COmanage Registry Enrollment is controlled by two configurations:
- CMP Enrollment Configuration manages platform-wide (ie: across all COs managed by a given COmanage Registry installation) enrollment configuration, generally related to the process of making Organizational Identities, which must be consistent across the platform (it would be remarkably confusing to have per-CO configurations for organizational identity), known to the COmanage Registry. Only the CMP Administrators can adjust the CMP Enrollment Configuration.
- CO Enrollment Flows manage CO-level enrollment configuration, and are constrained by the CMP Enrollment Configuration. A CO can have more than one Enrollment Flow active at any given time.
See also the Registry Data Model overview.
The Enrollment process is initiated by creating a Petition attached to an Enrollment Flow.
The Registry Enrollment is configurable, as described in this diagram and configured via cm_cmp_enrollment_flows and cm_co_enrollment_flows:
- Both LDAP and SAML may be in use simultaneously since different organizational sources may support different methodologies.
- Any attribute configured to be provided via LDAP or SAML becomes organizational-authoritative and cannot be changed by the enrollee. (This is currently true across all organizations, but this restriction may be removed in a future release.)
