Panel | |
---|---|
|
About Enrollment Flows and Petitions
Every organization has one or more ways of bringing new people into that organization. There are a number of terms used to described this process: application, enrollment, intake, invitation, petition, signup, etc. These processes vary significantly across organizations.
...
See also: Understanding Registry Enrollment and Linking
Default Enrollment (Invitation)
By default, COmanage Registry operates using an invitation-based enrollment flow. As a CO Admin, you can tell this is in effect by viewing "My Population" for your CO. There will be a button labeled " Invite" at the top of the page.
Defining Enrollment Flows
To customize enrollment, select "CO Enrollment Flows" from your CO's menu. You can define more than one flow, to allow for different enrollment processes.
...
Once an Enrollment Flow is defined, the button at the top of the "My Population" page will become " Enroll" instead. Clicking that button will present a menu of available Enrollment Flows to execute.
Creating Organizational Identities As Part of An Enrollment Flow
For COs that will not collect Organizational Identities from authoritative sources (ie: via LDAP or SAML), Enrollment Flows must be configured to collect this data. In order to allow this, the platform must be configured to enable this, via these instructions. Most deployments will likely need to enable this setting. As of v0.9.3, this setting is enabled by default.
...
(See also the platform configuration Pooling Organizational Identities.)
Enrollment Flow Attributes
An Enrollment Flow is just a process for assembling attributes about a person and storing them in records used for day to day operations. Generally speaking, any attribute that can be managed operationally by COmanage Registry (whether attached to a CO Person, a CO Person Role, or an Organizational Identity) can be collected as part of an Enrollment Flow.
...
When configuring Valid From and Valid Through attributes, keep in mind that the timestamp entered by the Petitioner will be considered to be in the local timezone of the Petitioner, and then converted to UTC to be stored in the database. See Understanding Registry Timezones for more information.
Enrollment Flow Templates
An Enrollment Flow Template is simply an Enrollment Flow that is not Active (and therefore cannot be executed), but can be duplicated to create additional Flows. Any existing Flow may be turned into a Template. (Active Flows may also be duplicated.)
COmanage Registry includes several default Templates. To instantiate these, go to Configuration >> Enrollment Flows and click Add/Restore Default Templates. Note that while the default templates are functional, they are unlikely to be useful for most needs. They are best thought of as starting points, with customization recommended in accordance with the needs of a given deployment.
Petitions and Petition Attributes
The process of executing an Enrollment Flow creates a Petition. The Petition is the record of enrollment – it holds copies of the attributes that were provided at enrollment, even if the values are subsequently changed. History records are also maintained for the Petition, indicating such events as who approved it and when.
...
The section applies to versions prior to Registry v4v5.0.0.
Invitations are the mechanism by which enrollment is transitioned from a Petitioner to an Enrollee, when the two are not the same person. For example: when an administrator starts the enrollment process for a new participant. Invitations are sent via email, and contain a URL which the Enrollee uses to take over the Enrollment Flow. This means the email address used to deliver the invitation can also be considered verified once the invitation is accepted, but otherwise see Email Verification, below, for more information.
...
The section applies to Registry v4v5.0.0 and later.
Enrollment Flows that do not involve Invitations (such as Self Signup flows) can still involve email verification. Furthermore, there may be more than one email address to verify in an Enrollment Flow, so even Invitation based flows may still need a separate email verification step. Unlike Invitations, which use a long, random URL, Email Verification uses a short code. The Enrollment Flow is not interrupted since the Enrollee simply types the code into the appropriate form during enrollment.
...
This section applies to versions prior to Registry v4v5.0.0.
Email Verification (Confirmation) will result in an email being sent to the email address enrolled. A URL is included in the email, and the enrollee must click on the URL to verify the email address. Prior to v3.2.0, an Org Identity email address must be collected as part of the Enrollment Flow, however as of Registry v3.2.0 the following algorithm is used:
...
When a Petition is approved/completed and the associated CO Person Role becomes active, the overall status for the associated CO Person will be recalculated.
Enrollment Flow Plugins
Enrollment Flows can be further customized by the use of Enrollment Flow Plugins. As of Registry v4.0.0, Enrollment Flow Plugins must be instantiated, meaning they must be attached to a specific Enrollment Flow to be used. An Enrollment Flow Plugin attached to an Enrollment Flow is called an Enrollment Flow Wedge. Enrollment Flow Wedges are managed using the Attach Enrollment Flow Wedges link on the Enrollment Flow configuration page.
Enrollment Flow Wedges may be ordered. If more than one Wedge will run at a given Enrollment Flow execution point, the ordering will be used to determine which plugin is run first.
Common Enrollment Patterns
Pattern | Conscription | Invitation | Self-Signup | Application | Account Linking |
---|---|---|---|---|---|
Description | Petitioner adds enrollee, possibly with CO admin approval but without enrollee confirmation. | Petitioner adds enrollee, possibly with CO admin approval. Enrollee confirms before becoming active. | Enrollee is also petitioner. No approval processes needed for enrollee to become active. | Enrollee is also petitioner. Approval processes required before enrollee is active. | Enrollee is also petitioner. Enrollee already exists in the CO, and wishes to add an additional organizational identity. |
Enrollment Authorization | Any other than None | Any other than None | None | None | CO Person or COU Person |
Identity Matching | Any other than Self | Any other than Self | Automatic or None | Automatic or None | Self |
Require Approval for Enrollment | Optional | Optional | Optional | Yes | No |
Require Confirmation of Email | Optional | Yes | Recommended | Recommended | Yes |
Require Authentication | Optional | Optional | Optional | Optional | Yes |
Additional Notes | CMP Enrollment Configuration must allow Attributes via CO Enrollment Flow. |
...