This example shows how to set up an enrollment based on an self-signup, using SAML as authorative source. Please see Configuring COmanage Enrollment Flows for more details about configuring enrollment flows.
The key difference between self-signup and invitation flows is the fact that for self-signup, COmanage creates a so-called Organisational-Identity (OI) based on the authenticated user values. Once this OI is created, it can be used as default provider for relevant enrollment attributes that are used to create a COPerson record within the boundaries of the CO.
Howto setup the enrollment flow: Self-signup?
- Login to COmanage.
- Click on your CO where you want to configure the flow.
- Select the "Configuration" from the menu. And click on configuration. Select the option: Enrollment Flows.
- Select the Self Signup Enrollment Flow (Template) and duplicate it before making adjustments.
- Click on Edit of the newly created flow and you can start with the configuration of the flow.
No screenshot of this configuration is supplied, but for a relevant screenshot, look at Example invite flow configuration
The general flow is:
- petitioners authenticate
- an OrgIdentity record is created based on IdP attributes
- petitioners fill in or accept the petitioner attributes, based on IdP attribute defaults
- email addres is confirmed by sending a link
- petition can be reviewed and accepted by the enrollee (if 'Email Confirmation Mode' is set to 'Review')
- petition is approved by administrator
Important fields in the configuration form:
- Petitioner Enrollment Authorization: 'authenticated users' (so the system has IdP attributes at the start)
- Require Approval for Enrollment: set to 'on' to avoid automatically enrolling everyone
- Email Confirmation mode (set to 'Review' to allow users a final review, set to 'Automatic' to skip that step after email confirmation)
- Require Enrollee Authentication (set 'off' to avoid double authentication)
After configuring this form, perform the following steps:
- add enrollment attributes: you can only select attributes of COPerson and COPersonRole, as the OrgIdentity is based on the IdP attributes and is non-modifiable. Selecting OrgIdentity related attributes will cause a non-descriptive user error during enrollment. Select 'Take defaults from OrgIdentity' for relevant attributes to copy IdP attributes into the CO domain.
- add the SamlSource Organizational Identity Source (OIS) in 'Authentication' mode. An option to manage OIS-es should be available at the top of the main enrollment flow configuration form. Please see Configuring COmanage Enrollment Flows for details on how to configure the relevant OIS