diff --git a/_episodes/01-co.md b/_episodes/01-co.md index 72e491e..118569d 100644 --- a/_episodes/01-co.md +++ b/_episodes/01-co.md @@ -10,59 +10,161 @@ keypoints: - "List the key takeaways for the episode" --- +COmanage is a multi-tenet tool. This means that for each installation, one or more top-level groups can be expressed. These groups are called Collaborative Organizations or COs. Individuals are added to these fundamental groups (COs), but once there, the individuals can be included in multiple sub groups of the CO. + # 1. The Collaborative Organization (CO) -## How are COs modeled in COmanage? +The term “Collaborative Organization” or `CO` :gear: refers to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. In the last lesson, we referred to this group of individuals as "your organization or collaboration." Going forward we will just use the term `CO` :gear:. -COmanage is a multi-tenet tool. This means that for each installation, one or more top-level groups can be expressed. These groups are called Collaborative Organizations or COs. Individuals are added to these fundamental groups (COs), but once there, the individuals can be included in multiple sub groups of the CO, called Collaboration Organization Units (or COUs.) +Some traits of these `COs` :gear: include: -As a collaboration grows in size, it may be useful to create various structures to allow for delegation of person management operations and representation of organizational hierarchy. COmanage Registry supports this through the concept of CO Units, or COUs. As of Registry v3.1.0, CO Departments are also supported. +* These individuals use a common workflow for adding collaborators. +* They share common policies for vetting the identities of collaborators. +* They may include individuals in a single organization, or individuals may be in multiple organizations, geographically different regions, or even work independently. -### The COs +While COmanage can support multiple `COs` :gear:, it is rare for someone who is just getting started to have more than one. During this workshop, each of us will be working with just one `COs` :gear:. - The term “Collaborative Organization” or CO to refer to any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. Some traits of these COs include: +# Administrator Roles - * These individuals use a common workflow for adding collaborators. - * They share common policies for vetting the identities of collaborators. - * These COs may include individuals in a single organization, or individuals may be in multiple organizations, geographically different regions, or even work independently. +COmanage Registry defines several types of administrators. -COs can support one our more Collaborative Organization Units (COUs). +## `CO Administrators` :crown: -# Administrator Roles +`CO Administrators` :crown: are super users _within a CO_. The types of activities that a `CO Administrators` :crown: can do include: + +* Configure a `CO` :gear: +* Add people to the `CO` :gear: (using an enrollment workflow. we will talk about these in a future lesson) +* Manage `CO Person` :gear: information for people connected to the `CO` :gear: +* Create and manage sub groups within the `CO` :gear: (we will be talking about these sub groups in the next section.) + +## Other top-level administrators + +### `CMP Administrators` :crown: _(aka Registry Admins)_ + +`CMP Administrators` :crown: (COmanage Platform Administrators) are effectively super users, with the ability to perform almost all operations on the platform. The types of activities that CMP Administrators can do include: + +* Configure the COmanage platform including creating new `COs` :gear: +* and everything that a `CO` :gear: Administrator can do *EXCEPT* for adding people using an enrollment workflow (unless the CMP Administrator is explicitly granted this permission in the workflow.) + +### `System Administrators` :crown: + +`System Administrators` :crown: have privileges that enable them to maintain the COmanage application. These capabilities include the ability to provision cluster resources (for example, hardware, virtual machines, etc), Register and maintain IP Addresses, administer application upgrades, manage and conduct operating system upgrades and conduct backups. + +--- + +# Hands on - The organization model + +![Interactive system activity](../assets/img/hands-on-keyboard.png) -COmanage Registry defines three types of administrators. +In this lesson you each will start to build an organizational model to serve as an example. Using the [Modeling Organization :memo:](/files/handouts/CO310-ModelingOrgs.pdf), write down a name for the `CO` :gear: you will be working with for the workshop. Consider the people that you outlined in the first lesson, and pick a `CO` :gear: to which these individuals would be belong (along with the person's memberships that you have outlined.) + +[5 min] + +--- -## Platform (CMP) Administrators _(Also called Registry Admin in the documentation)_ +# Hands on - CO Settings -Platform Administrators are effectively super users, with the ability to perform almost all operations on the platform. (Platform Administrators cannot execute enrollment flows for COs unless authorized by the enrollment flow.) +![Interactive system activity](../assets/img/hands-on-keyboard.png) -Platform Administrators are configured by [adding the appropriate Organizational Identity](https://spaces.at.internet2.edu/display/COmanage/Default+Registry+Enrollment) to the COmanage CO, and then adding the corresponding person to the CO:admins group (v2.0.0 and later) or admin group (prior to v2.0.0) within the COmanage CO. +`COs` :gear: have a number of settings that will dictate how it will behave. These settings are outlined on the worksheet, [CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf). As we review each of the settings, mark the values for each on the worksheet for your `CO` :gear:. -The first user added as part of the [Registry Setup Script](https://spaces.at.internet2.edu/display/COmanage/Registry+Installation+-+Registry+Setup+Script) is automatically configured to be a Platform Administrator. +## Features -## Collaboration (CO) Administrators +There are several features that can be enabled on a `CO` :gear:. The default values will be sufficient for most needs: -Collaboration Administrators are super users _within a CO_. Collaboration Administrators are configured by adding the appropriate Organizational Identity to the CO (if not already done), and then adding the corresponding person to the CO:admins group (v2.0.0 and later) or admin group (prior to v2.0.0) within the CO. +* **Automatic expiration** _(default: