This provisioner looks up Duo users, and assigns them to a group. This group is used for bypass for this certain use case example. The group is delegated in Grouper to the org that needs to manage it.
Duo group
The group can be seen in the Duo admin console and has a bypass configured
Provisionable groups
Any group marked as policy in this folder will be synced to Duo. The display extension (“name” in UI will be the group name in Duo)
Note since the extension is used as group name in Duo, the "provisionable" flag is configured to only be able to be assigned on one folder in Grouper
Troubleshoot the provisioner
You can see activity for the provisioner
See errors
Duo credential on Duo side
Duo credential on the Grouper side
Configure provisioner
provisioner.duoLoader.addDisabledFullSyncDaemon = true provisioner.duoLoader.addDisabledIncrementalSyncDaemon = true provisioner.duoLoader.allowAssignmentsOnlyOnOneStem = true provisioner.duoLoader.class = edu.internet2.middleware.grouper.app.duo.GrouperDuoProvisioner provisioner.duoLoader.customizeGroupCrud = true provisioner.duoLoader.customizeMembershipCrud = true provisioner.duoLoader.deleteGroupsIfGrouperDeleted = true provisioner.duoLoader.deleteMembershipsIfNotExistInGrouper = true provisioner.duoLoader.duoExternalSystemConfigId = duoAdminProdReadwrite provisioner.duoLoader.entity2advanced = true provisioner.duoLoader.entityAttributeValueCache0entityAttribute = id provisioner.duoLoader.entityAttributeValueCache0has = true provisioner.duoLoader.entityAttributeValueCache0source = target provisioner.duoLoader.entityAttributeValueCache0type = entityAttribute provisioner.duoLoader.entityAttributeValueCacheHas = true provisioner.duoLoader.entityMatchingAttribute0name = loginId provisioner.duoLoader.entityMatchingAttributeCount = 1 provisioner.duoLoader.groupAllowedToAssign = penn\u003Aisc\u003Aait\u003Aapps\u003AtwoFactor\u003AtwoFactorSecurity\u003AtwoFactorOwners provisioner.duoLoader.groupAttributeValueCache0groupAttribute = id provisioner.duoLoader.groupAttributeValueCache0has = true provisioner.duoLoader.groupAttributeValueCache0source = target provisioner.duoLoader.groupAttributeValueCache0type = groupAttribute provisioner.duoLoader.groupAttributeValueCacheHas = true provisioner.duoLoader.groupMatchingAttribute0name = name provisioner.duoLoader.groupMatchingAttributeCount = 1 provisioner.duoLoader.hasTargetEntityLink = true provisioner.duoLoader.hasTargetGroupLink = true provisioner.duoLoader.loadEntitiesToGrouperTable = true provisioner.duoLoader.logAllObjectsVerbose = true provisioner.duoLoader.logAllObjectsVerboseToLogFile = false provisioner.duoLoader.numberOfEntityAttributes = 2 provisioner.duoLoader.numberOfGroupAttributes = 3 provisioner.duoLoader.onlyProvisionPolicyGroups = true provisioner.duoLoader.operateOnGrouperEntities = true provisioner.duoLoader.operateOnGrouperGroups = true provisioner.duoLoader.operateOnGrouperMemberships = true provisioner.duoLoader.provisioningType = membershipObjects provisioner.duoLoader.selectAllEntities = true provisioner.duoLoader.selectAllGroups = false provisioner.duoLoader.showAdvanced = true provisioner.duoLoader.showAssigningProvisioning = true provisioner.duoLoader.startWith = this is start with read only provisioner.duoLoader.subjectSourcesToProvision = pennperson provisioner.duoLoader.targetEntityAttribute.0.name = id provisioner.duoLoader.targetEntityAttribute.1.name = loginId provisioner.duoLoader.targetEntityAttribute.1.translateExpressionType = grouperProvisioningEntityField provisioner.duoLoader.targetEntityAttribute.1.translateFromGrouperProvisioningEntityField = subjectIdentifier0 provisioner.duoLoader.targetGroupAttribute.0.name = id provisioner.duoLoader.targetGroupAttribute.1.name = name provisioner.duoLoader.targetGroupAttribute.1.translateExpressionType = grouperProvisioningGroupField provisioner.duoLoader.targetGroupAttribute.1.translateFromGrouperProvisioningGroupField = displayExtension provisioner.duoLoader.targetGroupAttribute.2.name = description provisioner.duoLoader.targetGroupAttribute.2.translateExpressionType = grouperProvisioningGroupField provisioner.duoLoader.targetGroupAttribute.2.translateFromGrouperProvisioningGroupField = description
Assign provisionable
