One of COmanage Registry's superpowers is in being able to manage workflows related to your registered people. A key one of these workflows are enrollment workflows or the creation of registered people within COmanage.

On this Page

1. About Enrollment Workflows

One thing all organizations and collaborations have in common is that they need people to participate! Different collaborations may bring in new participants with varying degrees of formality. For collaborations where anyone can participate, a simple self-enrollment process may be all that is required. For situations that are more contractually based, or that need to restrict access to materials in some way, an invitation process may be more appropriate. In all cases, you can configure COmanage to use an enrollment process suited to your collaboration’s needs.

Enrollment refers to the process of bringing new CO Person records into COmanage. There are multiple ways to do this, but in the end, the result is the same: a new set of attributes about the person is recorded in COmanage. Enrollments are automated via Enrollment Workflows that have a standard set of steps that can be customized.

1.1. What can one do with enrollment workflows?

Enrollment workflows enable you to automate things like:

  • register individuals in COmanage Registry so that they can be connected to your organization’s digital tools and resources
  • perform identity matching to identify if there is an existing record for the individual to use the existing record instead of creating a new one
  • detect and potentially resolve duplicate enrollments for a person
  • add individuals to subdivisions of your population through COUs and CO Groups
  • trigger approval steps as needed
  • link to information from external sources, and use this information (attributes) to pre-populate information about the individual
  • associate internal and external identifiers with the enrolled person
  • have the individual authenticate to gain access to privileges and verify email addresses
  • accept terms and conditions for using the platform
  • provision access to tools, systems, and resources
  • send communications to the individual and others about the enrollment

These Enrollment Workflows can be initiated by an administrator, a non-admin designated person, or even the individuals themselves. There is no limit to the number of enrollment flows you can have, as long you have at least one.

2. Enrollment-specific terminology

There are a few terms that we’ll be using that have specific meanings:

  • Enrollment - the process of bringing new CO Person records into COmanage.
  • Petition - the record of enrollment – it holds copies of the attributes that were provided at enrollment, even if the values are subsequently changed. History records are also maintained for the Petition, indicating such events as who approved it and when.
  • Identity Matching - During enrollment, it is possible that the person being enrolled is already in COmanage. Identity Matching is a process for identifying and linking the objects representing the person to avoid duplication and/or errors.
  • Email Confirmation - As part of the Enrollment Workflow the person being enrolled may need to confirm their email address by interacting with an email sent to that address.
  • Account Linking - refers to the management of links between existing Org Identities and CO Person records. Linking can happen automatically as part of an enrollment process. However, a CO Administrator can also manually adjust these links, usually to resolve enrollment issues.

3. The Enrollment Workflow Cast

There are three key actors that are involved in an enrollment flow:

  • The Petitioner - The Petitioner executes the Enrollment Workflow, creating a Petition. The Petitioner could be a CO Administrator or COU Administrator, an existing CO Person associated with the CO, or a non-member with no existing affiliation to the CO.
  • The Enrollee - The Enrollee is the subject of the Petition and will be enrolled as a result of a successful Enrollment Workflow. Currently, an Enrollee only interacts with an Enrollment Workflow if the Flow requires the Enrollee to confirm their email address.
  • The Approver - The Approver is one or more people who optionally reviews and approves (or denies) the Petition. If an Enrollment Workflow requires approval, the set of Approvers is determined by the group of people configured in the Flow.

4. Common Enrollment Patterns

While there is tremendous flexibility when establishing enrollment workflows, there are several common enrollment patterns that are set up as templates within COmanage Registry

  • Invitation - In this default flow, an administrator explicitly invites individuals into the collaboration. Once the individual joins and accepts the invitation by confirming their email address, they are pre-approved for their interactions because they are set up ahead of time.
  • Conscription with Approval - This flow is similar to an Invitation one, though does not require an individual to confirm their email address.
  • Self-signup with Approval - In this flow, individuals can sign up on their own. A self-registration enrollment flow is designed to require as little intervention from an administrator as possible. After this type of Enrollment Workflow is created, a common URL is available that can be posted to a website, emailed to a mailing list, or otherwise made broadly available so that anyone can request to join.
  • Enrollment through Account Linking - An Account Linking Enrollment Workflow is used by an end-user who is already enrolled as a part of Collaboration. This person wants to link an additional External Identity to their record.

