Usage guides

Content:

  1. How UTORGrouper works
  2. Grant access to an existing service
  3. Onboarding: grant access to a new service

How UTORGrouper works

It’s important to understand that services and applications do not interact directly with UTORGrouper. You provide information to Grouper, which then pushes that information to the proper endpoints (such as LDAP), which is then read by the application.

To make a change in Grouper, you can either use your existing directory data via an SQL endpoint or make changes manually in the UI. When you make a change in Grouper, it updates the underlying database table for that group, and captures any provisioning changes in a changelog (which is a database table). Provisioners for UTORable LDAP, EAD and Azure consume this changelog, and update their respective endpoints.

Grant access to an existing service

To grant access to an existing service, it’s likely the application administrators are already familiar with the process.

If you’re an application administrator and need help connecting to Grouper, email utorgrouper.admin@utoronto.ca to create an ESC ticket. You’ll get an autoreply with a link to the ticket.

Service Instructions
SharePoint To set up a departmental SharePoint instance, contact the EASI Sharepoint team. The SharePoint admins connect the right groups in Azure, using existing groups or creating new ones as needed.
Shared mailboxes To create a shared mailbox, see “Create a shared mailbox” in ESC. For shared-mailbox support related to group management, contact Information Commons.
Power BI Request access to Power BI using the PowerBI onboarding form in ESC. The form also has links for further help.
Departmental services Unit onboarding and initial setup.
Mailing lists You might want to create several mailing lists for different faculty, student and staff types. All of these can flow into their own aggregate groups, which flow into a departmental group, which all flow into a wider group, and so on.

You maintain your own mailing lists, but you consume LDAP information to populate them and keep them up to date. For example, your group may have local information you want to use in Grouper. With RBAC and many people working on internal systems, you’ll want to make that information easier to consume. You can take advantage of existing information sources, either once or on an ongoing basis, to transition from your internal application to aggregating information from several sources.

Onboarding: grant access to a new service

To grant access to a service not yet connected to Grouper, you can either use your existing directory data (via an SQL endpoint) as a feed to Grouper or set up your groups manually.

As part of an onboarding, Information Security requires some information to get you set up, including:

  • The app’s location (Azure? Local? Elsewhere?)
  • What is going to connect to the app
  • The data source for group members (for example, LDAP or SQL)
  • The permission structure (who can see what, who can do what)
  • What will be covered in the IRM (incident risk exercise)