Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

COmg-CO320-modelOrg/_episodes/01-co.md

Go to file
 
 
Cannot retrieve contributors at this time
223 lines (135 sloc) 15.1 KB
Raw Blame
Open in GitHub Desktop
---
title: "The CO"
teaching: 10
exercises: 45
questions:
- "Question here"
objectives:
- "List the objectives"
keypoints:
- "List the key takeaways for the episode"
---
COmanage is a multi-tenant tool. This means that for each installation, one or more top-level groups (_group is ambiguous, maybe stick with tenant?_) can be expressed. These groups are called Collaborative Organizations or COs. Individuals are added to these fundamental groups (COs), but once there, the individuals can be included in multiple sub groups of the CO.
# 1. The Collaborative Organization (`CO`:gear:)
The term “Collaborative Organization” or `CO`:gear: refers to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. In the last lesson, we referred to this group of individuals as "your organization or collaboration." Going forward we will just use the term `CO`:gear:.
Some traits of these `COs`:gear: include:
* These individuals use a common workflow for adding collaborators.
* They share common policies for vetting the identities of collaborators.
* They may include individuals in a single organization, or individuals may be in multiple organizations, geographically different regions, or even work independently.
While COmanage can support multiple `COs`:gear:, it is rare for deployers who are just getting started to have more than one. During this workshop, each of us will be working with just one `COs`:gear:.
# Administrator Roles
COmanage Registry defines several types of administrators.
## `CO Administrators`:crown:
`CO Administrators`:crown: are super users _within a CO_. The types of activities that a `CO Administrators`:crown: can do include:
* Configure a `CO`:gear:
* Add people to the `CO`:gear: (using an enrollment workflow. we will talk about these in a future lesson)
* Manage `CO Person`:gear: information for people connected to the `CO`:gear:
* Create and manage sub groups within the `CO`:gear: (we will be talking about these sub groups in the next section.)
* Connect the CO to provision applications used by the collaboration (_This point might not be covered enough in the introductory materials - the primary purposes of person attribute management is to enable access to applications (and remove it when no longer required)_)
## Other top-level administrators
### `CMP Administrators`:crown: _(aka Registry Admins)_
`CMP Administrators`:crown: (COmanage Platform Administrators) are effectively super users, with the ability to perform almost all operations on the platform. The types of activities that CMP Administrators can do include:
* Configure the COmanage platform including creating new `COs`:gear:
* and everything that a `CO`:gear: Administrator can do *EXCEPT* for adding people using an enrollment workflow (unless the CMP Administrator is explicitly granted this permission in the workflow.)
### `System Administrators`:crown:
`System Administrators`:crown: have privileges that enable them to maintain the COmanage application. These capabilities include the ability to provision cluster resources (for example, hardware, virtual machines, etc), Register and maintain IP Addresses, administer application upgrades, manage and conduct operating system upgrades and conduct backups.
---
# Hands on - The organization model - COs
![Interactive system activity](/assets/img/hands-on-keyboard.png)
In this lesson you each will start to build an organizational model to serve as an example. Using the [Modeling Organization :memo:](/files/handouts/CO320-ModelingOrgs.pdf), write down a name for the `CO`:gear: you will be working with for the workshop. Consider the people that you outlined in the first lesson, and pick a `CO`:gear: to which these individuals would be belong (along with the person's memberships that you have outlined.)
[5 min]
---
# Hands on - CO Settings
_Most CO Settings only make sense in another context. For example, the automatic expiration setting only makes sense once Expiration Policies are defined, and Identity Source Sync only makes sense if Org Identity Sources are configured in some sort of batch mode._
![Interactive system activity](/assets/img/hands-on-keyboard.png)
`COs`:gear: have a number of settings that will dictate how it will behave. These settings are outlined on the worksheet, [CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf). As we review each of the settings, mark the values for each on the worksheet for your `CO`:gear:.
## Features
There are several features that can be enabled on a `CO`:gear:. The default values will be sufficient for most needs:
* **Automatic expiration** _(default: enabled)_ - In the last lesson we learned that `CO Person`:gear: objects have validity date. The status of the `CO Person`:gear: can be set to **expired** when the validity date range has passed. Here you can disable this feature of automatic expirations.
