Step-by-step Guide to Configuring the Self Signup Enrollment Flow
Before a new administrator can be added and before people can begin to access the tools available to the CO, the CO must have enrollment flows configured and users invited to the system.
A self-registration enrollment flow is designed to require as little intervention from an administrator as possible. After the enrollment flow is created, a common URL is available that can be posted to a website, emailed to a mailing list, or otherwise made broadly available so that anyone can request to join. Part of the work flow includes whether or not an administrator needs to approve the petitions as the final step in allowing people to join the collaboration.
These instructions assume a CO has been created by the platform administrator.
- From the COmanage Registry home page, click on the CO listed in the table.
- In the drop down menu under the name of the CO, click on 'Configuration' and then 'Enrollment'.
- If the resulting page is blank, click on 'Add/Restore Default Templates'.
- Choose the 'Self Signup with Approval' template to duplicate by clicking on the 'Duplicate' link next to the template.
When you have created a copy of that enrollment flow, click on Edit, then rename the enrollment flow and review the options.
You will need to change the status of the new enrollment flow to 'Active'. Renaming it is also a good idea.
These are the default templates. Note that they are best thought of as starting points; customization is recommended in accordance with the needs of a given deployment.
Default flow | Description |
---|---|
Account Linking (template) | An Account Linking enrollment flow is used by an end-user (in this case, making them the 'Petitioner') who is already in the CO when they want to link an additional organizational identity to their record. |
Additional Role (template) | |
Conscription with Approval (template) | A Conscription enrollment flow is used by an administrator (in this case, making the administrator the 'Petitioner') to add a new user (an 'Enrollee'), possibly with CO admin approval but without enrollee confirmation. |
Invitation (template) | An Invitation enrollment flow is used by an administrator (in this case, making the administrator the 'Petitioner') to add a new user (an 'Enrollee'), possibly with CO admin approval, and always with enrollee confirmation. |
Self Signup with Approval (template) | In this case, the end-user is also Petitioner; they can follow a workflow and invite themselves to the CO with no approval process required before activation. |
Options within the Self Signup with Approval Enrollment Flow
Name | You must rename the enrollment workflow. The name should be unique and reasonably self-explanatory. In this case, simply removing the word template may be sufficient. |
Status | This must be changed from "Template" to either "Active" (if you are ready for users to start using it) or "Suspended" (if you would like to hold off on having potential users start enrolling). |
Petitioner Enrollment Authorization Authorization required to execute this enrollment flow, see Enrollment Authorization for details | By default in this workflow, this is set to "none" as no particular authorization is required to run this enrollment workflow; anyone can use it at any time. |
Identity Matching Identity Matching policy for this enrollment flow, see Identity Matching for details | For this type of enrollment workflow, set this to "Self". |
Require Approval For Enrollment (Members of this Group are authorized approvers (or else CO/COU admins by default)) | To require approval, leave the check box selected. |
Require Confirmation of Email Confirm email addresses provided by sending a confirmation URL to the address | This basic confirmation step helps ensure accurate user data in the registry. |
Invitation Validity (Minutes) When confirming an email address (done via an "invitation"), the length of time (in minutes) the confirmation link is valid for (default is 1 day = 1440 minutes) | The invitation itself should be time-bounded for basic security reasons. The default is to have this be one day, but if your use case suggests longer is better, you can configure it that way. |
Subject For Verification Email Subject line for email message sent as part of verification step. | This is configurable, and along with the email body, should be adjusted for your collaboration. Remember that this email will need to get passed spam filters. |
Verification Email Body Body for email message sent as part of verification step. Max 4000 characters. | |
Require Enrollee Authentication Require enrollee to authenticate in order to complete their enrollment | |
From Address For Notifications Email address notifications will come from | |
Notification Group Group to notify on new petitions and changes of petition status. (This is an informational notification. Separate notifications will be sent to approvers and enrollees, as appropriate.) | |
Notify On Approved Status Notify enrollee when Petition is approved | |
Subject For Approval Email Subject line for email message sent after Petition is approved. | |
Approval Email Body Body for email message sent after Petition is approved. Max 4000 characters. | |
Introduction Optional text to display at the top of a Petition form | |
Conclusion Optional text to display at the bottom of a Petition form, before the Submit button | |
Terms and Conditions Mode* How to handle Terms and Conditions at enrollment, if any are defined. See Terms and Conditions | |
Submission Redirect URL URL to redirect to after Petition is submitted by someone who is not already in the CO. | |
Confirmation Redirect URL URL to redirect to after the email address associated with the Petition is confirmed. Leave blank for account linking enrollment. | |
Ignore Authoritative Values Ignore authoritative values for this attribute, such as those provided via environment variables, SAML, or LDAP |
For more detail on enrollment flows and their details, see Registry Enrollment Flow Configuration in the COmanage technical manual.