This example shows how to set up an enrollment based on an Invitation, using SAML as authorative source. Please see Configuring COmanage Enrollment Flows for more details about configuring enrollment flows.
The key difference between self-signup and invitation flows is the fact that for invitation flows, COmanage creates a so-called Organisational-Identity (OI) based on the values entered by the petitioner (ie: the person starting the invitation enrollment). The values that petitioner uses for the invitation may not match the values passed by the identity-provider of the person invited (the enrollee). In order to store both types of values, COmanage needs at least two container objects (the Organisational Identities).
Howto setup the enrollment invite-flow?
- Login to COmanage.
- Click on your CO where you want to configure the flow.
- Select the "Configuration" from the menu. And click on configuration. Select the option: Enrollment Flows.
- Select the Invitation enrollment Flow (Template) and duplicate it before making adjustments.
- Click on Edit of the new created flow template and you can start with the configuration of the flow.
Enrollment invite-flow recommended configuration options
Important fields in this form:
- who can start the flow: administrators, or administrators of a specific COU
- require enrollee authentication (set 'on')
After configuring this form, perform the following steps:
- add enrollment attributes, copying attributes to either the OrgIdentity and/or the COPerson records. Please note that due to how invite flows work, the system cannot determine IdP attributes to fill out enrollment attribute defaults: the petitioner OrgIdentity is not the record you would want the defaults of, and the enrollee has not received any notification yet).
- add the SamlSource Organizational Identity Source (OIS). An option to manage OIS-es should be available at the top of the above configuration form (although not visible on this specific screenshot). Please see Configuring COmanage Enrollment Flows for details on how to configure the relevant OIS