Managing Identities & Collaborations Workshop
May 19 – 20, 2020
An Online Workshop
This two-day hands-on class will provide a conceptual understanding of COmanage, and the technical know-how to get this solution up and running. Whether you represent a research computing center or central IT, you can expect to learn:
- how to install COmanage using the InCommon Docker image and configure it for basic use
- configure COmanage so that it works in a way that is customized for your organizational needs
- how to model your organization or collaboration, and to set up enrollment flows and data processing to get the right people using the right services
- basics of identifier management and group/role management
The Fine Print
In a nutshell, here is what you can expect over the next two days:
- Meeting up to 40 new friends from campuses across the globe
- Direct access to subject matter experts. Don’t be shy with your questions!
- Gain experience with the Docker container version of COmanage
Knowledge of identity management concepts and related implementation experience is strongly recommended.
|Collaboration Success Program Alumni||InCommon Participant||Non-Participant|
|Early Bird Rate*||$1,500||$1,800||$2,300|
*Early bird rates apply through April 17, 2020
Preparing for the Workshop
Detailed preparation instructions will be available and distributed prior to the class.
- The training makes use of Virtual Machines (VMs), in this case derived from Amazon Marketplace Images (AMI) loaded on Amazon Web Services. The training team will provide access instructions when you arrive for the first day of training.
- You will need to have an SSH client on your laptop you can use to SSH into the VM.
- You will need root/administrator access on the computer you will be bringing to class so that you can modify the local hosts file.
- Your VM will be available during the training and for two weeks after the training. After two weeks, the VM will no longer exist, so be sure to save anything you need within two weeks of the end of the training.
Day One: Understanding COmanage’s Structure
As with most tools, COmanage uses a specific structure for modeling people and organizations. After getting an overview of the purpose of COmanage, you will get to work installing your own version of COmanage, and starting the process of modeling a simplified organization or collaboration and the people that you will register and manage within COmanage
COmanage has superpowers in linking to other systems and in automating workflows for enrollment and provisioning. On day two, you will customize and build your own enrollment flows, and will set up provisioning so your newly-registered people can be set up to access systems outside of COmanage. You will also set up offboarding policies and learn about the ways that COmanage can be configured or extended to do things that we won’t be able to cover during our time together.
In this lesson, you will gain a conceptual understanding of COmanage, what it can do, and how it integrates with other tools and processes. You will better know what you don’t know, and will have a general scaffolding to build additional knowledge.
In this lesson, you will learn how to install COmanage and configure it for basic use.
COmanage is a registry for people. In this lesson you will learn how people are represented within COmanage. You will explore how COmanage stores and manages information about people and how this information is linked to systems outside of COmanage. You will learn the types of roles that people can play and the privileges that are granted in COmanage as a result. Also covered is how to manage user authentication.
When using COmanage with your organization or collaboration, the people that you have registered will naturally fall into groups, perhaps by organizational unit, project team, or the activities that a group of people can do. In this lesson, you will learn how these structures are modeled within COmanage and understand which structures to use to meet your needs.
Day Two: Understanding COmanage’s Superpowers
One of COmanage’s superpowers is in linking the registered people to their representations in your other systems. These systems include both “inbound systems”, or “systems of record” as well as “outbound systems” or “provisioned systems”. In this lesson you will learn how COmanage interprets systems of records as sources and links them to the registered people. You will also learn how COmanage shares information about registered people with systems so that these systems can make decisions about the rights and access privileges the person has.
Another one of COmanage’s superpowers is in being able to manage workflows related to your registered people. A key one of these workflows is the enrollment workflows, or the creation of registered people within COmanage. In this lesson you will learn how enrollment workflows work and how to customize them to meet your needs. You will get to know the common ways that enrollment workflows are initiated, for example, by invitation, self-signup, or account linking. You will understand how to link your registered people to the organizational structures that you created and your “inbound systems” or “systems of record.”
The last step of the enrollment workflow is enabling provisioning, or the links between your registered people and “outbound” or “provisioned” systems. These links will enable these “provisioned systems” to make decisions about the rights and access privileges that the person has. In this lesson we will learn the basic structure for enabling these linkages, and review how to set up several commonly provisioned systems.
Eventually people that you have registered will no longer have a connection to part or all of your organization or collaboration. In this lesson we will learn how offboard people: how to unwind provisioning, roles and COmanage access. We will review workflow policies to handle the common reasons for offboarding, and learn how to set up automatic processing.
