Our fifth principle of Grouper good practice is:
- Adhere to the naming convention for ‘Applications’ groups.
The naming of groups is important to ensure the consistency and uniqueness of group identifiers between Grouper and Active Directory groups. It is a requirement of the AD that group names are unique.
So, to ensure uniqueness, the group ID is split down into three defining sections:
- Owning department/school – the school/department should be the abbreviation (without the leading D-) that is assigned to your school/department within SAP for example COMP (Computing science), LIBR (Library).
- Auto – the word “Auto” needs to be included within any group that is to be provisioned into the AD. This identifies the group in the AD as being automatically generated and therefore management of the group should be carried out within Grouper.
- Group purpose – this should provide a clear purpose for the group, so that users are able to quickly distinguish what the group represents.
This gives a group name of the format <Department/school>_ Auto_< Purpose>.
Please note that the group ID cannot include spaces so, if the purpose is more than one word, please replace spaces with an underscore character. AD will also not accept any of these characters, ” [ ] : ; | = + * ? < > / \, so do not use them in your group names.