With Shira Acosta — University of Virginia
In Fall 2024, the University of Virginia transitioned from its custom group management solution, MyGroups, to Grouper. All existing MyGroups groups were migrated without modification, despite lacking compliance with new governance policies enabled by Grouper. Consequently, these legacy groups require thorough evaluation regarding their purpose, membership, and necessity. This talk explores how UVA is utilizing Grouper's Attestation functionality to systematically address these legacy groups, implement deprovisioning where needed, and ensure compliance with new group policies introduced with Grouper.
Slides (PDF)With Bruce Timberlake, Gail Lift, and Liam Hoekenga — University of Michigan
The University of Michigan and the University of Virginia share experiences with Grouper and its evolving capabilities. At Michigan, the team implemented Grouper's new Attribute-Based Access Control (ABAC) features in April 2024, enabling efficient management of access control groups that were previously unsustainable. At Virginia, the second year of transitioning from a legacy group management system to Grouper brought both challenges and practical lessons. Together: a comprehensive overview of Grouper ABAC adoption, when reference groups are the right call versus when ABAC is the better fit, and the realities of retiring legacy systems.
Slides (PDF)With Chris Bongaarts — University of Minnesota
Valuable insights on retiring legacy systems, drawn from the experiences of the University of Minnesota and the University of Virginia. UMN's latest attempt to retire a 31-year-old identity system alongside UVA's journey replacing a home-built group management solution with Grouper — practical knowledge on retiring old systems and facilitating future retirements from both organizational and technical perspectives.
Slides (PDF)A practical walk through the modern access control landscape. From RBAC and ABAC to newer policy and relationship-driven approaches, this session will unpack how they can fit together instead of competing. Come see how access control within the larger higher-ed IAM context can integrate governance, grouping, and federated authentication into a model that's both flexible and defensible.
An overview of access and grouping — learn about why grouping is critical for IAM and how access decisions are made. Plus see real-world examples of how institutions use groups and roles to improve security and efficiency. We'll also introduce the concepts of role-based access control (RBAC), attribute-based access control (ABAC), and group-based access management.
Slides (PDF)With Chris Bongaarts — University of Minnesota
IAM data — where does it come from, how is it used, and who is responsible for maintaining its accuracy? This session introduces the critical role of data in IAM, from sourcing identity information to managing entitlements and audit logs. Attendees will learn how IAM systems rely on campus data practices, why data consistency is key to access control, and what happens when bad data flows through IAM systems. Whether you're managing identity sources, troubleshooting inconsistencies, or improving data quality, this session provides the foundational knowledge you need.
Slides (PDF)With Tommy Doan — Southern Methodist University
Many institutions operate in a hybrid state, juggling on-premises identity systems with cloud-based IAM solutions. As the shift toward cloud infrastructure and SaaS services accelerates, institutions making these transitions must weigh greater scalability, flexibility, and integration options with challenges like licensing costs, integration complexity with legacy systems, and vendor dependence. With no one-size-fits-all approach, each institution must navigate its own path forward.
SMU recently transitioned its primary identity provider from on-premises (Shibboleth) to the cloud (Entra ID) while maintaining a hybrid environment — offering insights into their motivations, lessons learned, and strategies for process, stakeholder communication, and user education. UVA will discuss its approach to fully leveraging Entra ID while unifying two separate SSO solutions, sharing key considerations behind their decisions and how they are managing change.
Slides (PDF) · Recording (YouTube)