SURFconext supports group management. Via the service SURFconext teams or Institution group providers, groups are defined within SURFconext. Service Providers then are able to re-use the groups. Typically services like Wikis, collaboration tools, videoconferencing and calender sharing benefit from this functionality.
SURFconext Teams: with SURFconext Teams students, researchers and employees (any user from a connected Identity Provider) are able to create and manage groups. Users are able to invite group members within the whole SURFconext community (including guests).
Institution group providers: institutions already have groups. In some cases, they have configured a group provider. Groups configured locally are then published within SURFconext.
There are several ways to obtain group information as an SP from SURFconext:
- Attribute Aggregation: SURFconext handles fetching the group information for you, and supplies it to your SP as an extra SAML attribute
isMemberOf(multi-valued). You do not need to implement anything in your SP other than using the new attribute. It can only be used however if your SP wants to know about a predefined fixed set of group names. Ask SURFconext Support to enable this for your SP, and specify the group Ids you're interested in.
- Query our group API via a library: For SP's using simpleSAMLphp, there is a ssp-voot-groups module you can install in simpleSAMLphp that handles the querying of the API for you. Ask SURFconext Support for API credentials and configure this in the module.
- Implement the VOOT API: You can talk directly to our VOOT protocol API which is a REST API protected with OAuth 2.0. Learn more about the VOOT protocol.