5. Managing Duplicates

Duplicate Enrollments can happen in a number of ways, and there is no single technique to prevent them from happening. There are, however, a few options to reduce the likelihood of duplicate enrollment happening. COmanage Registry provides simple matching as part of its core functionally, and it can be seamlessly paired with COmanage Match to provide sophisticated matching.


6. Enrollment Configuration Basics

Enrollment flows can seem very complicated because they are extremely flexible. Below are some of the key decisions that you will be making when configuring your enrollment workflows.

6.1. Enrollment Authorization

Who is the Petitioner? - who will be initiating the workflow?

  • An Administrator
  • A user - someone enrolled in the Collaboration represented in Registry
  • None - Not initiated by a person within the Collaboration

6.2. Petition Configuration

What information do you need to collect when initiating an enrollment?

  • What fields do you want supplied by the petitioner?
  • Do you want any of the information to be pre-filled on the form?
  • What instructions or guidance do you want to provide on the form?
  • Where should the Petitioner be directed once the form is filled out?
  • Should the Enrollee have an opportunity to review or contribute to information on the form?

6.3. Identity Matching

How will this enrollment be matched against others in the population?

  • Self - Enrollment is for the Petitioner (self-enrollment)
  • Select - Selected by the Petitioner (should only be used if the petitioner is an admin)
  • Advisory - If there is a potential match (by name), the petitioner is advised to select a match (should only be used if the petitioner is an admin)
  • None - no matching performed
  • External - Matched using an algorithm (like COmanage Match)

6.4. Enrollment Approval Requirement

Is approval required for enrollment?

If approval is required, what group contains the list of approvers? (Also, should there be notification to the enrollee when approved/denied?)

6.5. Confirmation Requirement

Does the enrollee need to verify/accept their inclusion in the population?

And, if so, can the enrollee just click on a link, or is there information that needs to be entered/verified in the process?

6.6. Messages

What messages or notifications are needed?

For example, on forms that are presented to those involved in the Enrollment, in email notifications to any of the parties involved in different steps of the process, etc.

7. Plugins in Enrollments

COmanage Registry supports several types of Plugins in order to easily customize and extend Registry functionality. In addition, you can write your own plugins to customize Registry to work in the ways and with the systems that you need. Since Enrollment Flows can interact with much of Registry's functionality, many plugins can affect the behavior of these Flows. Though, there are a set of plugins that affect the Flow itself:

7.1.1. Enrollment Flow Plugins

  • Page:
    DuplicateCheckEnroller Plugin — The Duplicate Check Enroller Plugin checks whether the enrollee has been registered in the past thus preventing Enrolling again and creating duplicates. The check takes place after the start step of the Enrollment Flow. This means that the Enrollment flow should have an Introduction text configured.
  • Page:
    IdentifierEnroller Plugin — The Identifier Enroller Plugin allows the enrollee to select one or more identifiers as part of the enrollment process. This happens after email confirmation (and so after the initial petitioner attributes are collected).
  • Page:
    MeemEnroller Plugin — MEEM is the MFA Enrollment and Exemption Manager. It is intended to coordinate enrollment in Multi-Factor Authentication. MEEM does not work with any specific technology, but is intended to work with Enrollment Flows and, indirectly, Authenticators.
  • Page:
    NationalityEnroller Plugin — The NationalityEnroller allows a Petitioner to self assert their national affiliation(s), which are then stored as Identity Documents, with a Document Type of Self Assertion. This plugin supports Attribute Enumerations for the attribute Identity Document (Issuing Authority, Self Assertion).
  • Page:
    ServiceEligibilityEnroller Plugin — The Service Eligibility Enroller Plugin allows for Registry Services to be selected for a CO Person Role. Despite its name, the Service Eligibility Enroller can be used without Enrollment Flows.

8. Where to go for more information

The following resources from the COmanage Registry Technical Manual provide important details about the operation of Enrollment Flows:

8.1.1. Technical Manual: Enrollment Flow

  • No labels