Registry Enrollment Flow Configuration

About Enrollment Flows and Petitions

Every organization has one or more ways of bringing new people into that organization. There are a number of terms used to described this process: application, enrollment, intake, invitation, petition, signup, etc. These processes vary significantly across organizations.

COmanage Registry has a sophisticated, configurable mechanism for representing these processes, and translating them into ways to bring people into a CO's registry. (You can see a representation of the model here.) COmanage Registry refers to these processes as Enrollment Flows, and the execution of these processes as Petitions.

Each CO can define as many Enrollment Flows as it needs to reflect it's specific processes, subject to the COmanage platform configuration. (A CO can also use the very basic default mechanism.) When a new person is to be enrolled, the new person (if self-signup is enabled) or an appropriate administrator creates a Petition to begin the process.

Default Enrollment (Invitation)

By default, COmanage Registry operates using an invitation-based enrollment flow. As a CO Admin, you can tell this is in effect by viewing "My Population" for your CO. There will be a button labeled " Invite" at the top of the page.

Defining Enrollment Flows

To customize enrollment, select "CO Enrollment Flows" from your CO's menu. You can define more than one flow, to allow for different enrollment processes.

After you define the basic settings of enrollment (see also the table below), define the attributes that will be collected as part of this flow.

The following fields must be defined:

• COU, if COUs are enabled
• Org Identity ("Official") Name
• Org Identity Email Address
• CO Person ("Preferred") Name
• CO Person Role Affiliation
• See also the note below about automatically populating ePPN (no need to explicitly define an attribute for this)
• See also Configuring Registry Identifier Assignment (no need to explicitly define an attribute for this)
• See also Registry Platform Configuration

XXX Pre-packaged enrollment flows. (CO-323)

Once an Enrollment Flow is defined, the button at the top of the "My Population" page will become " Enroll" instead. Clicking that button will present a menu of available Enrollment Flows to execute.

Default Values For Attributes

Certain attributes configured as part of an Enrollment Flow can be assigned default values. (When editing an enrollment attribute, the form will automatically show default value fields when appropriate.) When a Petition is created from the Enrollment Flow, the default values are pre-populated into the form. Default values can also be flagged as not modifiable, in which case the value loaded into the Petition cannot be changed by the Petitioner.

Currently, the following types of attributes may have default values assigned:

• Single valued Organizational Identity attributes (basically, those defined in cm_org_identities)
• Single valued CO Person Role attributes (basically, those defined in cm_co_person_roles)
• Extended Attributes
• CO Group Memberships
  • An Enrollee can only be added to a CO Group as a member, not an owner
  • By setting the default value to be not modifiable, the associated CO Group is fixed; otherwise a Petitioner can add the Enrollee to any available CO Group

Attributes that represent dates can be receive default values based on

• A fixed date (eg: June 30, 2013)
• The next occurrence of a date (eg: next June 30)
• A specific number of days from the creation of the petition (eg: in 90 days)

In addition, if the Enrollment Flow is configured for Self matching (described below), the Petitioner's name will be pre-populated into the Organizational Identity name fields.

Creating Organizational Identities As Part of An Enrollment Flow

For COs that will not collect Organizational Identities from authoritative sources (ie: via LDAP or SAML), Enrollment Flows must be configured to collect this data. In order to allow this, the platform must be configured to enable this, via these instructions.

Once enabled, CO administrators will be able to add Enrollment Attributes to a CO Enrollment Flow with the type "Organizational Identity".

To facilitate data entry, certain Enrollment Attributes can be configured once in an Enrollment Flow, but populate both the Organizational Identity and the CO Person record. When such an attribute is selected, the option "Copy this attribute to the CO Person record" will become available (as part of editing the Enrollment Attribute).

(See also the platform configuration Pooling Organizational Identities.)

Enrollment Authorization

Various authorization levels can be selected to determine who may initiate a given Enrollment Flow.

• CO Admin: Only a CO Admin for the CO. CO Admins can always initiate any Enrollment Flow within the CO.
• CO Group Member: Any member of the specified CO Group.
• CO or COU Admin: Any CO or COU Admin in the CO.
• CO Person: Any person who is a member of the CO.
• COU Admin: Any COU Admin for the specified COU.
• COU Person: Any person who is a member of the specified COU.
• None: No authorization required. Useful for self-signup patterns.

Identity Matching

COmanage Registry can perform identity matching when enrollment is performed. This is the process of checking for existing CO People that might match the person being enrolled. The following matching policies are available:

• None: No matching is performed.
• Advisory: Potential matches are identified, but Registry does not take any action.
• Automatic: If highly likely matches are found, Registry automatically links the Enrollee to the existing CO Person. If probable matches are found, the Petitioner is given an opportunity to select one. This option is not currently implemented. (CO-298)
• Self: The new enrollment is automatically linked to the Petitioner.

Email Verification and Authentication

Email Verification will result in an email being sent to the email address enrolled. A URL is included in the email, and the enrollee must click on the URL to verify the email address.

Authentication requires the enrollee to authenticate as part of the enrollment process. The authentication is linked to the identity via an email invitation, and so authentication currently requires email verification. This may change in a future release.

If authentication is enabled, the authenticated identifier will automatically be added to the Enrollee's Organizational Identity (currently forced to type ePPN, CO-460) and flagged for login, if the identifier is not already part of the record.

Terms and Conditions

COmanage Registry can require agreement to Terms and Conditions as part of an Enrollment Flow. Authentication must be required.

Redirect Targets

At certain points in an Enrollment Flow, it is possible to define Target URLs where the petitioner or enrollee is sent.

• After a Petition is submitted, if the Petitioner is not already a member of the CO (eg: self signup), then the Petitioner will be sent to the URL specified via Submission Redirect URL (if any).
• After the Enrollee confirms their email address (by clicking the link sent to them), they will be sent to the URL specified via Confirmation Redirect URL (if any). This setting should not be used for Account Linking enrollment.

When a redirect is issued to one of these URLs, the session variable CoPetition.id will also be set. This allows a potential target URL within COmanage Registry to determine which Petition is currently in process. This is particularly useful for custom Plugins that wish to add functionality to the Enrollment Flow. Target URLs outside of the Registry environment will not have access to the petition information.

Common Enrollment Patterns