| title | teaching | exercises | questions | objectives | keypoints | |||
|---|---|---|---|---|---|---|---|---|
The COUs |
10 |
20 |
|
|
|
As a collaboration grows in size, it may be useful to create various structures to allow for delegation of person management operations and representation of organizational hierarchy. COmanage supports this through the concept of Collaborative Organization Units (COUs), or COUs. COs can support one or more COUs.
2. Collaborative Organization Units (COUs⚙️)
Collaborative Organizations Units (or COUs:gear:) allow you to define an organizational structure within a CO. While many organizations have natural groups within them, the reason that you would divide your CO into COUs are because there are differences across your CO that necessitates different policies in one or more of the following:
- How individuals join and/or leave the group
- There are different rules about how applications get provisioned or deprovisioned
- Who manages person membership and privileges in the group
- The information stored or used about members of the group
If your collaboration–a single entity with common goals–has unique requirements among the different groups and/or departments regarding how participants will join those parts of your collaborations, then, you have a CO that contains COUs. If you have only one common set of policies that define how individuals are added or removed from the CO, then you do not have COUs even though you may have groups for simple access control.
When you have COUs⚙️, they may represent recognized groups of collaborators like departments, divisions, projects; or they may be related to the privileges that those in the group may have, for example, alumni or parents. The primary purpose of a COUs⚙️, however, is to allow for delegation of person management operations.
If COUs⚙️ are defined, they can be associated directly with the CO⚙️ or they can have another COU⚙️ as a parent.
CO Person Roles⚙️ - a.k.a., associating CO Persons⚙️ with COUs⚙️
Any CO Person⚙️ in the CO⚙️ can be part of any of the COUs⚙️ in the CO⚙️. This connection happens through an object called a CO Person Role⚙️.
The attributes (information) stored in the CO Person Role⚙️ object typically includes
- Link to the associated
CO Person⚙️ who is connected to theCOU⚙️ - Link to the person who is sponsoring the
CO Person⚙️. Sponsors are usually used in relation to guest systems. We'll talk more about sponsors when we talk about enrollment workflows. - Status
- Personal information about the person
- Date of birth
- affiliation (eduPerson)
- organization, department, & title
- List of physical addresses / phone numbers
These roles also can include information about the percent time the registered person is allocated to this role.
CO Persons⚙️ can have any number of CO Person Roles, usually one for each COU that the person is part of.
CO Person Role Status
As with CO Persons⚙️, each CO Person Role⚙️ has a status related to it. The list of possible values is identical to that we reviewed in the previous lesson.
When a CO Person⚙️ is connected to one or more CO Person Roles⚙️, the status of the CO Person⚙️ is calculated from that of the associated Roles based on the "most preferred" status. "Most preferred" is currently defined as the order in the status table (repeated here from the discussion about CO Person⚙️ status in the previous lesson.)
Active statuses are most preferred, followed by expired statuses, followed by invitation statuses.
| Preference | Status | Description |
|---|---|---|
| 1 | Active | Person or Role is an active member of the organization or collaboration |
| 2 | GracePeriod | Primary association with the organization has ended, but services have not yet been deprovisioned |
| 3 | Suspended | Association with the organization has been (manually) temporarily suspended |
| 4 | Expired | Valid through date has been reached |
| 5 | Approved | |
| 6 | PendingApproval | The enrollment flow petition is pending approval |
| 7 | Confirmed | |
| 8 | PendingConfirmation | An invitation or email confirmation was sent via an enrollment flow |
| 9 | Invited | An invitation was sent via default enrollment |
| 10 | Pending | |
| 11 | Denied | The enrollment flow petition was denied |
| 12 | Declined | The invitation sent via default enrollment was declined |
| 13 | Deleted | |
| 14 | Duplicate | The record is a duplicate of another |
Administrator Roles
COU Administrators👑
COU Administrators👑 can be defined for each COU⚙️, giving them the ability to perform lifecycle management operations on the CO People⚙️ who have CO Person Roles⚙️ associated with the COU that they manage.
Hands on - The organization model - COUs
Let's add to the organizational model that we're using as an example and its related worksheet, Modeling Organization 📝.
