A Service Eligibility is a Registry Service with a CO Group attached to it that is enabled on a CO Person Role basis. A Service Eligibility can reflect a specific service (such as Payroll System or HPC Cluster) or a group of services (such as Account Type Basic) when integrated with a system capable of turning a single group membership into multiple entitlements. Such a system might be another tool like Grouper, or Registry's Nested Groups.

For contrast, the Services Portal operates on a CO Person basis.

Configuration

1. This is a non-core plugin, see Installing and Enabling Registry Plugins for more information.

2. Once enabled, the plugin can be configured via Configuration > Service Eligibility Settings.
   1. Allow Multiple Services: When checked, multiple Service Eligibilities may be attached to a single CO Person Role. When disabled, only one Service Eligibility may be attached, and if a new one is selected the old one will be removed. Note that if a CO Person has more than one CO Person Role, they may have multiple Service Eligibilities even when disabled (one per Role).
   2. Require Selection at Enrollment: When integrated with an Enrollment Flow, if checked a selection must be made before the step can be completed. Otherwise, the petitioner may skip selection of a Service Eligibility.
3. The plugin will automatically make available for selection any Service defined within the CO that also has a normal (ie: not automatic) CO Group attached to it.

Service Groups

While the plugin does not directly support service groups, they can easily be implemented by using the Service group as a base group to build services from. This could be accomplished by provisioning the base group to a tool like Grouper, or using Registry's Nested Groups. For Nested Groups, a base group like Account Type Basic (with an appropriate Services entry) could be nested into other groups like Email Eligible and HPC Access. These latter groups would then be used for provisioning. Different base groups can be used to populated different sets of target groups.

Enrollment Flow Integration

To allow for the selection of Service Eligibilities during an Enrollment Flow, edit the desired Enrollment Flow Configuration and select Attach Enrollment Flow Wedges. Add a wedge using the ServiceEligibilityEnroller Plugin. There are no Wedge-specific configurations, the Plugin will use the CO specific settings described above.

Because Service Eligibilities attach to CO Person Roles, the Enrollment Flow must collect attributes to create a CO Person Role, such as Affiliation or Title.

Service Eligibility is selected immediately after Petitioner Attributes are collected, and as such runs as the Petitioner. For an administrator driven flow, the administrator will select the Services to add. For a self signup flow, the enrollee will select their Services.

Because Service Eligibilities are based on CO Groups, if an Enrollment Flow attaches a new CO Person Role to an existing, active CO Person, the newly selected Service Eligibility will take effect immediately.

Organizational Identity Source Integration

The Plugin does not yet support creating Service Eligibilities from Organizational Identity Sources. (CO-2324)

Operations

Service Eligibilities can be managed via CO Person Canvas > Service Eligibilities. CO People can view their own Service Eligibilities but not change them (use the Service Portal for that instead), and COU Administrators can view Service Eligibilities for all CO People (within the CO), but can only manage them for CO Person Roles they are administrators for.

When a Service Eligibility is added to a CO Person Role (either manually or via an Enrollment Flow), the CO Person is added to the CO Group associated with the selected Service.

If a CO Person is removed from a CO Group (via CO Group Membership management), the corresponding Service Eligibility will also be removed. Similarly, if the CO Person Role is set to an inactive status (Declined, Deleted, Denied, Duplicate, Expired, or Suspended), the corresponding Service Eligibility will be removed. While Service Eligibilities can be automatically removed, they will not be automatically restored. To restore a Service Eligibility, an administrator must do so via CO Person Canvas > Service Eligibilities.

Provisioning

Because Service Eligibilities are built on top of the existing Services and CO Group infrastructure, provisioning simply leverages the same mechanisms. Most provisioners support provisioning group memberships. In addition, the LDAP Provisioner supports provisioning eduPersonEntitlement for eligible group members based on the Services Registry configuration.