3. What is COmanage

Where does COmanage sit in an Identity and Access Management (IAM) architecture?

What COmanage does

COmanage Registry combines group management with configurable and flexible enrollment workflows to support the quick and easy spin up of collaborations focusing on a common task or goal.

COmanage is a key tool for several things:

Enrollment - Enrolling individuals into your Identity and Access Management systems in diverse ways
Synthesis - Combining information about a person that come from different sources into a single, comprehensive record
Organization/group Modeling - Modeling your organization as broad “groups” and attaching this group information to the combined identity records
Basic Provisioning - Provisioning this information to other systems, either to use directly to manage access to systems or services, or to manage access via another tool like midPoint or Grouper.

Who uses COmanage?

COmanage is usually used by one of two audiences:

Virtual Organizations (VOs) and groups that have straight-forward person enrollment and privilege management needs. This group usually can use COmanage directly to manage all aspects of enrolling individuals into their group using customized enrollment processes. In addition, because of the sophisticated ability to model organizations in COmanage, these VOs can usually can use this feature to provision access to systems and services without the need of another system.
Organizations with multiple identity source systems, and where any particular person may have multiple affiliations with the organization (for example, a student and an employee), and/or organizations with more complicated organizational structures. This group usually has a more complicated time establishing a single record of information about an individual, either because the individual potentially has a more complicated relationship to the organization, or because individual relationships to the organization are complicated by temporal, location-based, or group management considerations.

The architecture

Consider the things that you’d want to do with identities:

Establish who you will include
Determine the internal Policy and Governance (decisions by your organization or group about who to include).
Enroll these individuals
Using one or more enrollment models, register the included individuals so that you may provide identity and access management services to them. Enrollment processes may include using information from Source Systems (data sources that contain information about these individuals), enrollment flows (for example, through a digital or in-person interaction with the person), or other models.
Enrich the information about these individual
It is often helpful to create a comprehensive set of information about an individual to make it easier to set up access to systems, services and resources based on rules. To build these information sets, you may include information from multiple Source Systems, or enrich the identity information with information from Groups that you Manage such as teams or programs.
Model your organization and include the individuals where they belong
Your organization may be modeled by departments and centers, but it may also have temporary groups like a research project or event enrollment. Your groups may be related to how individuals interact with your organization, what their relationship is to your organization or how they will use your resources and services. In addition, it is rare for there to only be one lens by which to view these groups. COmanage can be used toManage Groups and describe basic information about your organization and enroll individuals into these groups.
Provisioning
Sometimes having individuals in groups is all you need to Manage Privileges and provide the correct access to your Systems, Services and Resources. Other times you will have more complicated or sophisticated needs, so a dedicated tool for group management and provisioning will be helpful. Either way COmanage’s single view of an individual is an asset to any system using the information.

CHECK YOUR UNDERSTANDING

Click the buttons to reveal the answers

No. While many virtual organizations use COmanage to manage all aspects of enrolling individuals and managing their access to services, COmanage is also a key component for enrolling and managing identities of particular populations of enterprise organizations.

All of them! With COmanage, you can enroll individuals while express your policy and governance rules through enrollment flows, enrich the information about individuals from source systems and group information, and manage privileges and access to systems and services through basic provisioning.

2. Identity Registries 4. COmanage Capabilities

101: Workshop Intro & Getting to Know COmanage

201: Installing COmanage Using Docker Images

310: Modeling People in COmanage

320: Modeling Organizational Structures in COmanage

330: Linking to Systems Outside of COmanage

340: Enrollment Workflows

350: Provisioning

360: Offboarding

370: Extending COmanage Training

3. What is COmanage

What COmanage does

Who uses COmanage?

The architecture

CHECK YOUR UNDERSTANDING

Read more