1. Configure CO Enrollment Flow
  2. Existing person re-enrolls
  3. Confirm email address
  4. Authenticate with second ID
  5. Login to application

Background

This script utilizes two roles intended to demonstrate account linking using COmanage Registry:

  1. U1: An existing member of the Demo CO, with an existing login (U1 login-1) and a new login (U1 login-2) to be added.
  2. P1: The Demo CO Admin

The login identity or EPPN (such as foo@idp.protectnetwork.org or bar@internet2.edu) associated with each role will be referred to as a "login" for short, eg: U1 login.

The "Demo IDMS" refers to the COmanage Registry demonstration installation available at https://demo.co.internet2.edu/registry.

The "Demo Wiki" refers to the Dokuwiki demonstration installation available at https://demo.co.internet2.edu/dokuwiki.

Presenter Requirements

The following must be done for each presenter once (not once per presentation):

  1. Each presenter who will perform P1 must have the organizational identity for the P1 login they will use for the demo added to or used to login to the Demo IDMS.
    1. "Organizational Identities" -> "Add a New Organizational Person"
    2. Be sure to add an email address (so the identity can be invited to MyCO).
    3. Be sure to add the EPPN as an identifier and check the "login" box so it can be used to login to the Demo IDMS.
  2. Each P1 login organizational identity must be invited to Demo.
  3. Each P1 login MyCO identity must be added to the group Demo:admin.

Pre-Demo Checklist

  1. Remove the organizational identity U1 login-2 from Demo.
  2. Remove the Link My Account enrollment flows from previous demos.
  3. Confirm U1 login-1 exists and is valid.

Browser Setup

It may facilitate the demo to use two different browsers. U1 should use the presenter workstation's default browser, so clicking on the email link will work "intuitively". U1 should also be logged into webmail to simplify receiving the confirmation link.

Introduction (5 min)

  1. roll call
  2. validation of sound quality
  3. review of purpose of the demo
  4. pause for questions at end of every section

Domain and Language (10 min)

  1. Explain what we mean by account linking

COmanage Technical demo (25 min)

  1. P1 logs into Registry
  2. P1 retrieves U1's CO and Org Identities, showing existing login identifier
  3. P1 creates a new Enrollment Flow
    1. Name: Link My Account
    2. Enrollment Authz: CO Person
    3. Identity Matching: Self
    4. Require Approval: No
    5. Require Confirmation: Yes
    6. Require Authentication: Yes
    7. Define attributes
      1. Name, Official, Org Identity
      2. Email, Home, Org Identity
      3. Organization, Org Identity (with comment to type in name of identity provider)
  4. U1 login-1 logs into Registry
  5. U1 login-1 executes new Enrollment Flow ("CO Enrollment Flows" > "Link My Account")
  6. U1 checks email for link and clicks on it
  7. U1 login-2 accepts invitation and authenticates to Registry
  8. P1 retrieves U1's CO and Org Identities, showing new login identifier
  9. U1 attempts to login to some application? XXX

Other

Optional items if applicable to audience

  1. Discuss how to use linked identities

Closing (10 min)

  1. final questions
  2. review utility of the demo - was this useful?
  3. set up another call in 1-2 weeks to answer any questions that might have come up

Post-Demo Checklist

  1. If P1 login ordinarily has CMP Admin privileges (ie: is a member of COmanage:admin), but they were removed in the Pre-Demo Checklist, add a COmanage:admin group membership.
  2. Perform the cleanups described in the Pre-Demo Checklist so they don't have to be done next time