Apart from the demo with COmanage as Membership Management Service (MMS) which can be found here, below we have a demo script of our own build MMS, called SBS (Dutch abbreviation of Collaboration Management System).

The CO, Collaborative Organisation, is a central component to this type of solution. CO-admins can invite people to become a member of a CO, and allow them access to services.

In this demo, you can both experience being a CO manager, as well as someone being invited to a CO to allow that person access to a service, in this demo a NextCloud environment (a file storage solution, like Dropbox and the likes). You can either do this demo on your own (with one or more accounts) or with someone else, where one is CO-admin and someone else will become a CO-member.

In this demo you'll find out that at the start, you can't access NextCloud. The demo also shows how easy you are onboarded, and that it's easy to invite others and enable (or disable) access. We know we can still improve many things; this is version 0.x .

Follow the following steps for the demo. During the demo, you might see 'consent' pop ups informing you of what information of your identity is released. To finish the demo, you need to approve release of the information.

1. To start the demo, open https://sbs.pilot.scz.lab.surf.nl/ in a browser (if you run into problems, you might want to try using an incognito browser window).
2. We need to log in to SBS: press the LOGIN button.
3. You're presented a 'Where Are You From' (WAYF) screen where you can select with what account (with what Identity Provider, IdP) you want to sign in. Start typing an IdP name, BUT remember: it's likely your home institution (for instance 'University of Twente') has not allowed you to access to this demo environment. If this is the case, you can use a personal Google or Microsoft account instead (type 'google' or 'microsoft' in the search box in that case)
   
   
4. On successful sign-in, you will see you can do very little, and only see the menu-option home:
   
   

5. We need to elevate your authorisation to admin of a CO (CO-admin). You can contact Raoul Teeuwen from SURFnet for this. Please explain your background, preferably sending your mail from your institutional account so Raoul has an idea of your identity, and mentioning with what account (like your Microsoft, Google...-account, <userid>@<idp>.com you want to test SBS).
   
   

   While waiting... We need to establish you can't use the NextCloud demo environment. Go to https://nextcloud.sandbox.scz.lab.surf.nl/ . Try to sign in with your personal account. You should not be able to, and see an error stating you don't have access.

6. At some point, you will receive an email inviting you to join a CO as admin:
   
   
7. Click the button to accept the invitation and sign in. You should see a message like:
   
   
8. Accept the AUP and click ACCEPT. After you have been promoted to CO-admin, you should see more menu options:
   
9.  So you have become a CO-admin. That went easy (hopefully). You can now invite others to your CO. This can be yourself on another account, or someone else. Click Collaborations. You'll see the CO's your admin or member of:
   
   
10. Under My Collaborations, click the CO you're admin of. Under Members of <CO-name> you can either see any members, and invite new members. 
    
11. Click the INVITE button. You'll be presented a screen to invite people to become member of your CO. Fill out at least an email address. Click INVITE.
    
12. You will see any invites you've send. You can click invites and cancel or resend them. People can only use services connected to 'authorisation groups' within the CO they are member of. 
13. We start with connecting a service to your CO. Click MANAGE under Services.
    
    
14. Click in the Search-field. With many services, you can start typing a service name. Click NextCloud. (You could also cheat and select "Connect all services..." )
    
15. We have now connected a service to your CO. Please understand, technically connecting a service to the platform, making it possible to connect it to a CO, takes more work. This is outside of the scope of this demo. Also, normally you might need approval of the service admin before being able to connect it to your CO. 
16. Now we need to create at least one Authorisation Group. Click Collaborations in the menu-bar, followed by clicking "<CO name>" under Authorisations Groups. You'll be presented a screen where you can MANAGE (incl adding) an authorisation group. Click MANAGE under Authorisation Groups.
    
    
17. Click NEW
    
18. Fill out at least a name and short name. Click CREATE.
    
    
19. In the next screen, click the authorisation group you've just created:
    
    
20. We need to connect the service to the CO. Click in the top search field and click the service name to connect it to this authorisation group:
    
    
21. Now we need to add people of our CO to this authorisation group. Click the second search field and click the members you want to add:
    
    
22. The first member will automatically become the admin. You can add yourself if you want yourself as the admin of the authorisation group.

23. Now copy the URI https://nextcloud.sandbox.scz.lab.surf.nl/, and open a new tab in your browser. Paste the copied address and hit enter. You will be asked to authenticate, choose again same IdP (Microsoft, Google...) and authenticate with same account. If your IdP uses Single SignOn, you will be authenticated quickly. The result within the NextCloud application will be that you have successfully authenticated to use the NextCloud service and that you have been recognized as member. Have fun! You can for instance sign out of NextCloud, remove the member from the authorisation group, and try to sign in to NextCloud again. And add the member back and try again.
    
    

24. What happened, how does it work? In this case, thanks to the used protocol and NextCloud features, an account is provisioned when you sign in via SCZ. This demo's just one possible solution.

25. SCZ makes managing members and access to services very easy, and by leveraging the institutional identity, improves security, GDPR compliance etc.

Thank you and we hope you enjoyed this introduction to SCZ SBS. This demo was made possible by hard work of the SURF SCZ-team, and based on this script.