COmanage Registry is capable of automatically assigning identifiers for members of COs. Identifiers may be assigned on demand, or as part of an Enrollment Flow. If you only want to assign identifiers manually (ie: without the help of auto assignment), this page does not apply to you.
Identifiers can be automatically assigned to CO Person records, not to Organizational Identity records. If you don't know what this means, review Understanding Registry People Types.
Identifier Assignments generally assume a roman character set (ie: ASCII-7, not UTF-8).
Defining Identifier Assignments
COmanage Registry defines the following algorithms for assigning identifiers:
Algorithm |
Description |
Examples |
|---|---|---|
Name |
Identifiers assigned based on elements of a person's name, including initials. Collision numbers are used when names are not unique. |
|
Random |
Identifiers are assigned based on random numbers, with optional additional characters. |
|
Sequential |
Identifiers are assigned based on sequential numbers, with optional additional characters. |
|
To define an identifier assignment, select Identifier Assignments from your CO's menu. Any already defined assignments will be listed. Click Add Identifier Assignment to create a new one.
Fill in the form, paying careful attention to the following fields:
- Name: This name must match the type you wish to be populated in cm_identifiers:type. For example, if you wish to assign ePPNs, set the name to
eppn. - Login: In general, CO Person identifiers are not used to log in to COmanage services (Organizational Identities are), so this should generally be left unchecked.
- Algorithm: As described above.
- Format: See Specifying Identifier Formats, below.
- Minimum: For Random identifiers, the minimum value that may be assigned. For Sequential identifiers, the first value to be assigned.
- Maximum: For Random identifiers, the maximum value that may be assigned.
Specifying Identifier Formats
Identifier formats are based on the concept of parameter substitution. A parameter is specified within parentheses, anything outside the parentheses are used unmodified (except for sequenced segments, described below).
Identifier formats can be a bit tricky, so let's start with the easier ones. The parameter (#) means "replace with a collision number". A collision number is the next number that will generate a unique identifier. For Sequential identifiers, it is the next unassigned integer beginning with the minimum value you configured. For Random identifiers, the collision number is selected randomly.
Random and Sequential identifiers are assigned the same way. If no format is specified, they will simply be assigned as an integer, eg 109 or 523788. If a format is specified like C(#), then the character C will be prefixed to the collision number, eg C109 or C523788.
The collision number can be made fixed width by specifying the number of characters n in the parameter as (#:n). For example, the format C(#:8) will generate C00000109 or C00523788.
That's all there is to Random and Sequential identifier assignment. Name-based identifier assignment is more complicated. First, several new parameters can be used to select the component of a name (as defined in cm_names) to be used:
(G): Given Name(M): Middle Name(F): Family Name
So (G).(F)@myvo.org might generate albert.einstein@myvo.org. To use initials instead of a full name, simply limit the length of the name to 1 character. (G:1).(F)@myvo.org would generate a.einstein@myvo.org instead.
Note that while a length specifier for (#) specifies a fixed width padded with zeros, when used with name-based parameters such as (G), the length specifier indicates a maximum width.
These formats can't guarantee a unique identifier if your organization is non-trivial in size, so a collision number can be added. (G).(F)(#)@myvo.org would generate albert.einstein1@myvo.org.
The problem here is you might not want to append a number for the first albert.einstein, only for the second. Or you might want to try a middle name first. The solution is to add a sequenced segment. A sequenced segment is denoted in brackets as a number followed by a colon, and includes the text (including parameters) to be used when that sequenced segment is in effect. When assigning identifiers, all sequenced segments will initially be ignored. Then, starting with 1 and incrementing by 1 each time, sequenced segments will be added in until a unique identifier is generated.
For example, consider the format (G)[1:.(M:1)].(F)[2:.(#)]@myvo.org. This somewhat confusing string will first generate werner.heisenberg@myvo.org. If that isn't unique, it will then generate werner.k.heisenberg@myvo.org. Finally, it will generate werner.k.heisenberg.2@myvo.org. (Name based collision numbers always start at 2 when used with sequenced segments.)
The good news is you may not need to know any of this. Various common default formats are available via a drop down menu when defining Name based identifier assignments. You may be able to just use one of those.
Assigning Identifiers on Demand
Identifiers can be assigned on demand by viewing the identifiers associated with a CO Person. An Assign Identifiers button will be available.
Assigning Identifiers via Enrollment Flows
xxx configure the enrollment flow
Constraints
- Identifiers of a given type must be unique within a CO.
- If a CO Person already has an identifier of a given type, no additional identifier will be created.
Identifier Reassignment
Random and Name Based identifiers can be reassigned if the original identifier was deleted rather than marked status inactive. (Random identifiers are less likely to be reused than Name Based identifiers since their assignment is by definition random.) If you do not wish identifiers to be reassigned, set the status of identifiers that are no longer needed to inactive; do not delete them.
Sequential identifiers are not and cannot be reassigned under normal conditions.