Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An enrollment flow allows a user (in COmanage also known as a COPerson) to enroll into a CO or COU they were not a member of yet. Enrollment flows are not meant to administer group membership; group administrators (group owners) can do that directly through the Group interface of COmanage. Group membership does not infer any special rights to members, whereas CO and COU membership allows access to specific services.

...

After this, the enrollment flow can be given a name and configured, which requires three steps:

...

A typical enrollment flow configuration form looks like thishas the following options selected:

Important fields here are:

  • Petitioner Enrollment Authorization: this defines who can start the enrollment. For invitation flows, you want this to be set to administrators of the CO or a relevant COU. For self-signup, you normally want this to be 'Authenticated Users'
  • Require Approval for Enrollment: typically, this is checked to enable administrators to approve individual petitions, although you may want to uncheck this for invitation flows, where approval is done beforehand
  • Email Confirmation Mode: this determines whether the enrollee can review their enrollment after clicking on the link in the confirmation email. If set to 'Automatic', enrollment proceeds immediately. 'Review' is a sensible setting.
  • Require Enrollee Authentication: for invitation flows, you want the enrollee to authenticate after accepting the enrollment (review), so the system can gather the IdP provided attributes and this setting needs to be enabled ('on'). For self-signup flows where only authenticated users can enroll, authentication was already done at the start (and the IdP provided attributes were linked), so for self-signup this option can be unchecked ('off'). For invitation flows, you want the enrollee to authenticate after accepting the enrollment (review), so the system can gather the IdP provided attributes and this setting needs to be enabled ('on')


The other fields are either less relevant or very obvious and allow administrators to further personalize the enrollment experience.

...

  • Name
  • Email
  • Affiliation (CO Person Role)

  COmanage will happily accept a flow without those attributes, but will then fail to submit the enrollment form with incomprehensible error messages like "Please check the highlighted field", while not of the fiels fields are highlighted.

A typical attribute configuration form looks like this:

...