Date: Fri, 29 Mar 2024 00:49:05 +0000 (UTC)
Message-ID: <390401305.7301.1711673345558@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7300_778745631.1711673345557"
------=_Part_7300_778745631.1711673345557
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
- Configure CO Enrollment Flow
- Existing person re-enrolls
- Confirm email address
- Authenticate with second ID
- Login to application
Background
This script utilizes two roles intended to demonstrate account linking u=
sing COmanage Registry:
- U1: An existing member of the Demo CO, with an existin=
g login (U1 login-1) and a new login (U1 login-2=
strong>) to be added.
- P1: The Demo CO Admin
The login identity or EPPN (such as foo@idp.protectnetwork.org =
or bar@internet2.edu) associated with each role will be referred t=
o as a "login" for short, eg: U1 login.
The "Demo IDMS" refers to the COmanage Registry demonstration installati=
on available at https://demo.co.internet2.edu/registry.
The "Demo Wiki" refers to the Dokuwiki demonstration installation availa=
ble at https://demo.co.internet2.edu/dokuwiki.
Presenter Req=
uirements
The following must be done for each presenter once (not once per present=
ation):
- Each presenter who will perform P1 must have the organ=
izational identity for the P1 login they will use for the =
demo added to or used to login to the Demo IDMS.=20
- "Organizational Identities" -> "Add a New Organizational Person"
- Be sure to add an email address (so the identity can be invited to =
MyCO).
- Be sure to add the EPPN as an identifier and check the "login" box so i=
t can be used to login to the Demo IDMS.
- Each P1 login organizational identity must be invited =
to Demo.
- Each P1 login MyCO identity must be added to the group=
Demo:admin.
Pre-Demo Checklis=
t
- Remove the organizational identity U1 login-2&nbs=
p;from Demo.
- Remove the Link My Account enrollment flows from previous=
demos.
- Confirm U1 login-1 exists and is valid.
Browser Setup
It may facilitate the demo to use two different browsers. U1 should use the presenter workstation's default browser, so click=
ing on the email link will work "intuitively". U1 sho=
uld also be logged into webmail to simplify receiving the confirmation link=
.
Introduction (5 =
min)
- roll call
- validation of sound quality
- review of purpose of the demo
- pause for questions at end of every section
Domain and=
Language (10 min)
- Explain what we mean by account linking
COmana=
ge Technical demo (25 min)
- P1 logs into Registry
- P1 retrieves U1's CO and Org Ide=
ntities, showing existing login identifier
- P1 creates a new Enrollment Flow=20
- Name: Link My Account
- Enrollment Authz: CO Person
- Identity Matching: Self
- Require Approval: No
- Require Confirmation: Yes
- Require Authentication: Yes
- Define attributes=20
- Name, Official, Org Identity
- Email, Home, Org Identity
- Organization, Org Identity (with comment to type in name of identity pr=
ovider)
- U1 login-1 logs into Registry
- U1 login-1 executes new Enrollment Flow ("CO Enro=
llment Flows" > "Link My Account")
- U1 checks email for link and clicks on it
- U1 login-2 accepts invitation and authenticates t=
o Registry
- P1 retrieves U1's CO and Or=
g Identities, showing new login identifier
- U1 attempts to login to some application? XXX<=
/strong>
Other
Optional items if applicable to audience
- Discuss how to use linked identities
Closing (10 min)
- final questions
- review utility of the demo - was this useful?
- set up another call in 1-2 weeks to answer any questions that might hav=
e come up
Post-Demo Checkl=
ist
- If P1 login ordinarily has CMP Admin privileges (ie: i=
s a member of COmanage:admin), but they were removed in the Pre-De=
mo Checklist, add a COmanage:admin group membership.
- Perform the cleanups described in the Pre-Demo Checklist so they don't =
have to be done next time
------=_Part_7300_778745631.1711673345557--