As a collaboration grows in size, it may be useful to create various structures to allow for delegation of person management operations and representation of organizational hierarchy. COmanage supports this through the concept of Collaborative Organization Units (COUs), or COUs. COs can support one or more COUs.

2. Collaborative Organization Units (COUs⚙️)

Collaborative Organizations Units (or COUs:gear:) allow you to define an organizational structure within a CO. While many organizations have natural groups within them, the reason that you would divide your CO into COUs are because there are differences across your CO that necessitates different policies in one or more of the following:

• How individuals join and/or leave the group ("collaboration" instead of group?)
• There are different rules about how applications get provisioned or deprovisioned
• Who manages person membership and privileges in the group
• The information stored or used about members of the group

If your collaboration–a single entity with common goals–has unique requirements among the different groups and/or departments regarding how participants will join those parts of your collaborations, then, you have a CO that contains COUs. If you have only one common set of policies that define how individuals are added or removed from the CO, then you probably? do not have COUs even though you may have groups for simple access control.

COUs⚙️ may also be used to represent recognized groups of collaborators like departments, divisions, projects; or they may be related to the privileges that those in the group may have, for example, alumni or parents. (The primary purpose of a COUs⚙️, however, is to allow for delegation of person management operations. In the "also" exmaples, it's still delegation of person management operations)

COUs⚙️ can be organized in a hierarchy, or a flat structure can be used where each COUs⚙️ has only the CO⚙️ as a parent.

CO Person Roles⚙️ - a.k.a., associating CO Persons⚙️ with COUs⚙️

Any CO Person⚙️ in the CO⚙️ can be part of any of the COUs⚙️ in the CO⚙️. This connection happens through an object called a CO Person Role⚙️.

The attributes (information) stored in the CO Person Role⚙️ object typically include

• Link to the associated CO Person⚙️ who is connected to the COU⚙️
• Link to the person who is sponsoring the CO Person⚙️. Sponsors are usually used in relation to guest systems. We'll talk more about sponsors when we talk about enrollment workflows.
• Status
• Role-specific information about the person
  • affiliation (eduPerson)
  • organization, department, & title
• List of physical addresses / phone numbers

These roles also can include information about the percent time the registered person is allocated to this role. (This is an extended attribute, it is not configured by default.)

CO Persons⚙️ can have any number of CO Person Roles, usually one for each COU that the person is part of.

CO Person Role Status

As with CO Persons⚙️, each CO Person Role⚙️ has a status related to it. The list of possible values is identical to that we reviewed in the previous lesson.

When a CO Person⚙️ is connected to one or more CO Person Roles⚙️, the status of the CO Person⚙️ is calculated from that of the associated Roles based on the "most preferred" status. "Most preferred" is currently defined as the order in the status table (repeated here from the discussion about CO Person⚙️ status in the previous lesson.)

Active statuses are most preferred, followed by expired statuses, followed by invitation statuses.

Maybe again filter this list like for CO Person status

Administrator Roles

COU Administrators👑

COU Administrators👑 can be defined for each COU⚙️, giving them the ability to perform lifecycle management operations on the CO People⚙️ who have CO Person Roles⚙️ associated with the COU that they manage.

Hands on - The organization model - COUs

Let's add to the organizational model that we're using as an example and its related worksheet, Modeling Organization 📝.

[INSTUCTOR NOTE: it's a good idea to see which workshop participants have natural COUs in their organizations, and use this opportunity to clarify the purpose of a COU. If no one has natural COUs, the interactive part of this episode can be skipped OR the participants can go through this exercise, creating two COUs and using the content below to highlight a common use case for multiple COUs. If there is time, it is best to keep this section in.]

Your organization may not need more than one COU. It probably doesn't make sense to have exactly one COU, at that point just use a CO without COUs

On this worksheet you will see spaces to describe two COUs. Write the name of two of your COUs in these sections. If your organization doesn't have COUs, lets use these two as examples:

For a VO oriented example, maybe "Researchers" and "Administrators"?

You can optionally include this information on the COU Planning Worksheet 📝

[5 min]

Hands on - Create COUs⚙️

We will now implement what you have specified on your worksheets.

Sign into Registry

1. Using the credentials you specified as part of the COmanage setup (or the CO Administrator👑 that you established in the last section), sign into the system.
2. Navigate to your CO⚙️. If necessary, select your CO⚙️ by selecting Collaborations from the menu on the left, and then selecting your Collaboration.

Create a COU⚙️

REQUIRED ROLE: CMP Administrator👑 OR CO Administrator👑

3. In the menu on the left, click on the Configuration link to see the list of customizations that you can make. Click on the link labeled COUs to see the list of COUs⚙️ for the CO⚙️.

4. Click the Add a New COU link above the table to create a new COU. Fill in the form using the values that you included on your worksheet and click the ADD button to add the COU⚙️.

5. Repeat for the second COU⚙️. When you return to the COU List, you will see the two COUs that you created. They can be edited from this page if needed.

Establish a COU Administrator👑

Each COU can have its own COU Administrator👑. Manually designating the administrators is a process similar to the one that we followed to create a CO Administrator👑.

6. Ensure that you are signed in and are looking at the CO that you created. From the COU list page, you can use the breadcrumb links near the top of the screen to navigate back to your CO. There are two common paths for manually designating COU Administrators👑. We will use a different process for each of the COUs that we created.
7. From the CO Person⚙️

• From the menu on the left select People > My Population to see the list of CO People⚙️ in your CO⚙️
• Click the Edit button next to the name of the person you set up in the previous lesson.
• Scroll to the Groups section, and click the Manage Group Memberships link. On the list of groups you will now see admins, active, and all groups for each of your COUs⚙️ as well as those for the full CO⚙️
• Make this person the owner of the admin group for your first COU⚙️ - check the Owner checkbox for (only) the first COU⚙️ that you created. Click the SAVE button to save these changes.

8. From the groups list:

• From the menu on the left, select Groups
• Click the Edit button for the admin group for the second COU⚙️ that you created to display the group management page.
• Scroll to the bottom of the page to see the list of group members. Click the Manage Group Memberships link to see a list of people that you can add to the group.
• From the group membership management list, check the "Member" permission to make this person a member of the admin group for the second COU⚙️ that you created. Click the SAVE button to save this change.

CONGRATULATIONS!! You have just created and configured your first COUs.

[15 min]

Terminology & resources

COmanage Objects ⚙️

CO Person Roles 👑

Worksheets

Slides

To be included

PREVIOUS SECTION 1. The CO

NEXT SECTION: 3. About Groups

LESSON OVERVIEW: CO320 - Modeling Your Organization in COmanage

WORKSHOP OVERVIEW: COmanage Workshop: Managing Identities & Collaborations