Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID



Grouper is an enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to universities. Operating a central access management system that supports both central and distributed IT reduces risk.

Grouper is part of the InCommon Trusted Access Platform, an open-source IAM suite available as packaged software, making it simpler to install and configure.

Why Use Grouper?

  • Coordinated Collaboration Grouper helps collaboration happen. You can set up groups, roles, and permissions for many purposes, such as populating and administering standing committees, ad hoc research teams, departments, or classes. Key collaborative applications -- mailing lists, wikis, calendars, etc. -- can use this group, role, and permission information to make authorization decisions.
  • Single Point of Control When using Grouper, once a person is added or removed from a group, the group-related privileges are automatically updated in all of your collaborative applications. Grouper allows efficient management of the membership roster at a single point.
  • Who Can Use Grouper? Anyone needing to manage group access to resources can use Grouper -- from accountants to zoologists. A researcher might create a group and enable members to participate on an email list or view a web site. Students might use Grouper to set up and manage groups for similar applications as they work together on shared projects and class work. Your IT staff can delegate group management and enable those leading collaborations to set up and manage their own groups.


The Grouper Project has received funding and development resources from

  • Internet2
  • National Science Foundation (NSF) Grant No. OCI-0330626, OCI-0721896, and OCI-1032468
  • Joint Information Systems Committee (JISC) (UK)
  • University of Chicago, University of Pennsylvania, Duke University, University of Washington, University of Memphis, University of Bristol (UK)

Grouper Features

  • Lower cost & time to deliver new services
  • Simplify management by using the same group or role in many places and automating changes to access privileges as a person’s roles change
  • Empower the right people to manage access, taking central IT out of the loop
  • Increase transparency and auditability - see who can access what with a report rather than a fire drill
  • Grouper integrates with almost any existing access management infrastructure
  • Supportive community of Grouper users worldwide  See deployment stories and resources shared on the Grouper wiki.
  • TIER Grouper Deployment Guide.
  • Online Library of Grouper Training Videos available on the wiki.

Grouper is open-source software licensed under the Apache 2.0 license. See for a copy of this license.


Where can I find Grouper Training?

Grouper Online Training Videos are available here.

Where can I find the answer to technical questions?

A good place to start is the Grouper wiki.

Why should I use groups in my IAM infrastructure?

Using groups in the identity and access management infrastructure adds important contextual information about an individual's formal and informal affiliations with the institution. For instance, separate applications may use groups to track each individual's role(s). If an individual is in a particular group, the person is authorized to access the resource.

What problems does Grouper solve?

Without a group management tool, implementation of groups is managed separately for each service. Keeping the membership roster consistent across multiple applications becomes very difficult and inconsistencies are the rule. If a member leaves a project, for example, the group's email list, wiki space, calendar, research database, and other shared resources need to be updated separately. Grouper solves this problem by centralizing group information in one place.

Who manages all of these groups?

With Grouper, individuals across campus manage the memberships of the groups they steward. Grouper keeps the group membership decisions in the hands of the business/group owners, access control in the hands of the application owners, and the technology management in the hands of the technologists. Schools, departments and even project leads and students can use an institutionally-tailored interface to manage their groups using plain language they understand.

How does Grouper help the IT staff?

After integrating Grouper with your identity management system, you will have a way to manage the membership of roles and other functions that individuals have with the institution. Further, automatic change or revocation of service can be accomplished based on group membership changes. Removing IT from the middle of managing groups will help ease your helpdesk headaches, as well. As more and more systems use Grouper, the benefits accrue and become more valuable.

How does Grouper enhance collaboration?

In Grouper, a researcher might create a "my-research-project" group and enable the members to participate on an email list, calendar group, web site, and so on. Alternatively, students could use Grouper to set up and manage "my-business-course-cohorts" to enable similar collaborative applications. The software enables group management on an individual level and empowers people to use more secure, robust, and responsive methods to control access to their resources.

What do I need to have in place?

To implement Grouper, you need to have:

  • an institutional identity management system and a model for how privilege management fits in.
  • a good relationship with key stakeholders across campus to develop the policy and business rules associated with groups and related authority issues.
  • the resources to implement and support the model.

Where can I find more information about identity management?

To get started with identity management infrastructures, refer to Internet2's NSF-funded project, NMI-EDIT, which offers roadmaps, practice papers, articles, and other tools to get you going.

Who are the Grouper developers?

How do I get on the Grouper-Users email list?

Instructions are found here.

Where can I see a diagram explaining Grouper?

A Grouper Architectural Diagram and a High Level Concepts diagram are available here.

Where can I see Grouper case studies?

In the Internet2 Case Studies section of the website and in the Community Contributions section of the Grouper wki.

To download Grouper, go to the InCommon Trusted Access Platform wiki.