[INSTUCTOR NOTE: it's a good idea to see which workshop participants have natural COUs in their organizations, and use this opportunity to clarify the purpose of a COU. If no one has natural COUs, the interactive part of this episode can be skipped OR the participants can go through this exercise, creating two COUs and using the content below to highlight a common use case for multiple COUs. If there is time, it is best to keep this section in.]
Your organization may not need more than one COU.
On this worksheet you will see spaces to describe two COUs. Write the name of two of your COUs in these sections. If your organization doesn't have COUs, lets use these two as examples:
| field | COU #1 | COU #2 |
|---|---|---|
| Name | Main university | Medical school |
| Description | A sub-unit containing the people and policies related to the main university. This is a top-level sub-unit. | A sub-unit containing the people and policies related to the university's medical school. This is a top-level sub-unit. |
| Parent COU | [blank] | [blank] |
You can optionally include this information on the COU Planning Worksheet 📝
[5 min]
Hands on - Create COUs⚙️
We will now implement what you have specified on your worksheets.
Sign into the Registry
- Using the credentials you specified as part of the COmanage setup (or the
CO Administrator👑 that you established in the last section), sign into the system. - Navigate to your
CO⚙️. If necessary, select yourCO⚙️ by selecting Collaborations from the menu on the left, and then selecting your Collaboration.
Create a COU⚙️
REQUIRED ROLE: CMP Administrator👑 OR CO Administrator👑
-
In the menu on the left, click on the Configuration link to see the list of customizations that you can make. Click on the link labeled COUs to see the list of
COUs⚙️ for theCO⚙️. -
Click the Add a New COU link above the table to create a new COU. Fill in the form using the values that you included on your worksheet and click the ADD button to add the
COU⚙️. -
Repeat for the second
COU⚙️. When you return to the COU List, you will see the two COUs that you created. They can be edited from this page if needed.
Establish a COU Administrator👑
Each COU can have its own COU Administrator👑. Manually designating the administrators is a process similar to the one that we followed to create a CO Administrator👑.
- Ensure that you are signed in and are looking at the CO that you created. From the COU list page, you can use the breadcrumb links near the top of the screen to navigate back to your CO. There are two common paths for manually designating
COU Administrators👑. We will use a different process for each of the COUs that we created. - From the
CO Person⚙️
- From the menu on the left select People > My Population to see the list of
CO People⚙️ in yourCO⚙️ - Click the Edit button next to the name of the person you set up in the previous lesson.
- Scroll to the Groups section, and click the Manage Group Memberships link. On the list of groups you will now see admins, active, and all groups for each of your
COUs⚙️ as well as those for the fullCO⚙️ - Make this person the owner of the admin group for your first
COU⚙️ - check the Owner checkbox for (only) the firstCOU⚙️ that you created. Click the SAVE button to save these changes.
- From the groups list:
- From the menu on the left, select Groups
- Click the Edit button for the admin group for the second
COU⚙️ that you created to display the group management page. - Scroll to the bottom of the page to see the list of group members. Click the Manage Group Memberships link to see a list of people that you can add to the group.
- From the group membership management list, check the "Member" permission to make this person a member of the admin group for the second
COU⚙️ that you created. Click the SAVE button to save this change.
CONGRATULATIONS!! You have just created and configured your first COUs.
[15 min]
Terminology & resources
COmanage Objects ⚙️
| OBJECT | DESCRIPTION |
|---|---|
COU⚙️ |
an organizational structure within a CO that differs in how individuals join and/or leave the group, how applications get provisioned or deprovisioned, who manages person membership and privileges in the group, or in the information stored or used about members of the group. |
CO Person⚙️ |
the representation of a person in COmanage |
CO Person Role⚙️ |
the representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to ⚙️ CO Person objects; there may be any number of Roles. |
CO Person Roles 👑
| ROLE | DESCRIPTION |
|---|---|
COU Administrators👑 |
Individuals that have the ability to perform lifecycle management operations on the CO People⚙️ who have CO Person Roles⚙️ associated with the COU⚙️. |
Worksheets
| WORKSHEET | DESCRIPTION |
|---|---|
| Modeling Organization 📝 | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together. |
| COU Planning Worksheet 📝 | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance. |
Slides
To be included
PREVIOUS SECTION 1. The CO
NEXT SECTION: 3. About Groups
LESSON OVERVIEW: CO320 - Modeling Your Organization in COmanage
WORKSHOP OVERVIEW: COmanage Workshop: Managing Identities & Collaborations