CO versus COU versus Group

See the Glossary for a definition of CO, COU, and group in the COmanage context.

When attempting to map from one's organizational structure into the COmanage terminology of CO, COU, and group there is no hard and fast rule but the following statements may help:

A best practice is that one CO == one Identity Provider or (IdP)

An IdP usually asserts identities about a collection of people. If you can envision that a collection of people in your organizational structure would all "fall under" a single IdP then that collection of people probably makes up a single CO.

Conversely if a collection of people in your organization more naturally should be divided among two or more IdPs then most likely the collection should be broken across multiple COs.

COs/COUs and groups distinguished by complexity of onboarding and offboarding.

In general if the workflow to onboard or join (or leave) a collection of people is relatively complex or sophisticated or requires more than a passing thought then the collection of people is best represented by a CO or COU and not a group.

Conversely if the workflow to onboard of join (or leave) a collection of people is simple and straightforward than the collection of people is best represented as a group.

COs and COUs are distinguished by onboarding and offboarding workflows.

Both COs and COUs indicated a more detailed workflow for onboarding. The distinction between a CO and a COU is that the collections of people that do belong in the same CO but that require different workflows for onboarding generally sort into a single CO (see above statement about 1 CO == 1 IdP) but into multiple COUs.