Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

COmg-CO101-intro/_episodes/03-whyCOmanage.md

Go to file
Some word smithing and filled out two small sections.
Latest commit f55b73b Nov 14, 2019 History 
Some word smithing and filled out two small sections about capabilities.
1 contributor

Users who have contributed to this file

3. What is COmanage? What COmanage does Who uses COmanage? The architecture Establish who you will include Enroll these individuals Enrich the information about these individual Model your organization and include the individuals where they belong Provisioning
81 lines (52 sloc) 5.05 KB
Raw Blame
Error in user YAML: (<unknown>): did not find expected key while parsing a block mapping at line 1 column 1
---
title: "What is COmanage?"
teaching: 15
exercises: 0
questions:
- "Question here"
objectives:
- "List the objectives"
keypoints:
- "List the key takeaways for the episode"
workshopOverviewName: "COmanage Workshop: Managing Identities & Collaborations"
workshopOverviewURL: "https://github.internet2.edu/lpaglione/COmg-trainingOverview/blob/master/README.md"
lessonOverviewName: "CO101 - Workshop Intro & Getting to Know COmanage"
lessonOverviewURL: "../index.md"
previousEpisodeName: "2. About Identity Registries" previousEpisodeURL: "/_episodes/02-identityRegistries.md"
nextEpisodeName: "4. COmanage Capabilities"
nextEpisodeURL: "/_episodes/04-capabilities.md"
---

3. What is COmanage?

Where does COmanage sit in an Identity and Access Management (IAM) architecture?

What COmanage does

COmanage Registry combines group management with configurable and flexible enrollment workflows to support the quick and easy spin up of collaborations focusing on a common task or goal.

COmanage is a key tool for several things:

  • Enrolling individuals into your Identity and Access Management systems in diverse ways
  • Combining information about a person that come from different sources into a single, comprehensive record
  • Modeling your organization as broad "groups" and attaching this group information to the combined identity records
  • Provisioning this information to other systems, either to use directly to manage access to systems or services, or to manage access via another tool like midPoint or Grouper.

Who uses COmanage?

COmanage is usually used by one of two audiences:

  • Virtual Organizations (VOs) and groups that have straight-forward person enrollment and privilege management needs. This group usually can use COmanage directly to manage all aspects of enrolling individuals into their group using customized enrollment processes. In addition, because of the sophisticated ability to model organizations in COmanage, these VOs can usually can use this feature to provision access to systems and services without the need of another system.

  • Organizations with multiple identity source systems, and where any particular person may have multiple affiliations with the organization (for example, a student and an employee), and/or organizations with more complicated organizational structures. This group usually has a more complicated time establishing a single record of information about an individual, either because the individual potentially has a more complicated relationship to the organization, or because individual relationships to the organization are complicated by temporal, location-based, or group management considerations.

The architecture

Consider the things that you'd want to do with identities:

Identity System Architecture

Establish who you will include

Determine the internal Policy & Governance (decisions by your organization or group about who to include).

Enroll these individuals

Using one or more enrollment models, register the included individuals so that you may provide identity and access management services to them. Enrollment processes may include using information from Source Systems (data sources that contain information about these individuals), enrollment flows (for example, through a digital or in-person interaction with the person), or other models.

Enrich the information about these individual

It is often helpful to create a comprehensive set of information about an individual to make it easier to set up access to systems, services and resources based on rules. To build these information sets, you may include information from multiple source systems, or enrich the identity information with information from teams, programs.

Model your organization and include the individuals where they belong

Your organization may be modeled by departments and centers, but it may also have temporary groups like a research project or event enrollment. Your groups may be related to how individuals interact with your organization, what their relationship is to your organization or how they will use your resources and services. In addition, it is rare for there to only be one lens by which to view these groups. COmanage can be used to describe basic information about your organization and enroll individuals into these groups.

Provisioning

Sometimes having individuals in groups is all you need to provide the correct access to your systems, services and resources. Other times you will have more complicated or sophisticated needs, so a dedicated tool for group management and provisioning will be helpful. Either way COmanage's single view of an individual is an asset to any system using the information.

NEXT SECTION: 4. COmanage Capabilities

PREVIOUS SECTION: 2. About Identity Registries

LESSON OVERVIEW: CO101 - Workshop Intro & Getting to Know COmanage

WORKSHOP OVERVIEW: COmanage Workshop: Managing Identities & Collaborations