Understanding CO Services

COmanage supports a concept of CO Services⚙️. A CO Service represents a service or application that a CO Person⚙️ has access to by participating in the organization or collaboration. While access to the service is likely controlled by attributes stored and/or managed within COmanage, the service itself is not accessed as part of Registry. Instead, CO Services⚙️ act as inventory or catalog of available services, rendering a list of available services on a per CO Person⚙️ basis.

Hands on - Specify a CO Service for your CO

Navigate to the Identifier Assignment List

REQUIRED ROLE: CMP Administrator👑 OR CO Administrator👑

If necessary, sign into COmanage and navigate to your CO⚙️
Navigate to the CO Services⚙️ List by clicking on the CO Configuration link in the left menu, and clicking on the Services link to display the services List.

Add a CO Service

Click the Add Service link above the table to display a CO Service configuration form.
Fill in the form for your service
- GENERAL ATTRIBUTES - This information also is used for display within the service directory.
  - Name: Provide a name for the service that will be recognizable by the people in your organization or collaboration.
  - Description: Include a description to provide additional information or context for those in your organization or collaboration that may be accessing this service.
  - Status: The two options for status are “Active” or “Suspended”. Suspended services will not be available to those in your organization or collaboration.
  - Visibility: Who can see this CO Service entry. Note that administrators are not treated specially – they will only see Services in the menu and portal for which they have associated eligibilities. To see the full list of services, administrators can use the configuration menu.
    - CO Admin: Only CO Administrators👑 within the CO⚙️ can see this service
    - CO Group Member: Only members of the CO Group⚙️ associated with this service can see it
    - CO Member: Any CO Person⚙️ within the CO⚙️ can see this service
    - Unauthenticated User: Anyone can see this service
  - Logo URL: The URL for an image that represents this service. NOTE: you can serve these locally from your Registry server. If this feature is of interest, we can talk about it toward the end of the workshop if time allows.
- RESTRICTION - The ability to restrict access to the service to subgroups of your CO⚙️
  - COU: If this service should only be available to CO People⚙️ included in a specific COU⚙️, this restriction can be added by selecting the COU⚙️ from the dropdown list.
  - Service Group: Access to this service is available only to members of this group. Note the application is ultimately responsible for its own access control. This field only needs to be defined if the service visibility is set to include only to those in the CO Group⚙️
- ACCESS ATTRIBUTES - Information that will be used for the CO Person⚙️ to access the CO Service
  - Service Identifier Type: The Identifier⚙️ type that will be used to identify users within the system.
  - Service URL: The URL of the service.
- CONFIGURATION ATTRIBUTES
  - Short Label: Primarily intended when using LDAP Provisioning, a short label for the service that can be used when attribute options are enabled.
  - Service Label: A protocol-specific label for the CO Service, for example, SAML Entity ID or OIDC Client ID
  - Service Contact Email: The email address of a contact responsible for managing the service.
  - Entitlement URI: The entitlement URI, as specified by eduPerson associated with this service. This information also is used when provisioning, for example, to LDAP.
Click the ADD button to save the CO Service description and configuration.

Example Content

Since we do not have any specific services set up to add to our CO⚙️, let’s create a service that enables the members of our CO⚙️ to get access to the information page for this workshop. The example below, enables anyone to see the item, but only members of the open-membership “Chess Group” may access it.

Screen Shot - Add CO Service — Sample CO Service Configuration

[10]

Viewing the CO Services

Once a CO Service is available to a CO Person⚙️, that person will see the menu pick Services appear on their left-hand menu. Clicking on this menu pick will launch the Service Portal which lists all of the services that the the CO Person⚙️ may access. If at least one CO Service is configured with Unauthenticated User visibility, then the Service Portal will be publicly accessible. Otherwise, only members of the CO can see the Service Portal.

Clicking on the globe icon shown on a service listing will launch the service. In the example that we configured above, this action will launch the COmanage class website.

A CO Person⚙️ to add or remove themselves from the CO Group⚙️ associated with a CO Service directly from the Service Portal, using the Join and Leave buttons. (The Leave button is shown in the screen shot above because this user is already a member of the group.) Using Join and Leave is functionally equivalent to navigating to My Groups, finding the appropriate group, and ticking the Member button. This is only available when the CO Group⚙️ associated with a CO Service is an open group.

Terminology & resources

See resources and definitions for COmanage-specific terminology in this lesson.

The COmanage REST API Logging and Audit Trails

101: Workshop Intro & Getting to Know COmanage

201: Installing COmanage Using Docker Images

310: Modeling People in COmanage

320: Modeling Organizational Structures in COmanage

330: Linking to Systems Outside of COmanage

340: Enrollment Workflows

350: Provisioning

360: Offboarding

370: Extending COmanage Training