Org Identity Reconciliation

]]>
Registry Enrollment - Attribute Collection

]]>
Self Enrollment

]]>
Administrator Enrollment

]]>
Enrollee

]]>
CMP

self_enroll

true?

]]>
COU Admin

]]>
CO Admin

]]>
CMP Admin

]]>
CMP

admin_enroll

'Y'?

]]>
CMP

admin_enroll

'O' or 'Y'?

]]>
Wait for Email

Notification

]]>
self_

require_authn

true?

]]>
attrs_

from_saml

true?

]]>
Email Self-Asserted?

]]>
admin_

confirm_email

true?

]]>
admin_

require_authn

true?

]]>
Authenticate

Against

Home IdP

]]>
Extract Attributes

From Assertion

(as per cm_cmp_

enrollment_

attributes)

]]>
Query LDAP For Attributes

(as per cm_cmp_

enrollment_

attributes)

]]>
Complete Self Asserted Attrs

(as per cm_co_

enrollment_

attributes)

]]>
Send Email

With

Confirmation

Link

]]>
attrs_

from_ldap

true?

]]>
Prompt for

Search Query

]]>
Complete Attribute Form

(as per cm_co_

enrollment_

attributes)

]]>
Authenticate

Against

Home IdP

]]>
attrs_

from_saml

true?

]]>
Extract Attributes

From Assertion

(as per cm_cmp_

enrollment_

attributes)

]]>
Send Email

With

Confirmation

Link

]]>
attrs_

from_ldap

true?

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
N

]]>
N

]]>
N

]]>
N

]]>
N

]]>
N

]]>
N

]]>
N

]]>
N

]]>
Query LDAP For Attributes

(as per cm_cmp_

enrollment_

attributes)

]]>
CO

self_enroll

true?

]]>
Create New

Petition For

Specified CO,

COU, Enroll Flow

]]>
Reconcile

Against

Existing Org

Identities

]]>
Reconcile

Against

Existing Org

Identities

]]>
Reconciliation

Requested

]]>
Custom

Reconciliation

Configured

?

]]>
ePPN

Known?

]]>
Intervention

Required?

]]>
Create New

Org identity

]]>
Link to Existing

Org Identity

]]>
Existing

Org Identity

Matched?

]]>
Notify CMP

(Reconciliation)

Admins

]]>
Wait For

Manual Reconciliation

]]>
Y

]]>
Y

]]>
Y

]]>
Y

]]>
N

]]>
N

]]>
N

]]>
N

]]>
CO

admin_enroll

'Y'?

]]>
CO

admin_enroll

'O' or 'Y'?

]]>
Member

of Group

CO:admin

?

]]>
Member

of Group

CO:admin:COU

?

]]>
Registry Enrollment - Post Approval

]]>
Create New

Petition For

Specified CO,

COU, Enroll Flow

]]>
early_

provisioning_exec

]]>
Notify

notify_on_

early_

provision

]]>