...
Syncing via Job Shell can be disabled on a per-CO basis via CO Settings >> Disable Org Identity Source Sync.
Linking a Record to a CO Person
By default, creating an Org Identity (via Add New Org Identity From Source or any other mechanism) will not create a CO Person.
If the Org Identity Source is attached to a Pipeline, then that Pipeline will likely create a CO Person for the new Org Identity. If a Pipeline Match Strategy is configured, then the Pipeline may attach the new Org Identity to an existing CO Person if the match conditions are satisfied.
To manually link an Org Identity to an existing CO Person, there are two options:
- If no Pipeline is attached to the Org Identity Source, simply link the record manually.
- Define an Enrollment Flow. A typical configuration would be
- Authorization: CO Admin (or COU Admin)
- Identity Matching: Select
- Attach an appropriate Enrollment Source, in Select mode
- Do not define any Enrollment Attributes
Creating ePPNs
When syncing records from an Org Identity Source, Registry can automatically create an identifier of type ePPN to be injected into the Org Identity created from the Source. This can be useful for (eg) automatically calculating the ePPN of an IdP associated with the Source. There are two settings:
...