache the list of groups for user On create/delete space, GC/WS is used to create/delete groups Group memberships are managed via the membership lite UI screen

Penn’s Secure Space (continued) Penn’s Grouper has rules to only allow external users in certain SS folders Penn’s Grouper external users must be invited to be able to register SecureSpace uses InCommon EPPN is required for external users External users self-register their name, , institution

Penn’s Secure Space (continued) Penn installed Shibboleth Discovery Service (DS/WAYF), customized: Pennify Support channel Make it easy for Penn users Recommend ProtectNetwork for users who don’t have an InCommon account which releases EPPN

Penn’s Secure Space (continued) Grouper shows external users with different icon, and description: [unverifiedInfo] First Last - institution [externalUserId] External users do not show in results for groups which do not allow external users Demo

41 April 2012 Thanks! Further information: Infosheets, mail lists, wiki, downloads, etc: Grouper demo server:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.