EGS - Is my use case a good fit for Enterprise Group Services (EGS)?
Overview
To determine if your use case is a good fit for Enterprise Group Services (EGS), you will need to consider these factors:
- User Base
- Attributes
- Group Size
- Group Location
What Enterprise Group Services (EGS) Does
EGS manages the membership of a bespoke group in either Austin Active Directory (Austin AD) or the uTexas Enterprise Directory (TED).
Membership is managed automatically based on criteria described in the rest of this article.
You will be responsible for configuring your application to read the membership of the group in question.
User Base
With over 10 million UT EIDs in existence, the IAM Team has limited the records available to Enterprise Group Services. As of this writing, records are limited to UT Austin persons with one or more of the following affiliations:
Affiliation Code | Affiliation Name |
AFWK | University Affiliate |
FCCU | Current Faculty |
FCFT | Future Faculty |
LBRY | Library Patron |
OSCU | Current OnRamps Student |
OSFT | Future OnRamps Student |
RETR | Retiree |
SDCU | Current Student |
SDFT | Future Student |
SFCU | Current Staff |
SFFT | Future Staff |
UAFT | Future University Affiliate |
VIST | Official Visitor |
XTSN | Extension Studies Participant |
If you are looking to create a group whose membership includes UT Austin individuals with at least one of the above affiliations Enterprise Group Services might be a good fit!
Attributes
Enterprise Group Services makes use of Attribute-Based Access Control (ABAC), a framework in which authorization is granted and removed automatically based on an individual's attribute values.
As of this writing, Enterprise Group Services supports the creation of ABAC rules based on values of the following attributes:
Attribute | Description |
eduPersonOrgUnitDN | DNs of employee's departments |
utexasEduPersonAffCode | Affiliation Code(s) |
utexasEduPersonAssociatedSchoolCode | Both official and "associated" school codes |
utexasEduPersonDeanVPOrgUnitCode | Code of employee's Dean/VP level department |
utexasEduPersonEntitlementCode | Code values for eduPersonEntitlement. |
utexasEduPersonFullPartTimeEmployee | Full-/Part-time indicator. |
utexasEduPersonJobClassCategoryCode | Code for job report category. |
utexasEduPersonJobClassCode | Job class code |
utexasEduPersonOrgUnitCode | Code of employee's department |
eduPersonPrimaryAffiliation | Current primary affiliation. |
utexasEduPersonMajorDeptCode | Code for student's major department |
utexasEduPersonPrimaryOrgUnitName | Name of primary or preferred department |
utexasEduPersonSchoolCode | Code for student's school/college |
eduPersonPrimaryAffiliation | Current primary affiliation |
utexasEduPersonMajorDeptCode | Code for student's major department |
utexasEduPersonPrimaryOrgUnitName | Name of primary or preferred department |
utexasEduPersonSchoolCode | Code for student's school/college |
utexasEduPersonEidClass | EID Class |
If you are looking to create a group whose membership is conditioned on the value of one or more of the above attributes Enterprise Group Services might be a good fit!
For more information regarding this and other attributes, please review TED Directory Attributes.
Group Size
As our team gains familiarity and expertise with the new Enterprise Group Services, we will only move forward with requests for groups whose predicted size is under 5,000 members.
If you are looking to create a group with an expected membership of under 5,000 Enterprise Group Services might be a good fit!
Group Location
Groups are currently only visible in either Austin Active Directory (Austin AD) or the uTexas Enterprise Directory (TED).
At this time, groups are not available in Azure AD.
Good Fits
If, after reviewing the above, you think that Enterprise Group Services might be a good fit for your use case we invite you to fill out our request form.