UTORGrouper is the authority for groups. Grouper simplifies group management by allowing you to delegate group management or visibility. Grouper enables you to manage your unit’s access groups centrally and have them flow to other services.

In addition to dependency issues, managing groups on a per-system or per-application basis carries a significant risk of lost access. Using Grouper to manage groups centrally, you can identify dependencies and avoid problems, keeping authorization flows simpler and more effective.

It’s important to understand that services and applications do not interact directly with UTORGrouper. You provide information to Grouper, which then pushes that information to the proper endpoints (such as LDAP), which is then read by the application.

To make a change in Grouper, you can either use your existing directory data via an SQL endpoint or make changes manually in the UI. When you make a change in Grouper, it updates the underlying database table for that group, and captures any provisioning changes in a changelog (which is a database table). Provisioners for UTORable LDAP, EAD and Azure consume this changelog, and update their respective endpoints.