CMP Enrollment refers to the process of making Organizational Identities known to the COmanage Registry. (See also the Registry Data Model overview.)
Currently, the COmanage Registry only supports one CMP Enrollment flow per-platform. This is because Organizational Identities are shared across COs within the platform, and it would be remarkably confusing to have per-CO flows for organizational identity. This is, however, subject to change in a future release.
The CMP Enrollment Flow is configurable, as described in this diagram and configured via cm_cmp_enrollment_flows:
- Both LDAP and SAML may be in use simultaneously since different organizational sources may support different methodologies.
- Any attribute configured to be provided via LDAP or SAML becomes organizational-authoritative and cannot be changed by the enrollee. (This is currently true across all organizations, but this restriction may be removed in a future release.)
