HUIT is making it easier to manage permissions to applications and websites. Learn how Group Services is ensuring that the right people have the right access to the right information across the university.

At Harvard, the ability to access information easily and securely is key to collaboration. Group Services, a tool set made available by Harvard University IT, will make it easier to manage authorized access and permissions on many of our applications and websites.

What are Group Services? What does this mean for my application?

Group Services tools work behind the scenes to allow applications to use HUIT’s information about how individuals interact with the University (as a student, employee, library borrower, retiree, etc.) to manage permissions. These tools allow us to make sure that lists (or “groups”) remain up to date when individuals change roles or organizations within the University. Group Services are powered by the Internet2 application called Grouper.

HarvardKey is fully integrated with Group Services. Using Group Services, administrators can now create a “group” (a list of people) that automatically updates when a user’s role changes, ensuring that only active and current users have access to Harvard resources. This is an enormous improvement to the current process, which is often an onerous, manual task resulting in inconsistencies and duplicative work. 

Can I set up Group Services for my HarvardKey enabled application?

Group Services are available for applications using CAS, OIDC and SAML 2.0 (HarvardKey IdP) based protocols, and can be used for internal applications and third-party solutions. It can be used on its own, or in conjunction with an application’s authorization capability to achieve a finer grain of permissioning.

To learn more about application authorization using groups, please see Application Authorization using HarvardKey and IAM Group Services.