* **`Identity Source`:gear: sync** _(default: enabled)_ - As you know from our last lesson, the cached `Identity Source Record`:gear: can be automatically synced to its source according to its defined schedule. Here you can disable this automatic processing.
* **Normalizations** _(default: enabled)_ - COmanage supports the concept of data normalization. For example, upon entering the text " los angeles " into a field, normalization could correct that to "Los Angeles". Here you can disable this automatic processing.
* **NSF Demographics** _(default: disabled)_ - COmanage supports the collection of NSF Demographic Information. Here you can enable this collection.
## Validity Timeframes
* **Re-provisioning** _(default: 1 day (1440 min))_ - COmanage can enable information exchange to external systems through provisioning. If the validity status of the `CO Person`:gear: changes, you likely will want provisioning to change as well. This setting allows you to set a delay before this action occurs to provide flexibility to correct inaccurate status changes.
* **Email confirmation** _(default: 1 day (1440 min))_ - Email addresses can be confirmed through COmanage. This security setting allows you to automatically expire the confirmation link after a set period of time.
## Data fields
In this section, you can set the required fields for physical addresses and names. You can also set what name fields are permitted.
## Use rules
* **Sponsor Eligibility Mode** _(default: CO or COU Admin)_ - We have not yet talked about sponsorship or many of these roles. This setting determines who is eligible to sponsor others. < LDP: this isn't enough information to explain what sponsors are -- definition requested in slack. >
* **Terms & Conditions** _(default: not enforced)_ - COmanage can require users to accept terms & conditions when they login. You can use this setting to turn on this feature.
[15 min]
---
# Hands on - Create a `CO`:gear:
![Interactive system activity](/assets/img/hands-on-keyboard.png)
We will now implement what you have specified on your worksheets.
## Sign into (the _typically we don't use prepositions with the product names_) Registry
1. Using the credentials you specified as part of the COmanage setup, sign into the system. These credentials have Platform Administrator privileges which enable you to create `COs`:gear:. Once you sign in you will see a list of available collaborations.
## Create a `CO`:gear:
**REQUIRED ROLE**: `CMP Administrator`:crown:
2. From the menu, select Platform > COs to display the CO Management Overview List.
![Screen shot - Navigate to the CO Management Overview List](/fig/O320-01_COMgmtList_2019-09-06.png)
3. Click the "Add CO" link above the table on the right side to add a new `CO`:gear:.
![Screen shot - CO Management Overview List](/fig/CO320-01_COMgmtOverviewList_2019-09-06.png)
4. Fill in the fields from the **Metadata** section of [CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf):
a. **The name of your CO.** This name will be displayed on lists and elsewhere. It is a good idea for this name to be descriptive, but relatively short.
b. **Description.** Write a short description of your CO. This description will be helpful for those who may not be familiar with your CO's name.
c. **Status.** There are three choices for the status:
* Active - you will select this one. Your CO will be immediately active upon its creation.
* Suspended - Useful if you do not want your CO to be active.
* Template - Useful if you want to create several COs based on the configuration from this one.
5. Click the **ADD** button to save your new `CO`:gear:.
## Configure your `CO`:gear: Settings
**REQUIRED ROLE**: `CMP Administrator`:crown: -OR- `CO Administrator`:crown:
6. Navigate back to the Collaborations List by selecting "Collaborations" from the menu.
7. From the Collaborations list page, click on the name of the Collaboration that you just created.
8. In the CO menu, click on the "Configuration" link to see the list of customizations that you can make. Click on the first link, **CO Settings** to adjust the settings.
![Screen shot - Navigate to COSettings Configuration > CO Settings](/fig/CO320-01_COSettings_2019-09-06.png)
9. Using the values that you put in your [[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf), adjust the settings for your CO.
10. Click the `SAVE` button to save your work.
## Establish a `CO Administrator`:crown:
Now that you have created a CO, you should set up at least one person as its administrator. For this example, you do not yet have any `CO Persons`:gear: that you can assign to this role. Instead, you will manually create records to create a `CO Person`:gear: and set up yourself as that administrator.
