Versions Compared

Old Version 11

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version Current

changes.mady.by.user Benn Oshrin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

Table of Contents

Enrollment Source Modes

Enrollment Sources are Organizational Identity Source plugins attached to Enrollment Flows. How they are used depends on how they are configured when attached.

...

  • Authenticate: For Sources that support interactive authentication (such as via an OAuth flow), the Petitioner will be asked to authenticate at the start of the enrollment in order to link the Source identity.
  • Claim: The Petitioner enters an email address (attached to the Org Identity), which must be verified before Enrollment Sources are queried. An Enrollment Source must be matched before enrollment may proceed. Not currently supported (CO-1280).
  • Identify: Like Authenticate, but after email confirmation, and is thus suitable for invitation style enrollments.
  • Search: The Petitioner enters an email address (attached to the Org Identity), which must be verified before Enrollment Sources are queried. For any matching Enrollment Sources, an Org Identity will be created and linked to the CO Person record.
  • Search, Required: As for Search, but if any Required Enrollment Source is not match, the enrollment will be automatically denied.
  • Select: The Petitioner will be able to select any of the Organizational Identity Sources attached in Select mode, query it, and select any record that is not already linked to an Org Identity. This option is only honored for Enrollment Flows where Enrollment Authorization requires an Administrator (CO, COU, CO or COU). Note that in general any CO or COU admin can query any Org Identity Source, so this setting should not be used as a "secure" way to prevent (eg) COU admins from seeing select backends.
  • None: The Source is not used. (Useful to temporarily disable a Source.)

...

Except for Select Sources, identities linked via Enrollment Sources will not be recorded as the Enrollee Org Identity in the Petition artifact, though the identities will correctly link to the operational record.

Name Verification

As of Registry v3.2.0, Enrollment Sources configured in Search or Search, Required modes can be configured to confirm that the family name received from the Enrollment Source matches the family name of the CO Person in the Petition, via the Verify Family Name setting. Name checks are case insensitive. Any CO Person family name matching any Enrollment Source family name is considered success.

Considerations When Sources Are Connected to Pipelines

...

Otherwise, after the Pipeline runs (but before any additional attributes are collected), if the Pipeline created a CO Person that person will be attached to the Petition. In such a configuration, the Enrollment Flow should not collect any Organizational Identity or CO Person attributes, otherwise disconnected identities may be created. (In particular, do not request an Official CO Person Name, as the record will end up with two Primary Names.)

Refreshing After Initial Enrollment

...

(info) As of Registry v3.1.0, a simpler user-driven option to update refresh attributes is available via Sync on Login.