/
Group  Services  Update Septembe Group  Services  Update Septembe

Group Services Update Septembe - PowerPoint Presentation

celsa-spraggs
celsa-spraggs . @celsa-spraggs
Follow
349 views
Uploaded On 2018-10-11

Group Services Update Septembe - PPT Presentation

r 18 2017 CIO Council Smith 561 What Does Grouper Do A group membership system Grouper is Integrated with IAM data so the group memberships are updated automatically A web tool for delegated administrators to manage groups for their local needs ID: 687834

group groups iam service groups group service iam access grouper school harvardkey application manage delegated department web reference control

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Group Services Update Septembe" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Group Services Update

Septembe

r 18

, 2017

CIO Council

Smith 561Slide2

What Does Grouper Do?

A

group

membership system; Grouper is:Integrated with IAM data so the group memberships are updated automaticallyA web tool for delegated administrators to manage groups for their local needsUsed by school and department IT Service Providers to manage groups directly or via APIGrouper is NOT directly accessible to faculty, staff and students at this time.

2Slide3

What Types of Problems Can I Solve with Groups?

Problem “What If?”

Scenarios

Real ExamplesFunctionI need to limit access to the third-party web application I am integrating with HarvardKey to current affiliates.Access to Kenexa system used by job applicants and HR recruiters is controlled by HarvardKey with groups

Access Control

I need to make sure that my web site is only open to current affiliates of my department, plus a few other specific people I can name.

Open Scholar site owners can make content available using reference groups, or request custom groupCustom GroupsOur program needs a way to ensure that people who login to Amazon have limited access and permissions.ITS uses groups to limit user access within the cloud instance in real time, as the user logs inDelegated Group AdministrationAccess ControlMy School wants to create groups that we will use locally for access control and mailing listsFuture Development: Integration with Active DirectoryDelegated Group AdministrationHarvard should make sure that only active and current affiliates receive broadcast communicationFuture Development: Broadcast Communication ProjectCustom Group

3Slide4

How Can I Use The Service

IAM Product Operations supports the Group Service.

Service catalog listing and related documentation projects are in progress. Group Service Delivery Manager for IAM is Terry Connolly. 4

Group Service

How

To Use The ServiceAccess Control for Web Applications using HarvardKey and GroupsIam_help@harvard.eduSubmit a request to integrate an application with HarvardKey.http://iam.harvard.edu/files/iam/files/cas-saml-spusagerequest-form.pdfDelegated Group AdministrationDepending on your application needs we will provide consultation, training and onboarding for you to manage groups as you need.Custom Group By RequestUsers are directed to iam_help@Harvard.edu from within Open Scholar.Slide5

Appendix

5Slide6

Groups enable integration of other IT Services

6

Groups

are a critical component of these IT Services

Access Control

(available now)Enabling application access for eligible users (authorization)Automatically removing access as eligibility endsCommunication (start in FY18)Emailing or texting messages to targeted audiencesCollaboration (future)Simplifying document sharing to collaboratorsEnabling controlled file sharing (individuals and groups)Slide7

Vision for Group Services (Today)

Provide an IT service that enables other IT service providers to meet requirements for access control, collaboration, and communication through the use of groups

7Slide8

Guiding Principles of Service

The following are proposed:

Evolve and shape the service in response to demonstrated, prioritized needs

Empower schools/departments to create and manage groups in Grouper for their own service needsGovern the system with input from stakeholders, to ensure quality and usability are retained8Slide9

Service Model At Present

IAM Service Owner

Operates the Grouper Platform and integration with HarvardKey

Onboards customers integrating applications with HarvardKey, creating groups as required for web application authorizationOnboards and trains Delegated AdministratorsProvides support Delegated AdministratorInteracts directly with Grouper using API or Grouper UI to create and manage groupsReceives training in best practices, and observes these when managing groupsMay set up additional users to be Membership Managers9Slide10

Not Tackled Yet

On the roadmap:

ITCRB funded Broadcast Communication (FY18/19)

Provisioning of Grouper groups to:University ADLDAP(s)School-specific AD’sSolution for non-people groupsWe need a registry for these digital identities firstDesired, but solution/approach is not clearWidely distributed group management, integrated with various components in 036510Slide11

Value of Reference Groups

Reference groups are automatically updated daily based on the system of record feeds to IAM

By using reference groups, you get “active only” members and this supports authorization objectives

By intersecting reference groups with your own custom groups, you can ensure that the membership of your custom managed groups is automatically updated to remove people who are no longer active. 11Slide12

12

IAM-Managed:

Groups are set up and managed on behalf of a school/department by IAM

Broad or static application authorization requirements (e.g. all students)Client has no technical willingness/capacity for autonomous group administrationDelegated Membership Management: Groups are set up by IAM, or delegated administrators, and school/department manages group membershipsMembership Managers need to understand Grouper UI navigation and group membership admin features Delegated Group Administration: A Grouper namespace is set up by IAM and delegated to the school/department to manage its own groupsDelegated Group Administrators need to understand Grouper navigation, group creation, memberships, permissions and group-math concepts

Group Administration ModelsSlide13

Group Services Systems Model

13