Join InCommon

Grouper School

Centralized access management at its finest

November 12 – 13, 2019

Hosted by Temple University
Ritter Hall Annex, Kiva Auditorium
1301 Cecil B. Moore Ave, Philadelphia, PA 19122.

Training Overview

The target audience is anyone interested in implementing access governance the “InCommon way”, and includes novices and folks who already have some Grouper experience. 

This two-day session will focus on the InCommon Trusted Access Platform packaged Grouper software (formerly known as TIER) with a focus on learning and using core Grouper features to implement the access control models described in the Grouper Deployment Guide. The sessions will include a mix of lectures, hands-on training, and discussion. 

The modules start with Grouper basics and progress through new Grouper features, access governance, Grouper security model, and Grouper administration. The session culminates with an access governance practicum that incorporates the InCommon Trusted Access Platform suite of components and provides a “full IAM stack” experience.

The Fine Print

In a nutshell, here is what you can expect over the next two days:

Knowledge of identity management concepts and related implementation experience is strongly recommended.

Tuition Schedule

Collaboration Success Program AlumniInCommon Participant Non-Participant
Early Bird Rate*$1,500$1,900$2,400
Regular Rate$1,500$2,000$2,500

*Early bird rates apply through September 20, 2019

Ample caffeine and snacks are included in the tuition rate (morning break service, lunch, and an afternoon break service)

Instructor Bios

Chris Hyzer

Chris is the Grouper project chair and lead developer.  For more than 10 years he has been hacking away at his favorite software product improving the ways people gain access to resources, or get revoked from access that they should not have anymore.  He works at the University of Pennsylvania as an application architect in Identity and Access Management.  Email him at; then email him a couple days later reminding him to check his email.

Bill Thompson

William G. Thompson, Jr., or as his friends call him, Ol’ Bill, discovered Grouper one day while out fishin’ the streams of New Jersey. While searching for how to fillet a Grouper online he ran across this product also named Grouper and thought this would be an excellent addition to his IAM system. And the rest is history. You can find more boring details about Bill and how to stay in touch at Or just email Bill at

Directions and Parking

The workshop will be held hosted by Temple University. The campus map can be found here.

The building is located at the Ritter Hall Annex Center (Kiva and Walk Auditoriums): 1301 Cecil B. Moore Ave, Philadelphia, PA 19122

The most accessible parking location is at TBD.

Hotel Accommodations

There is a wide variety of hotels in downtown Philadelphia walking distance to the training facility, meeting all price points. There is not a room block reserved for the training participants.

Transportation Options

Temple University is best served by the Philadelphia International Airport (PHL), which is 13 miles from campus (~$26 Uber ride).

Alternatively, there is a light rail from the airport —  A line (airport line), with a drop off within a 10 minute walk to campus.

Before You Arrive

Detailed preparation instructions will be available and distributed prior to the class.

Please note that the training requires you to bring a laptop.

  1. You will need to have either an RDP client (for Windows) or SSH client (for Linux), plus root access to modify your etc/host files, depending on your choice of operating system for this class.
  2. The training makes use of Virtual Machines (VMs), in this case derived from Amazon Marketplace Images (AMI) loaded on Amazon Web Services. The training team will provide access instructions when you arrive for the first day of the training.
  3. You will need root/administrator access on the computer you will be bringing to class so that you can modify the local hosts file.
  4. Your VM will be available during the training and for two weeks after the training. After two weeks, the VM will no longer exist, so be sure to save anything you need within two weeks of the end of the training.

Curriculum Outline

Day One

  1. Grouper Basics (101)
  2. Grouper Advanced Features
  3. What’s new in Grouper 2.4
  4. Grouper Access Governance (201)
  5. Grouper Security Model (211)

Day Two

  1. Finish Grouper Security Model (211)
  2. Grouper Administration (301)
  3. Access Governance Practicum Part 1 (401)
  4. Access Governance Practicum Part 2 (401)
  5. Wrap up and IAM discussion

Sample Agenda

Tuesday and Wednesday, November 12 – 13, 2019

Day One

Day Two

Cancellation Policy

All cancellations received on or before 11:59 PM EDT on Friday, November 1, 2019 are entitled to a full conference refund less a $20 administrative fee. There will be no refunds after this date. If you cancel after 11:59 PM EDT on Friday, November1, 2019 and have not paid by any other means, your credit card will be charged the cost of the registration fee. If you cancel your registration after 11:59 PM EDT on Friday, November 1, 2019 you may name another person from your organization to take your place for meetings that allow transferred registrations. To cancel, transfer, or make changes to your registration, please contact Thank You.

