Table

cm_co_enrollment_flows

Description

Per-CO enrollment flow configurations

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


name

varchar(128)

Flow Name



sor_labelvarchar(40)SOR Label used in match requestsID Match APIAdded in Registry v4.1.0

co_id

integer, foreign key

CO Record ID

cm_cos:id


authz_level

varchar(2)

Authorization required to execute this enrollment flow

  • A: CO or COU admin (administrator enrollment)
  • N: No authorization required (open, self enrollment)
  • CA: CO admin (administrator enrollment)
  • CG: Member of specified CO group (self or delegated enrollment)
  • CP: CO Person (self or delegated enrollment)
  • UA: COU admin (administrator enrollment)
  • UP: CO Person in specified COU (self or delegated enrollment)


authz_cou_id

integer, foreign key

COU Record ID when authz_level is UA or UP

cm_cous:id


authz_co_group_id

integer, foreign key

CO Group Record ID when authz_level is CG

cm_co_groups:id


my_identity_shortcutbooleanWhether a link to this flow should be rendered in the "My Identity" menu
  • true: Render a link
  • false: Do not render a link
Added Registry v3.2.0
co_pipeline_idinteger, foreign keyCO Pipeline to run for Org Identities created using this Flowcm_co_pipelines:idUnused, removed as of Registry v3.3.0

match_policy

varchar(2)

Policy for matching against existing CO People

  • A: Advisory (suggestions are provided but not automatically selected)
  • E: External (using ID Match API)
  • N: None (no matching performed)
  • P: Select ("Pick" from existing CO People)
  • S: Self (can only re-enroll self)


match_server_idinteger, foreign keyMatch Server ID when match_policy is Externalcm_servers:idAdded Registry v4.1.0
enable_person_findbooleanEnable People Picker API for unregistered petitioners associated with this Enrollment Flow
  • true: People Picker API enabled
  • false: People Picker API disabled
Added Registry v3.3.0

approval_required

boolean

Is approval required before any provisioning may occur?

  • true: Approval required
  • false: Approval not requested

Approvers defined by CO:admin.approvers or CO:admin.approvers:COU group membership

approver_co_group_id

integer, foreign key

CO Group Record ID for group whose members are authorized to approve petitions created by this flow

cm_co_groups:id


verify_email

boolean

Do org identity email addresses need to be verified?

  • true: Verification required
  • false: Verification not requested

Verification sends an email to the address with a URL

Deprecated as of v2.0.0, use email_verification_mode instead

email_verification_modevarchar(2)If/how org identity email addresses should be verified
  • A: Automatic
  • R: Review
  • X: None

Added in v2.0.0

See also Email Verification

invitation_validity

integer

For invitations used to verify email addresses, the length of time (in minutes) the invitation is valid for


See also cm_co_settings

regenerate_expired_verificationbooleanAutomatically regenerate confirmation links on validation of an expired link?
  • true: Regenerate confirmations on validation of expired links
  • false: Do not regenerate confirmations on validation of expired links
Added in v4.1.0

require_authn

boolean

Is the authentication required by the enrollee?

  • true: Approval required
  • false: Approval not requested


notification_co_group_id

integer, foreign key

CO Group Record ID whose members will be notified when petitions generated from the enrollment flow trigger certain events

cm_co_groups:id


status

varchar(2)

Configuration status

  • A: Active
  • S: Suspended


notify_from

varchar(256)

Address to send notifications from

RFC 5322 Address

Used in coinvite as source email address when sending out notifications

verification_template_idinteger, foreign keyTemplate for verification emailcm_co_message_templates:id

verification_subject

varchar(256)

Subject for verification email


Deprecated as of v2.0.0, use message templates instead

verification_body

text(4000)

Body for verification email


Deprecated as of v2.0.0, use message templates instead

request_vettingbooleanRequest Vetting for the Enrollee
  • true: Vetting is requested
  • false: Vetting is not requested
Added in Registry v4.1.0

notify_on_approval

boolean

Notify the enrollee on Petition approval?

  • true: Notification is sent
  • false: Notification is not sent

As of v3.3.0, also triggers notification on denial

approval_template_idinteger, foreign keyTemplate for approval emailcm_co_message_templates:id

approval_subject

varchar(256)

Subject for approval email


Deprecated as of v2.0.0, use message templates instead

approval_body

text(4000)

Body for approval email


Deprecated as of v2.0.0, use message templates instead

approver_template_id

integer, foreign key

Template for approver email

cm_co_message_templates:id

Added in Registry v4.3.0

denial_template_idinteger, foreign keyTemplate for denial emailcm_co_message_templates:id
notify_on_finalizebooleanNotify the enrollee on Petition finalization?
  • true: Notification is sent
  • false: Notification is not sent

finalization_template_idinteger, foreign keyTemplate for finalization emailcm_co_message_templates:id

introduction_text

text(4000)

Introductory text displayed at the start of an Enrollment Flow



conclusion_text

text(4000)

Conclusion text displayed at the bottom of a Petition form



introduction_text_patext(4000)Introductory text displayed at the top of a Petition form
Added in Registry v4.1.0

t_and_c_mode

varchar(2)

Terms and Conditions mode

  • EC: Explicit Consent
  • IC: Implied Consent
  • S: Splash Page after enrollment
  • X: Ignore T&C during enrollment


redirect_on_submit

varchar(256)

After a Petition is submitted, a URL (relative or absolute) to redirect the browser to



redirect_on_confirm

varchar(256)

After the email address associated with a Petition is confirmed, a URL (relative or absolute) to redirect the browser to



redirect_on_finalizevarchar(256)After a Petition is finalized, a URL (relative or absolute) to redirect the browser to
Added in v3.1.0
return_url_allowlisttext(4000)Newline separated list of regular expressions representing permitted values to be passed into the petition as a URL to redirect to after the Petition is finalized
Added in v3.1.0, renamed from return_url_whitelist in v3.3.0

ignore_authoritative

boolean

Whether or not to ignore authoritative values

  • true: Ignore authoritative values for all attributes in this enrollment flow
  • false: Allow authoritative values for this attribute (subject to per-attribute override)


duplicate_modevarchar(2)How to handle a detected duplicate enrollment
  • C: Create a new role if in a different COU
  • D: Flag as duplicate
  • R: Create a new role

co_theme_idinteger, foreign keyTheme to use when executing this Enrollment Flowcm_co_themes:idAdded v2.0.0
theme_stackingvarchar(2)Whether to enable Theme Stacking for this Enrollment Flow.
  • A: Active
  • S: Suspended (disabled)
Added v4.0.0
establish_authenticatorsbooleanWhether to establish authenticators as part of enrollment
  • true: Establish authenticators, as per configuration
  • false: Do not establish authenticators
Added v3.3.0
establish_cluster_accountsbooleanWhether to establish cluster accounts as part of enrollment
  • true: Establish cluster accounts, as per configuration
  • false: Do not establish clusters
Added v3.3.0