Understanding CO Services
COmanage supports a concept of CO Services
⚙️. A CO Service represents a service or application that a CO Person
⚙️ has access to by participating in the organization or collaboration. While access to the service is likely controlled by attributes stored and/or managed within COmanage, the service itself is not accessed as part of Registry. Instead, CO Services
⚙️ act as inventory or catalog of available services, rendering a list of available services on a per CO Person
⚙️ basis.
Hands on - Specify a CO Service for your CO
Navigate to the Identifier Assignment List
CMP Administrator
👑 OR CO Administrator
👑
- If necessary, sign into COmanage and navigate to your
CO
⚙️ - Navigate to the
CO Services
⚙️ List by clicking on the CO Configuration link in the left menu, and clicking on the Services link to display the services List.
Add a CO Service
-
Click the Add Service link above the table to display a CO Service configuration form.
-
Fill in the form for your service
- GENERAL ATTRIBUTES - This information also is used for display within the service directory.
- Name: Provide a name for the service that will be recognizable by the people in your organization or collaboration.
- Description: Include a description to provide additional information or context for those in your organization or collaboration that may be accessing this service.
- Status: The two options for status are “Active” or “Suspended”. Suspended services will not be available to those in your organization or collaboration.
- Visibility: Who can see this CO Service entry. Note that administrators are not treated specially – they will only see Services in the menu and portal for which they have associated eligibilities. To see the full list of services, administrators can use the configuration menu.
- CO Admin: Only
CO Administrators
👑 within theCO
⚙️ can see this service - CO Group Member: Only members of the
CO Group
⚙️ associated with this service can see it - CO Member: Any
CO Person
⚙️ within theCO
⚙️ can see this service - Unauthenticated User: Anyone can see this service
- CO Admin: Only
- Logo URL: The URL for an image that represents this service. NOTE: you can serve these locally from your Registry server. If this feature is of interest, we can talk about it toward the end of the workshop if time allows.
- RESTRICTION - The ability to restrict access to the service to subgroups of your
CO
⚙️- COU: If this service should only be available to
CO People
⚙️ included in a specificCOU
⚙️, this restriction can be added by selecting theCOU
⚙️ from the dropdown list. - Service Group: Access to this service is available only to members of this group. Note the application is ultimately responsible for its own access control. This field only needs to be defined if the service visibility is set to include only to those in the
CO Group
⚙️
- COU: If this service should only be available to
- ACCESS ATTRIBUTES - Information that will be used for the
CO Person
⚙️ to access the CO Service- Service Identifier Type: The
Identifier
⚙️ type that will be used to identify users within the system. - Service URL: The URL of the service.
- Service Identifier Type: The
- CONFIGURATION ATTRIBUTES
- Short Label: Primarily intended when using LDAP Provisioning, a short label for the service that can be used when attribute options are enabled.
- Service Label: A protocol-specific label for the CO Service, for example, SAML Entity ID or OIDC Client ID
- Service Contact Email: The email address of a contact responsible for managing the service.
- Entitlement URI: The entitlement URI, as specified by eduPerson associated with this service. This information also is used when provisioning, for example, to LDAP.
- GENERAL ATTRIBUTES - This information also is used for display within the service directory.
-
Click the ADD button to save the CO Service description and configuration.
Example Content
Since we do not have any specific services set up to add to our CO
⚙️, let’s create a service that enables the members of our CO
⚙️ to get access to the information page for this workshop. The example below, enables anyone to see the item, but only members of the open-membership “Chess Group” may access it.
[10]
Viewing the CO Services
Once a CO Service is available to a CO Person
⚙️, that person will see the menu pick Services appear on their left-hand menu. Clicking on this menu pick will launch the Service Portal which lists all of the services that the the CO Person
⚙️ may access. If at least one CO Service is configured with Unauthenticated User visibility, then the Service Portal will be publicly accessible. Otherwise, only members of the CO can see the Service Portal.
Clicking on the globe icon shown on a service listing will launch the service. In the example that we configured above, this action will launch the COmanage class website.
A CO Person
⚙️ to add or remove themselves from the CO Group
⚙️ associated with a CO Service directly from the Service Portal, using the Join and Leave buttons. (The Leave button is shown in the screen shot above because this user is already a member of the group.) Using Join and Leave is functionally equivalent to navigating to My Groups, finding the appropriate group, and ticking the Member button. This is only available when the CO Group
⚙️ associated with a CO Service is an open group.
Terminology & resources
See resources and definitions for COmanage-specific terminology in this lesson.