Usage guide
Topics on this page:
Access UTORGrouper
Use your UTORid to log into UTORGrouper. From the UTORGrouper portal, you can view and edit groups you manage.
Note: To access UTORGrouper, you must be connected to the U of T network or UTORvpn.
Get access to a service via UTORGrouper
To gain access to an application using UTORGrouper, ask an administrator of the relevant service. Access management is the responsibility of application-level admins. Information Security does not manage group membership.
Some common access request instructions are listed in the table below. If the service you need is not listed, contact that service’s administrators.
| Application | Instructions |
|---|---|
| SharePoint | To set up a departmental SharePoint instance, contact the EASI Sharepoint team. SharePoint administrators will ensure the appropriate Azure groups are connected, using existing groups or creating new ones as needed. |
| Shared mailboxes | To create a shared mailbox, see Create a shared mailbox in ESC. For shared-mailbox support related to group management, contact Information Commons. |
| Power BI | Request access to Power BI using the PowerBI onboarding form in ESC. The form also has links for further help. |
| Departmental services | Unit onboarding and initial setup. |
| Mailing lists | You might want to create several mailing lists for different faculty, student and staff types. All of these can flow into their own aggregate groups, which flow into a departmental group, which all flow into a wider group and so on. |
Maintain your own mailing lists but use LDAP information to populate and keep them up to date. For example, your group may have local data you want to use in Grouper. With RBAC and many people working on internal systems, make that information easier to consume. You can use existing information sources, either once or on an ongoing basis, to transition from your internal application to aggregating data from several sources.
Manage group membership
If you need group administrator privileges, request them from the current administrator of that group. The administrator must grant you the “update” or “admin” group permission, whichever is appropriate.
Onboard a new application to Grouper
To set up a group for a service not yet connected to Grouper, the department or unit admin begins by contacting the Grouper global admin team to onboard the new app. This is handled on a case-by-case basis. Once onboarded, you can use your existing directory data (via an SQL endpoint) as a feed to Grouper or create and manage your groups manually.
As part of an onboarding, Information Security requires:
- The app’s location, whether it resides in Azure, on-premises or elsewhere, along with the provisioning targets it will use (such as UTORable, Enterprise Active Directory or Entra ID)
- The data source for group members (for example, LDAP or SQL), optional
- The membership scope that defines which users are included
- The permission structure (who can see what, who can do what)
- What will be covered in the IRM (incident risk exercise)
If you are an application administrator and need help with Grouper configuration, contact utorgrouper.admin@utoronto.ca to create an Enterprise Service Centre ticket. You will receive an autoreply with a link to the ticket.
Last modified: January 6, 2026
