COmanage Workshop: Managing Identities & Collaborations
This workshop was taught:
What is COmanage?
COmanage is an identity registry with flexible enrollment and lifecycle management capabilities that helps you meet your identity management objectives using standardized tools and approaches. COmanage can be used as a central person registry, a guest management system, or a collaboration hub for scholarly collaborations.
This two-day hands-on class will provide a conceptual understanding of COmanage, and the technical know-how to get this solution up and running. Whether you represent a research computing center or central IT, you can expect to learn:
- how to deploy COmanage using the InCommon Docker images from the InCommon Trusted Access Platform and configure it for basic use
- configure COmanage so that it works in a way that is customized for your organizational needs
- how to model your organization or collaboration, and to set up enrollment flows and data processing to get the right people using the right services
- basics of identifier management and group/role provisioning and management
What to expect
In a nutshell, here is what you can expect over the next two days:
- Meeting up to 40 new friends from campuses across the globe
- Direct access to subject matter experts. Don’t be shy with your questions!
- Gain experience with the Docker container version of COmanage
Knowledge of identity management concepts and related implementation experience is strongly recommended.
Before you arrive
Detailed preparation instructions will be available and distributed prior to the class. Please note that the training requires you to bring a laptop.
- The training makes use of Virtual Machines (VMs), in this case derived from Amazon Marketplace Images (AMI) loaded on Amazon Web Services. The training team will provide access instructions when you arrive for the first day of training.
- You will need to have an SSH client on your laptop you can use to SSH into the VM.
- You will need root/administrator access on the computer you will be bringing to class so that you can modify the local hosts file.
- Your VM will be available during the training and for two weeks after the training. After two weeks, the VM will no longer exist, so be sure to save anything you need within two weeks of the end of the training.
DAY ONE - Understanding COmanage's Structure
As with most tools, COmanage uses a specific structure for modeling people and organizations. After getting an overview of the purpose of COmanage, you will get to work installing your own version of COmanage, and starting the process of modeling a simplified organization or collaboration and the people that you will register and manage within COmanage
In this lesson, you will gain a conceptual understanding of COmanage, what it can do, and how it integrates with other tools and processes. You will better know what you don't know, and will have a general scaffolding to build additional knowledge.
In this lesson, you will learn how to install COmanage and configure it for basic use.
COmanage is a registry for people. In this lesson you will learn how people are represented within COmanage. You will explore how COmanage stores and manages information about people and how this information is linked to systems outside of COmanage. You will learn the types of roles that people can play and the privileges that are granted in COmanage as a result. Also covered is how to manage user authentication.
When using COmanage with your organization or collaboration, the people that you have registered will naturally fall into groups, perhaps by organizational unit, project team, or the activities that a group of people can do. In this lesson, you will learn how these structures are modeled within COmanage and understand which structures to use to meet your needs.
DAY TWO - Understanding COmanage's Superpowers
COmanage has superpowers in linking to other systems and in automating workflows for enrollment and provisioning. On day two, you will customize and build your own enrollment flows, and will set up provisioning so your newly-registered people can be set up to access systems outside of COmanage. You will also set up offboarding policies and learn about the ways that COmanage can be configured or extended to do things that we won't be able to cover during our time together.
One of COmanage's superpowers is in linking the registered people to their representations in your other systems. These systems include both "inbound systems", or "systems of record" as well as "outbound systems" or "provisioned systems". In this lesson you will learn how COmanage interprets systems of records as sources and links them to the registered people. You will also learn how COmanage shares information about registered people with systems so that these systems can make decisions about the rights and access privileges the person has.
Another one of COmanage's superpowers is in being able to manage workflows related to your registered people. A key one of these workflows is the enrollment workflows, or the creation of registered people within COmanage. In this lesson you will learn how enrollment workflows work and how to customize them to meet your needs. You will get to know the common ways that enrollment workflows are initiated, for example, by invitation, self-signup, or account linking. You will understand how to link your registered people to the organizational structures that you created and your "inbound systems" or "systems of record."
CO350 - Workflows: Provisioning [ ] (to be added)
The last step of the enrollment workflow is enabling provisioning, or the links between your registered people and "outbound" or "provisioned" systems. These links will enable these "provisioned systems" to make decisions about the rights and access privileges that the person has. In this lesson we will learn the basic structure for enabling these linkages, and review how to set up several commonly provisioned systems.
CO360 - Workflows: Offboarding [ ] (to be added)
Eventually people that you have registered will no longer have a connection to part or all of your organization or collaboration. In this lesson we will learn how offboard people: how to unwind provisioning, roles and COmanage access. We will review workflow policies to handle the common reasons for offboarding, and learn how to set up automatic processing.
CO370 - Extending COmanage [ ] (to be added)
During this workshop, we learned the basics of COmanage, though it can do so much more. During this lesson, you will whet your appetite for other topics to explore related to COmanage. You will learn how COmanage can be extended through plug-ins, and will be exposed to some of the ways that COmanage can handle more complicated use cases. We will discuss resources for continuing on your COmanage learning journey, and how to connect with the broader COmanage community for support and inspiration.