People carrying surveying equipment walking down a grave path
Grouper enables the Division of IT to more effectively manage and determine service access policy for specific groups at the university, including students, faculty, staff, and alumni. Photo by Ray Meese for Virginia Tech.

In 2021, Secure Identity Services (SIS), implemented Grouper, a modern open source access policy management solution.

Grouper allows for more sophisticated group membership management, which in turn delivers faster and more accurate access controls to services throughout the university. Grouper’s real power comes from being able to drive access policy through group memberships populated from existing data, like training certifications, student status, employee classification, as well as existing affiliations.

Since Grouper was implemented, 26 departments are using the service, including most of the units in the Division of IT. For example, Collaborative Computing Solutions (CCS) is using Grouper to manage levels of service for cloud services, whereas the Software Service Center (SSC) is using it to provide licensing details for access to various licensed services such as Slack.

Some other uses of Grouper include:

  • Policy groups for automatic provisioning and de-provisioning of users,
  • Policy groups based on affiliations, organization groups, manual groups, or traditional Enterprise Directory (ED) groups,
  • Nesting Grouper groups within ED groups,
  • Additive and subtractive groups to handle authorization changes,
  • Affiliation like roles to manage authorizations, and ,
  • Existing FERPA training completion group.

Currently, Grouper gives users a dashboard view into the university's access policies, reducing security risk and supporting mature data governance.