Participant Consent

Any person who attends an Internet2 event or workshop grants permission to Internet2 to use and publish his or her image or likeness collected in connection with the event for any usual and customary purpose of Internet2, including promotion of Internet2 and its programs.

As part of this event, participants in this conference may be videotaped, audiotaped, or otherwise recorded, and this footage may be edited, streamed, archived, broadcast, and otherwise retained by Internet2 or made available to the public. By participating in this conference, Participant consents to Internet2 performing these actions, and agrees to hold harmless Internet2 and its affiliates, members, trustees, agents, officers, contractors, volunteers, and employees against any and all legal claims arising out of, by reason of, or caused by the performance of these actions or other use or distribution of any footage.

Privacy Policy

(Updated July 1, 2015)

Internet2 values your privacy.  We recognize that you may be concerned about how we will treat the information that you share while registering for an event through our website (

This Privacy Policy for Event Registration describes the policies and procedures of Internet2 on the collection, use, and disclosure of the information you submit to us through our website when you register for one of our events.  It also describes the choices available to you regarding our use of your information and how you can access and update it.  This Privacy Policy does not apply to the practices of third party websites.

When you register for an event hosted by Internet2, we may ask you to provide information including, but not limited to, your name, gender, title, institution/affiliation, mailing address, email address, phone number, and fax number.  If you are paying an event registration fee with a credit card, we may collect the credit card number, credit card expiration date, and the cardholder’s name.  When applicable to the event, we also may ask you about meal preferences, allergies, special needs, and emergency contact information.

We collect your information for organizational purposes relating to the event you will be attending.  We also may use your contact information to communicate with you about Internet2 news and events.  We collect credit card information so we can process and record your transaction, properly bill your account, and issue you a receipt.  If you choose to provide your gender, we use this information strictly for statistical reporting purposes and will not associate your name or other personal information with your gender in such reporting.


As a long-standing organizational practice, we may post an event attendee list, including attendee names and institutions, on the event website (Internet2 members or others with InCommon credentials may log in to access attendee email addresses). We post this information online as a service for conference participants, offering a convenient way for the community to collaborate. Internet2 does not sell the contact information of event attendees. Visitors to our website are not permitted to sell, harvest, or generate mailing lists from the event attendee list, nor should they use it for promotional purposes.

Also, as a benefit of sponsoring our events, sponsors receive an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable. We closely coordinate with sponsors so that attendees receive information of value about the sponsor, and not just sales materials.

Internet2 sometimes convenes workshops, webinars, and other events in conjunction with trusted third parties.  With respect to attendees who register for these collaborative events through the Internet2 website, we may share attendee lists, including names, titles, institutions, postal addresses, email addresses, phone and fax numbers, with such third parties.  If you are registering for one of these events through a third party website and not providing the information directly to Internet2, then that third party’s privacy policy governs and Internet2 expressly disclaims all responsibility for the sharing of information related to registration for such an event. 

Occasionally, third parties from the research and education community request event attendee lists for purposes of developing surveys, identifying community needs, or collecting data that will be used in research projects that will benefit the community.  Upon request, we will share with these third parties an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable.

We will never store or share with third parties the credit card information we collect from you.  Protected health information (PHI) may be shared with third parties only with your permission and to the extent necessary to accommodate your needs at an event.  PHI is deleted from our records following completion of the event.

Internet2 uses industry-standard methods to maintain the security of the information you provide us.  However, we cannot guarantee that such information will never be accessed, used or released in a manner that is inconsistent with this policy, and we expressly disclaim any liability for any loss, misuse, alteration or unauthorized disclosure of your information.

The opportunity to opt out of any of the lists described in Section V. above is available during the registration process.  Additionally, any recipient of an automatically-generated email from Internet2 may unsubscribe from future messages via a link at the bottom of each message.

For questions about our Event Registration Privacy Policy, to update your privacy options after you have registered for an event, or to update or correct mistakes in the information you provided us, please contact

The Event Registration Privacy Policy posted here will always be current.  We encourage you to review this statement regularly.

If you have any questions regarding our Privacy Policy for Event Registration, please contact