...
Creating Organizational Identities As Part of An Enrollment Flow
| Note |
|---|
Beginning with Registry v6.0.0, it will no longer be possible to manually create Org Identity attributes via an Enrollment Flow. Org Identities can be created from Organizational Identity Sources (and Enrollment Sources). Prior to this change, it is recommended that new Enrollment Flows not use Org Identity attributes. See also: Consuming External Attributes via Web Server Environment Variables. |
For COs that will not collect Organizational Identities from authoritative sources (ie: via LDAP or SAML), Enrollment Flows must be configured to collect this data. In order to allow this, the platform must be configured to enable this, via these instructions. 
Most deployments will likely need to enable this setting. As of v0.9.3, this setting is enabled by default.
...
If authentication is enabled, the authenticated identifier will automatically be added to the Enrollee's Organizational Identity (currently forced to type ePPN, CO-460) and flagged for login, if the identifier is not already part of the record. This feature is deprecated, and will be removed in Registry v5.0.0.
The Authentication setting is deprecated. The use of EnvSource or a similar mechanism is instead recommended to collect the enrollee's authenticated identifier.
...
Enrollment Flows can trigger various Notifications at key stages, including confirmation, approval, and finalization. While these messages could originally be defined in each flow, the preferred approach is to instead defined Message Template, and then reference that template from the Enrollment Flow configuration. The ability to define messages directly in the flow configuration will be removed in Registry v4v5.0.0 (CO-1213).
Terms and Conditions
...