...
This last item is important to understand, especially in a multi-tenant environment. When a person authenticates to COmanage Registry, it is expected that they are using an external or federated identity mechanism. The identifier returned by the authentication system is lookup looked up in the identifiers table. If a corresponding identifier is found that is enabled for login, then that identifier is permitted to log in to the platform. The identifier is then checked for one or matching Organizational Identities, which in turn can be used to identify corresponding CO People.
...