To many computing officers who have grown up around the Windows stack, you may be wondering why we use an additional group management system such as Grouper when Active Directory has inbuilt group functionality. Simply put, AD is only a very small part of our overall landscape, and Grouper gives us the ability to centralise access control across many systems.
Furthermore, Grouper allows us to call upon the vast repository of data the University holds to automatically provision groups and keep membership up to date, while you sit back and do more interesting stuff.
Speaking of sitting back, Grouper offers delegated group management functionality through a convenient web interface. This allows you to devolve responsibility for maintaining your groups to non-technical office administrative staff or members of a research group who you would normally not want to let loose near AD.
So you want a group that contains only Postgraduate Research students in the SAgE faculty studying on their second year, excluding those from the school of Chemical Engineering, that can be used to populate your door access control system?…Grouper can do that.
Or, you want a group that can auto provision all staff in your school to have access to a file share and internal school website?…Grouper can do that too.
Grouper takes away the pain of managing access control to many systems, ensuring that when individuals move between roles or courses, their effective memberships are automatically propagated to connected systems.