...
We recommend that each CO configure at least one identifier assignment in order to create a unique identifier for each CoPerson in the CO that can be provisioned to and consumed by federated applications such as wikis, mail list managers, and domain specific applications.
...
Often the unique identifier is provisioned to LDAP using the Registry LDAP Provisioner and then either the application is configured to consume it directly from LDAP or a SAML attribute authority (AA) is configured to resolve it from LDAP and then the SAML service provider (SP) for the application queries the AA to consume the identifier.
...
Mandeep Kamala, a graduate student at Big University, later enrolls in the CO and is automatically assigned the identifier testco1241. Mandeep's eppn is mandeep.kamala@biguniversity.edu and that eppn is recorded during her enrollment to her organizational identity record that is linked to her CoPerson record. The TestCO wiki, however, is configured to consume testco1241 as the primary identifier for Mandeep.
...