Please read everything carefully. This demo won't work if you skip steps. In case of problems, check whether you took all steps! |
Apart from the demo with COmanage as Membership Management Service (MMS) which can be found here, below we have a demo script of our own build MMS, called SBS (Dutch abbreviation of Collaboration Management System).
The CO, Collaborative Organisation, is a central component to this type of solution. CO-admins can invite people to become a member of a CO, and allow them access to services.
In this demo, you can both experience being a CO manager, as well as someone being invited to a CO to allow that person access to a service, in this demo a NextCloud environment (a file storage solution, like Dropbox and the likes). You can either do this demo on your own (with one or more accounts) or with someone else, where one is CO-admin and someone else will become a CO-member.
In this demo you'll find out that at the start, you can't access NextCloud. The demo also shows how easy you are onboarded, and that it's easy to invite others and enable (or disable) access. We know we can still improve many things; this is version 0.x .
Follow the following steps for the demo. During the demo, you might see 'consent' pop ups informing you of what information of your identity is released. To finish the demo, you need to approve release of the information.
We need to elevate your authorisation to admin of a CO (CO-admin). You can contact Raoul Teeuwen from SURFnet for this. Please explain your background, preferably sending your mail from your institutional account so Raoul has an idea of your identity, and mentioning with what account (like your Microsoft, Google...-account, <userid>@<idp>.com you want to test SBS).
While waiting... We need to establish you can't use the NextCloud demo environment. Go to https://nextcloud.sandbox.scz.lab.surf.nl/ . Try to sign in with your personal account. You should not be able to, and see an error stating you don't have access. |
Now copy the URI https://nextcloud.sandbox.scz.lab.surf.nl/, and open a new tab in your browser. Paste the copied address and hit enter. You will be asked to authenticate, choose again same IdP (Microsoft, Google...) and authenticate with same account. If your IdP uses Single SignOn, you will be authenticated quickly. The result within the NextCloud application will be that you have successfully authenticated to use the NextCloud service and that you have been recognized as member. Have fun! You can for instance sign out of NextCloud, remove the member from the authorisation group, and try to sign in to NextCloud again. And add the member back and try again.
What happened, how does it work? In this case, thanks to the used protocol and NextCloud features, an account is provisioned when you sign in via SCZ. This demo's just one possible solution.
SCZ makes managing members and access to services very easy, and by leveraging the institutional identity, improves security, GDPR compliance etc.
Thank you and we hope you enjoyed this introduction to SCZ SBS. This demo was made possible by hard work of the SURF SCZ-team, and based on this script.