Skip to end of metadata
Go to start of metadata

This example shows how to set up an enrollment based on an self-signup, using SAML as authorative source. Please see Configuring COmanage Enrollment Flows for more details about configuring enrollment flows.

The key difference between self-signup and invitation flows is the fact that for self-signup, COmanage creates a so-called Organisational-Identity (OI) based on the authenticated user values. Once this OI is created, it can be used as default provider for relevant enrollment attributes that are used to create a COPerson record within the boundaries of the CO.


Howto setup the enrollment flow: Self-signup?

  1. Login to COmanage.
  2. Click on your CO where you want to configure the flow.
  3. Select the "Configuration" from the menu. And click on configuration. Select the option: Enrollment Flows.

  4. Select the Self Signup Enrollment Flow (Template) and duplicate it before making adjustments.

  5. Click on Edit of the newly created flow and you can start with the configuration of the flow.


No screenshot of this configuration is supplied, but for a relevant screenshot, look at Example invite flow configuration

The general flow is:

  • petitioners authenticate
  • an OrgIdentity record is created based on IdP attributes
  • petitioners fill in or accept the petitioner attributes, based on IdP attribute defaults
  • email addres is confirmed by sending a link
  • petition can be reviewed and accepted by the enrollee (if 'Email Confirmation Mode' is set to 'Review')
  • petition is approved by administrator

Important fields in the configuration form:

  • Petitioner Enrollment Authorization: 'authenticated users' (so the system has IdP attributes at the start)
  • Require Approval for Enrollment: set to 'on' to avoid automatically enrolling everyone
  • Email Confirmation mode (set to 'Review' to allow users a final review, set to 'Automatic' to skip that step after email confirmation)
  • Require Enrollee Authentication (set 'off' to avoid double authentication)

After configuring this form, perform the following steps:

  • add enrollment attributes: you can only select attributes of COPerson and COPersonRole, as the OrgIdentity is based on the IdP attributes and is non-modifiable. Selecting OrgIdentity related attributes will cause a non-descriptive user error during enrollment. Select 'Take defaults from OrgIdentity' for relevant attributes to copy IdP attributes into the CO domain.
  • add the SamlSource Organizational Identity Source (OIS) in 'Authentication' mode. An option to manage OIS-es should be available at the top of the main enrollment flow configuration form. Please see Configuring COmanage Enrollment Flows for details on how to configure the relevant OIS



  • No labels