Registry Enrollment Flow Configuration

About Enrollment Flows and Petitions

Every organization has one or more ways of bringing new people into that organization. There are a number of terms used to described this process: application, enrollment, intake, invitation, petition, signup, etc. These processes vary significantly across organizations.

COmanage Registry has a sophisticated, configurable mechanism for representing these processes, and translating them into ways to bring people into a CO's registry. (You can see a representation of the model here.) COmanage Registry refers to these processes as Enrollment Flows, and the execution of these processes as Petitions.

Each CO can define as many Enrollment Flows as it needs to reflect it's specific processes, subject to the COmanage platform configuration. (A CO can also use the very basic default mechanism.) When a new person is to be enrolled, the new person (if self-signup is enabled) or an appropriate administrator creates a Petition to begin the process.

Default Enrollment (Invitation)

By default, COmanage Registry operates using an invitation-based enrollment flow. As a CO Admin, you can tell this is in effect by viewing "My Population" for your CO. There will be a button labeled " Invite" at the top of the page.

Defining Enrollment Flows

To customize enrollment, select "CO Enrollment Flows" from your CO's menu. You can define more than one flow, to allow for different enrollment processes.

After you define the basic settings of enrollment (see also the table below), define the attributes that will be collected as part of this flow.

XXX Likely need to define:

• COU, if COUs are enabled
• Org Identity ("Official") Name
• CO Person ("Preferred") Name
• Org Identity Email Address
• See also the note below about automatically populating ePPN (no need to explicitly define an attribute for this)
• See also Configuring Registry Identifier Assignment (no need to explicitly define an attribute for this)

XXX Pre-packaged enrollment flows. (CO-323)

Once an Enrollment Flow is defined, the button at the top of the "My Population" page will become " Enroll" instead. Clicking that button will present a menu of available Enrollment Flows to execute.

Default Values For Attributes

Certain attributes configured as part of an Enrollment Flow can be assigned default values. (When editing an enrollment attribute, the form will automatically show default value fields when appropriate.) When a Petition is created from the Enrollment Flow, the default values are pre-populated into the form. Default values can also be flagged as not modifiable, in which case the value loaded into the Petition cannot be changed by the Petitioner.

Currently, the following types of attributes may have default values assigned:

• Single valued Organizational Identity attributes (basically, those defined in cm_org_identities)
• Single valued CO Person Role attributes (basically, those defined in cm_co_person_roles)
• Extended Attributes

Attributes that represent dates can be receive default values based on

• A fixed date (eg: June 30, 2013)
• The next occurrence of a date (eg: next June 30)
• A specific number of days from the creation of the petition (eg: in 90 days)

In addition, if the Enrollment Flow is configured for Self matching (described below), the Petitioner's name will be pre-populated into the Organizational Identity name fields.

Creating Organizational Identities As Part of An Enrollment Flow

For COs that will not collect Organizational Identities from authoritative sources (ie: via LDAP or SAML), Enrollment Flows must be configured to collect this data. In order to allow this, the platform must be configured to enable this, via these instructions.

Once enabled, CO administrators will be able to add Enrollment Attributes to a CO Enrollment Flow with the type "Organizational Identity".

(See also the platform configuration Pooling Organizational Identities.)

Enrollment Authorization

Various authorization levels can be selected to determine who may initiate a given Enrollment Flow.

• CO Admin: Only a CO Admin for the CO. CO Admins can always initiate any Enrollment Flow within the CO.
• CO Group Member: Any member of the specified CO Group.
• CO or COU Admin: Any CO or COU Admin in the CO.
• CO Person: Any person who is a member of the CO.
• COU Admin: Any COU Admin for the specified COU.
• COU Person: Any person who is a member of the specified COU.
• None: No authorization required. Useful for self-signup patterns.

Identity Matching

COmanage Registry can perform identity matching when enrollment is performed. This is the process of checking for existing CO People that might match the person being enrolled. The following matching policies are available:

• None: No matching is performed.
• Advisory: Potential matches are identified, but Registry does not take any action.
• Automatic: If highly likely matches are found, Registry automatically links the Enrollee to the existing CO Person. If probable matches are found, the Petitioner is given an opportunity to select one. This option is not currently implemented. (CO-298)
• Self: The new enrollment is automatically linked to the Petitioner.

Email Verification and Authentication

Email Verification will result in an email being sent to the email address enrolled. A URL is included in the email, and the enrollee must click on the URL to verify the email address.

Authentication requires the enrollee to authenticate as part of the enrollment process. The authentication is linked to the identity via an email invitation, and so authentication currently requires email verification. This may change in a future release.

If authentication is enabled, the authenticated identifier will automatically be added to the Enrollee's Organizational Identity (currently forced to type ePPN, CO-460) and flagged for login, if the identifier is not already part of the record.

Common Enrollment Patterns