You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Enrollment Sources are Organizational Identity Source plugins attached to Enrollment Flows. How they are used depends on how they are configured when attached.

To manage Enrollment Sources, edit the desired Enrollment Flow and click Attach Org Identity Sources. (If no Organizational Identity Sources are defined, this button will not be available.) Existing configured Organizational Identity Sources will be available to attach to the Enrollment Flow, with the Mode as follows:

  • Authenticate: For Sources that support interactive authentication (such as via an OAuth flow), the Petitioner will be asked to authenticate in order to link the Source identity.
  • Claim: The Petitioner enters an email address (attached to the Org Identity), which must be verified before Enrollment Sources are queried. An Enrollment Source must be matched before enrollment may proceed. Not currently supported (CO-1280).
  • Search: The Petitioner enters an email address (attached to the Org Identity), which must be verified before Enrollment Sources are queried. For any matching Enrollment Sources, an Org Identity will be created and linked to the CO Person record.
  • Search, Required: As for Search, but if any Required Enrollment Source is not match, the enrollment will be automatically denied.
  • Select: The Petitioner will be able to select any of the Organizational Identity Sources attached in Select mode, query it, and select any record that is not already linked to an Org Identity. This option is only honored for Enrollment Flows where Enrollment Authorization requires an Administrator (CO, COU, CO or COU). Note that in general any CO or COU admin can query any Org Identity Source, so this setting should not be used as a "secure" way to prevent (eg) COU admins from seeing select backends.
  • None: The Source is not used. (Useful to temporarily disable a Source.)

Unauthenticated Petitioners may not query Organizational Identity Sources.

Enrollment Sources configured in AuthenticateClaim, or Select mode run as part of the Select Org Identity step. If both Authenticate and Claim Sources are configured, Authenticate Sources will be queried first. Select Sources are mutually exclusive with Authenticate or Claim Sources, the Enrollment Authorization (see above) will decide which Sources are queried if more than one type is attached.

Enrollment Sources configured in either Search mode will be queried as part of the Check Eligibility step.

Except for Select Sources, identities linked via Enrollment Sources will not be recorded as the Enrollee Org Identity in the Petition artifact, though the identities will correctly link to the operational record.

Refreshing After Initial Enrollment

It is possible to configure an Enrollment Flow to query Enrollment Sources after an initial enrollment has taken place. This is useful to (eg) check for subsequent eligibility from an external data source established after initial enrollment. To configure such an Enrollment Flow

  • Set Identity Matching to Self for self-service or Select for administrator driven enrollment.
  • Set Petitioner Enrollment Authorization appropriately, eg CO Person for self-service or CO or COU Admin for administrator driven enrollment.
  • Attach the relevant Enrollment Sources.
  • Do not add any Enrollment Attributes, unless you wish to collect additional attributes (such as a new email address) to the existing record(s).
    • (warning) Merging attributes into an existing record currently requires Email Confirmation Mode to be set, and for Duplicate Enrollment Mode to be set to Merge.

(placeholder for pointer to cron information)

  • No labels