11. Ensure that you are signed in and are looking at the CO that you created.
12. Navigate to the Organizational Identity List using the menu on the left by clicking **People** > **Organizational Identities**
![Screen shot - Navigate to People > Organizational Identities](/fig/CO320-01_NavToOrgIdentitiesList.png)
13. Click on the **Add a New Organizational Identity** link to open a form to create a new `Org Identity`:gear:. _NOTE: generally you will not be performing this function manually, so we will include the minimum attributes and information here._
![Screen shot - click Add a New Organizational Identity](/fig/CO320-01_CreateNewOrgIdentity.png)
14. Fill in the form for yourself. The only required information is a **Given Name**. Feel free to fill in as much or as little as you would like. When you are finished, click the **ADD** button to save the new Organizational Identity.
15. You will need an email address associated with this `Org Identity`:gear to create a `CO Person`:gear: that can be turned into an administrator. Add an email address by clicking the **Add** button in the Email addresses section. Fill in the form that is presented, and click the **ADD** button to add the email address.
![Screen shot - click Add Email](/fig/CO320-01_AddEmail.png)
16. Now that you have an `Org Identity`:gear: with an email address, you can invite this person (you!) to be a member of your `CO`:gear:. On the menu on the left, select **People** > **Invite** to start the process. This action will bring you to a list of `Org Identities`:gear: that both have an email address, and has not yet a part of the `CO`:gear: or been invited to join. You will see the `Org Identity`:gear: that you created on this list.
![Screen shot - Find a person to invite to your CO](/fig/CO320-01_StartInvitation.png)
17. Click the **Invite** button, review the form that appears as a result, and then click the "SEND INVITE" button. This action will send an invitation email to the address stored, and will add a `CO Person`:gear: attached to the `Org Identity`:gear: to the `CO`:gear:. This means that this new `CO Person`:gear: will appear in the population list for the CO. (The population list appears once the invitation is sent.)
![Screen shot - My Population List](/fig/CO320-01_MyPopulation.png)
18. Let's edit the `CO Person`:gear: directly to complete the process. Click the **Edit** button for the newly created `CO Person`:gear: to display the edit screen. Notice that this person was automatically added to the CO:members:all group.
19. Make the following edits to complete the process:
* Change the **Status** in the **Person Attributes** section to **Active** and click the **SAVE** button. (This action will result in the person also being added to the CO:members:active group)
* Add the person to the CO:admins group. In the **Groups** section, click the **Manage Group Memberships** link. for the CO:admins group, check the **Member** checkbox in the **Actions** column. Click the **SAVE** button at the bottom of the list to save this action. Navigate back to the `CO Person`:gear: to check that this person is now a part of the administrators group for the `CO`:gear:
![Screen shot - CO Person Edit screen with "Manage Group Memberships" highlighted](/fig/CO320-01_ManageGroupMemberships.png)
CONGRATULATIONS!! You have just created and configured your first CO.
[25 min]
---
# Terminology & resources
## COmanage Objects :gear:
OBJECT | DESCRIPTION
------ | -----------
`CO`:gear: | any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome.
`CO Person`:gear: | the representation of a person in COmanage
`Identity Source`:gear: | Information about a person as obtained from an external source such as LDAP, netFORUM or ORCID.
`CO Person Role`:gear: | the representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to :gear: `CO Person` objects; there may be any number of Roles.
## CO Person Roles :crown:
ROLE | DESCRIPTION
---- | -----------
`CMP Administrators`:crown: | CMP Administrators are effectively super users, with the ability to perform almost all operations on the platform.
`CO Administrators`:crown: | `CO`:gear: Administrators are super users _within a CO_. These individuals belong to the CO:admins group of the `CO`:gear:.
`System Administrators`:crown: | System Administrators have privileges that enable them to maintain the COmanage application.
## Worksheets :memo:
WORKSHEET | DESCRIPTION
--------- | -----------
[Modeling Organization :memo:](/files/handouts/CO320-ModelingOrgs.pdf) | Planning sheet used in this lesson for understanding how the parts of the COmanage Organization fit together.
[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf) | Planning worksheet for creating your CO(s). Contains all of the configuration sections at a glance.
## Slides
To be included
---
NEXT SECTION: [2. The COUs](/_episodes/02-cous.md)
LESSON OVERVIEW: [CO320 - Modeling Your Organization in COmanage](../index.md)
WORKSHOP OVERVIEW: [COmanage Workshop: Managing Identities & Collaborations](https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md)