COmanage Groups (CO Groups) are defined at the CO level, and CO Group Memberships attach to the CO Person. CO Groups are fairly basic, for more sophisticated needs COmanage can be connected to Grouper using the Grouper Provisioning Plugin.
CO Group Attributes
Open vs Closed
An open group is one that allows anyone to join. Participants can self-join, no administrator action is required. Memberships in a closed group can only be set by the group owner.
In addition, CO Administrators can manage any CO Group within their CO.
CO Group Membership Attributes
Member vs Owner
A group member is simply a participant in the group. A group owner has permission to add and remove members to and from the group, including closed groups. A CO Person can be a member, and owner, both, or neither.
The CO Person who creates a CO Group is automatically set as both a member and owner of the new group.
Special CO Groups
Admin Groups
Admin Groups are used to determine Registry Administrators.
- The
admin
group determines CO Administrators. - Groups of the form
admin:couname
determine COU Administrators.
Admin Groups are automatically created when a CO or COU is created. The Platform Administrator typically sets the initial CO Administrator, and then the CO Administrators
Members Groups
Members Groups are automatically updated with all members of the CO or COU.
- The
members
group holds all CO People within the CO. - Groups of the form
members:couname
hold all CO People with a role in the specified COU.
Members Groups are automatically created and updated.
As of v1.1.0, the CO Members Group and COU Members Groups only hold CO People with an Active or Grace Period role in the specified COU.
CO Group Memberships and Enrollment
CO Group Memberships can be added as part of an Enrollment Flow by adding an attribute of the appropriate type. For more details, see Registry Enrollment Flow Configuration.
CO Group Memberships can also be added via Organizational Identity Sources.