enabled)_ - In the last lesson we learned that `CO Person` :gear: objects have validity date. The status of the `CO Person` :gear: can be set to **expired** when the validity date range has passed. Here you can disable this feature of automatic expirations. +* **`Identity Source` :gear: sync** _(default: enabled)_ - As you know from our last lesson, the cached `Identity Source Record` :gear: can be automatically synced to its source according to its defined schedule. Here you can disable this automatic processing. +* **Normalizations** _(default: enabled)_ - COmanage supports the concept of data normalization. For example, upon entering the text " los angeles " into a field, normalization could correct that to "Los Angeles". Here you can disable this automatic processing. +* **NSF Demographics** _(default: disabled)_ - COmanage supports the collection of NSF Demographic Information. Here you can enable this collection. -CO Administrators can manage any CO Group within their CO. +## Validity Timeframes -## System Administrators +* **Re-provisioning** _(default: 1 day (1440 min))_ - COmanage can enable information exchange to external systems through provisioning. If the validity status of the `CO Person` :gear: changes, you likely will want provisioning to change as well. This setting allows you to set a delay before this action occurs to provide flexibility to correct inaccurate status changes. +* **Email confirmation** _(default: 1 day (1440 min))_ - Email addresses can be confirmed through COmanage. This security setting allows you to automatically expire the confirmation link after a set period of time. -System Administrators have privileges that enable them to maintain the COmanage application. These capabilities include the ability to provision cluster resources (for example, hardware, virtual machines, etc), Register and maintain IP Addresses, administer application upgrades, manage and conduct operating system upgrades and conduct backups. +## Data fields + +In this section, you can set the required fields for physical addresses and names. You can also set what name fields are permitted. + +## Use rules + +* **Sponsor Eligibility Mode** _(default: CO or COU Admin)_ - We have not yet talked about sponsorship or many of these roles. This setting determines who is eligible to sponsor others. < LDP: this isn't enough information to explain what sponsors are -- definition requested in slack. > +* **Terms & Conditions** _(default: not enforced)_ - COmanage can require users to accept terms & conditions when they login. You can use this setting to turn on this feature. + +[15 min] --- -< TO BE UPDATED > +# Hands on - Create a `CO` :gear: + +![Interactive system activity](../assets/img/hands-on-keyboard.png) + +We will now implement what you have specified on your worksheets. + +## Sign into the Registry + +1. Using the credentials you specified as part of the COmanage setup, sign into the system. These credentials have Platform Administrator privileges which enable you to create `COs` :gear:. Once you sign in you will see a list of available collaborations. + +## Create a `COs` :gear: + +**REQUIRED ROLE**: `CMP Administrator` :crown: + +2. From the menu, select Platform > COs to display the CO Management Overview List. + +![Navigate to the CO Management Overview List](/fig/O310-01_COMgmtList_2019-09-06.png) + +3. Click the "Add CO" link above the table on the right side to add a new `CO` :gear:. + +![CO Management Overview List](../fig/CO310-01_COMgmtOverviewList_2019-09-06.png) + +4. Fill in the fields from the **Metadata** section of [CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf): + a. **The name of your CO.** This name will be displayed on lists and elsewhere. It is a good idea for this name to be descriptive, but relatively short. + b. **Description.** Write a short description of your CO. This description will be helpful for those who may not be familiar with your CO's name. + c. **Status.** There are three choices for the status: + * Active - you will select this one. Your CO will be immediately active upon its creation. + * Suspended - Useful if you do not want your CO to be active. + * Template - Useful if you want to create several COs based on the configuration from this one. + +5. Click the **ADD** button to save your new `CO` :gear:. + +## Configure your `CO` :gear: Settings + +**REQUIRED ROLE**: `CMP Administrator` :crown: -OR- `CO Administrator` :crown: + +6. Navigate back to the Collaborations List by selecting "Collaborations" from the menu. +7. From the Collaborations list page, click on the name of the Collaboration that you just created. +8. In the CO menu, click on the "Configuration" link to see the list of customizations that you can make. Click on the first link, "CO Settings" to adjust the settings. + +![Navigate to COSettings Configuration > CO Settings](../assets/img/CO310-01_COSettings_2019-09-06.png) + +9. Using the values that you put in your [[CO Planning Worksheet :memo:](/files/handouts/CO320-01_COPlanningWorksheet.pdf), adjust the settings for your CO. +4. Click the `SAVE` button to save your work. + +CONGRATULATIONS!! You have just created and configured your first CO. + +--- # Terminology & resources -## COmanage Objects +## COmanage Objects :gear: OBJECT | DESCRIPTION ------ | ----------- +`CO` :gear: | any formal or informal group of individuals that work collaboratively in a digital setting. They have a goal of a shared infrastructure that supports their collaborations so that the traditional limitations of localized applications may be overcome. `CO Person` :gear: | the representation of a person in COmanage +`Identity Source` :gear: | Information about a person as obtained from an external source such as LDAP, netFORUM or ORCID. +`CO Person Role` :gear: | the representation of a person's role in COmanage. This object describe the person's role with certain collections of people within your organization or collaboration. These objects are attached to :gear: `CO Person` objects; there may be any number of Roles. + `CO Group` :gear: | a specific COmanage organizational structure for representing certain collections of `CO Persons` :gear: +## CO Person Roles :crown: + +ROLE | DESCRIPTION +---- | ----------- +`CMP Administrators` :crown: | CMP Administrators are effectively super users, with the ability to perform almost all operations on the platform. +`CO` :gear: Administrators | `CO` :gear: Administrators are super users _within a CO_. +`System Administrators` :crown: | System Administrators have privileges that enable them to maintain the COmanage application. + ## Worksheets WORKSHEET | DESCRIPTION