Clusters are used to represent a CO Person's accounts within a given application or service. The typical use case is managing accounts on (eg) one or more Unix servers, but there is no specific requirement for this type of service. Clusters could just as easily represent accounts in a wiki service, if there were a need for more sophisticated provisioning beyond simple user attributes (identifier, name, groups, etc).

On this page


Clusters are available as of Registry v3.3.0.

1. Terminology

  • Cluster Plugin: A COmanage Plugin that implements the interfaces to a specific cluster type (such as Unix accounts).
  • Cluster: An instantiation of a given Cluster Plugin.
  • Cluster Account: A Plugin-managed set of attributes that represent a specific account attached to a CO Person. A Cluster Account is associated with a specific Cluster.

2. How Clusters Work

Because Clusters are collaboration managed, they are attached to the CO Person. In general, the Cluster information managed in Registry is descriptive, Registry itself is not the Cluster. Rather, the Cluster information is passed to the provisioning infrastructure, so that Provisioning Plugins may use the Cluster information to populate downstream services.

A CO Person can have more than one Cluster Account associated with a given Cluster. Cluster Accounts can be created manually (CO Person > Clusters), via the REST API, or via Enrollment Flows.

3. Generating Cluster Accounts

In general, there are several supported mechanisms for creating Cluster Accounts. However, specific plugins may impose constraints or not support a given mechanism.

  • Manual: Account creation is exactly as it sounds: no rules are applied (except, where relevant, availability checks), and the administrator may create the Account using whatever parameters are desired.
  • Automatic: Account creation involves the application of a Cluster-specific configuration to the generation of Accounts. For example, the username for the Account might be tied to a specific Identifier type on the CO Person record. Rules are plugin specific. Once an Account is created, all further changes must be performed manually (unless otherwise supported by the plugin). Any additional Accounts on the same Cluster for the same CO Person must also be created manually.

3.1. Manually

From the canvas page for the CO Person to create the Account for, select Clusters from the right hand menu. Then, click Manage for the appropriate Cluster, and finally (+) Add X Cluster Account.

3.2. Automatically, On-Demand

From the canvas page for the CO Person to create the Account for, select Clusters from the right hand menu, then click (+) Autogenerate Cluster Accounts. Note this will autogenerate Accounts on all available Clusters for the CO Person.

3.3. Automatically, During Enrollment

Edit the configuration for the desired Enrollment Flow. See Establishing Cluster Accounts for more information.

4. Extending With Plugins

The type and nature of clusters used with the Registry can be extended through Plugins

4.1. Authenticator Plugin Library

There are several plugins that are already available for your use:

4.2. Creating your own plugins

You can build your own authenticator plugin to extend Registry functionality. Please see the following documentation to get started:

5. See Also

5.1. Clusters data model

The following database tables are associated with clusters:


  • No labels