...
| Info |
|---|
Characteristics found in this use case:
|
Before you login to the COmanage Registry to start configuring the environment for your VO, consider the following questions:
- Do you want members of one collaboration to potentially be able see the members of another collaboration?
A flat logical structure with multiple collaborative organizations (COs) implies an impact on the overall architecture for the COmanage Registry. Each CO will have a set of people records underneath it; an individual might have multiple person records if they are members of multiple COs. This could become confusing for a user who would experience different access restrictions despite logging in with the same organizational identity. Alternatively, the platform can be configured to have a single, master CO with multiple COUs underneath it. From the user perspective, their person record could then be attached to multiple COUs, giving them a complete view of what their information in the Registry.
If siloed access to information, particularly around participation within a collaboration, is important, note that the 'CO with multiple COUs' architecture would allow for COU administrators to see the population of other COUs. From the application standpoint, if multiple collaborations can access a single service, then the CO/COU model may be significantly easierFor more information on the differences between a CO and a COU, see CO vs. COU.
Tip If it is important to prevent users or even administrators from seeing who is in other collaborations on the platform, then it will be important to configure the environment with multiple COs instead of one CO with multiple COUs. The downside of that model, however, is that users will have a higher burden if they need to enroll multiple times, and the linking of applications may become more complicated.
- Do you want to delegate as much of the user and enrollment management to group or COU administrators as possible?
- By default, only the CO admin can invite or add people to the CO. If you would like to delegate the ability to others to do the invitations or additions, the CO admin can enable that when they create the enrollment flows for the CO. See
...
Steps to set up your first VO
- The site administrator will have set up the first CO called the COmanage CO; this is the one CO that bootstraps all the rest. You will need to be enrolled in that CO and set up as a platform administrator. The platform administrator is the superuser for the platform, but cannot run enrollment flows for the COs unless explicitly configured to do so. For more on the different types of administrators, see Registry Administrators.
- "Platform Administrators are configured by adding the appropriate Organizational Identity to the COmanage Registry, and then adding the corresponding person to the
admingroup within the COmanage CO."
- "Platform Administrators are configured by adding the appropriate Organizational Identity to the COmanage Registry, and then adding the corresponding person to the
- Go to the COmanage Registry URL (address TBD for your site). During the installation process, the site administrator should have set up the discovery service so you can login with your institution's preferred IdP.
...
Adding Administrators and Delegating Enrollment Management
See Default Registry Enrollment
- Creating a CO administratorsadministrator
- Creating COU administrators
...
Adding Users
- Creating COU administrators