Status Management
CO Person and Person Role Status
Each CO Person Role has a status attached to it, and each CO Person has an overall status that is generally calculated as the “most preferred” of the attached CO Person Role statuses. Statuses represent various states in the identity lifecycle, and various statuses have specific meanings within COmanage.
Status can be changed under various circumstances:
- As part of Enrollment or Invitation.
- As part of an Organizational Identity Source and Pipeline sync.
- Due to an Expiration Policy.
- By updating CO Person Role validity dates.
- If a Role is in Pending status and the Valid From date is updated to be in the past, the Role will automatically change to Active status.
- If a Role is in Active status and the Valid From date is updated to be in the future, the Role will automatically change to Pending status.
- If a Role is in Expired status and the Valid Through date is updated to be in the future, the Role will automatically change to Active status.
- If a Role is in Active or Grace Period status and the Valid Through date is updated to be in the past, the Role will automatically change to Expired status.
- Manually. Note that manual changes will be overwritten when an automatic update would result in a different status.
The status of a CO Person is generally calculated from the status of the CO Person Roles attached. This happens automatically under the following conditions:
- When a CO Petition is approved/the Enrollee becomes active.
- When an Expiration Policy changes the status of a CO Person Role.
- When updating a CO Person Role Valid Through date causes the CO Person Role to become Active.
- When a Pipeline results in a status change.
- When a CO Person Role status is manually changed.
The CO Person status is set to the “most preferred” status of the attached CO Person Roles. “Most preferred” is currently defined as the order in the table, below. In general, active statuses are most preferred, followed by expired statuses (since there may have been skeletal records provisioned that need to be maintained), followed by invitation statuses.
CO Person and Person Role Records are passed to Provisioners based on their status, as indicated in the table, below.
This table is effective as of Registry v2.0.0. For earlier versions, see this page.
In Registry v2.x and v3.x, this table is only supported by certain provisioners (Ldap, Crowd, LdapServiceToken). (CO-1740)
| Preference | Status | Description | Provisioning |
|---|---|---|---|
| 1 | Active | Person or Role is an active member in the CO | Person, Role, and Group data provisioned |
| 2 | GracePeriod | Primary association with the CO has ended, but services have not yet been deprovisioned | Person, Role, and Group data provisioned |
| 3 | Suspended | Association with the CO has been (manually) temporarily suspended | Person data and All Members Groups provisioned |
| 4 | Expired | Valid through date has been reached | Person data and All Members Groups provisioned |
| 5 | Approved | No data provisioned | |
| 6 | PendingApproval | The enrollment flow petition is pending approval | No data provisioned |
| 7 | Confirmed | No data provisioned | |
| 8 | PendingConfirmation | An invitation or email confirmation was sent via an enrollment flow | No data provisioned |
| 9 | Invited | An invitation was sent via default enrollment | No data provisioned |
| 10 | Pending | No data provisioned | |
| 11 | Denied | The enrollment flow petition was denied | No data provisioned |
| 12 | Declined | The invitation sent via default enrollment was declined | No data provisioned |
| 13 | Deleted | No data provisioned | |
| 14 | Duplicate | The record is a duplicate of another | No data provisioned |
Copyright (C) 2018-2020 University Corporation for Advanced Internet Development (Internet2) - All Rights Reserved