SURFconext supports group management. Via the service SURFconext teams or Institution group providers, groups are defined within SURFconext. Service Providers then are able to re-use the groups. Typically services like Wikis, collaboration tools, videoconferencing and calender sharing benefit from this functionality.

SURFconext Teams: with SURFconext Teams students, researchers and employees (any user from a connected Identity Provider) are able to create and manage groups. Users are able to invite group members within the whole SURFconext community (including guests).

Institution group providers: institutions already have groups. In some cases, they have configured a group provider. Groups configured locally are then published within SURFconext.

There are several ways to obtain group information as an SP from SURFconext:

  1. Attribute Aggregation: SURFconext handles fetching the group information for you, and supplies it to your SP as an extra SAML attribute isMemberOf (multi-valued). You do not need to implement anything in your SP other than using the new attribute. It can only be used however if your SP wants to know about a predefined fixed set of group names. Ask SURFconext Support to enable this for your SP, and specify the group Ids you're interested in.
  2. Query our group API via a library: For SP's using simpleSAMLphp, there is a ssp-voot-groups module you can install in simpleSAMLphp that handles the querying of the API for you. Ask SURFconext Support for API credentials and configure this in the module.
  3. Implement the VOOT API: You can talk directly to our VOOT protocol API which is a REST API protected with OAuth 2.0. Learn more about the VOOT protocol.
  • No labels