During this workshop, we learned the basics of COmanage, though it can do so much more. During this lesson, you will whet your appetite for other topics to explore related to COmanage. You will learn how COmanage can be extended through plug-ins, and will be exposed to some of the ways that COmanage can handle more complicated use cases. We will discuss resources for continuing on your COmanage learning journey, and how to connect with the broader COmanage community for support and inspiration.
Payment, Cancellation, and Refund Policy
Cancellations received on or before 11:59:59 PM EDT on May 8, 2020 are entitled to a full conference refund less a $20 administrative fee. There will be no refunds after this date. If you cancel after 11:59:59 PM EDT on May 8, 2020 and have not paid by any other means, your credit card will be charged the cost of the registration fee. If you cancel your registration after 11:59:59 PM EDT on May 8, 2020, you may name another person from your organization to take your place for meetings that allow transferred registrations. To cancel, transfer, or make changes to your registration, please contact email@example.com. Thank you.
Any person who attends an Internet2 event or workshop grants permission to Internet2 to use and publish his or her image or likeness collected in connection with the event for any usual and customary purpose of Internet2, including promotion of Internet2 and its programs.
As part of this event, participants in this conference may be videotaped, audiotaped, or otherwise recorded, and this footage may be edited, streamed, archived, broadcast, and otherwise retained by Internet2 or made available to the public. By participating in this conference, Participant consents to Internet2 performing these actions, and agrees to hold harmless Internet2 and its affiliates, members, trustees, agents, officers, contractors, volunteers, and employees against any and all legal claims arising out of, by reason of, or caused by the performance of these actions or other use or distribution of any footage.
(Updated July 1, 2015)
Internet2 values your privacy. We recognize that you may be concerned about how we will treat the information that you share while registering for an event through our website (www.internet2.edu).
2. WHAT THIS POLICY COVERS
3. WHAT INFORMATION IS COLLECTED
When you register for an event hosted by Internet2, we may ask you to provide information including, but not limited to, your name, gender, title, institution/affiliation, mailing address, email address, phone number, and fax number. If you are paying an event registration fee with a credit card, we may collect the credit card number, credit card expiration date, and the cardholder’s name. When applicable to the event, we also may ask you about meal preferences, allergies, special needs, and emergency contact information.
4. WHY WE COLLECT THIS INFORMATION
We collect your information for organizational purposes relating to the event you will be attending. We also may use your contact information to communicate with you about Internet2 news and events. We collect credit card information so we can process and record your transaction, properly bill your account, and issue you a receipt. If you choose to provide your gender, we use this information strictly for statistical reporting purposes and will not associate your name or other personal information with your gender in such reporting.
5. WHAT THIRD PARTIES, IF ANY, IS THE DATA SHARED WITH
As a long-standing organizational practice, we may post an event attendee list, including attendee names and institutions, on the event website (Internet2 members or others with InCommon credentials may log in to access attendee email addresses). We post this information online as a service for conference participants, offering a convenient way for the community to collaborate. Internet2 does not sell the contact information of event attendees. Visitors to our website are not permitted to sell, harvest, or generate mailing lists from the event attendee list, nor should they use it for promotional purposes.
Also, as a benefit of sponsoring our events, sponsors receive an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable. We closely coordinate with sponsors so that attendees receive information of value about the sponsor, and not just sales materials.
Occasionally, third parties from the research and education community request event attendee lists for purposes of developing surveys, identifying community needs, or collecting data that will be used in research projects that will benefit the community. Upon request, we will share with these third parties an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable.
We will never store or share with third parties the credit card information we collect from you. Protected health information (PHI) may be shared with third parties only with your permission and to the extent necessary to accommodate your needs at an event. PHI is deleted from our records following completion of the event.
6. HOW WE SECURE YOUR INFORMATION
Internet2 uses industry-standard methods to maintain the security of the information you provide us. However, we cannot guarantee that such information will never be accessed, used or released in a manner that is inconsistent with this policy, and we expressly disclaim any liability for any loss, misuse, alteration or unauthorized disclosure of your information.
7. HOW YOU CAN OPT OUT
The opportunity to opt out of any of the lists described in Section V. above is available during the registration process. Additionally, any recipient of an automatically-generated email from Internet2 may unsubscribe from future messages via a link at the bottom of each message.
8. ACCESS TO PERSONAL INFORMATION AND OPPORTUNITY TO UPDATE INFORMATION
9. NOTICE FOR UPDATES AND CHANGES TO POLICY
10. WHO TO CONTACT IF YOU HAVE QUESTIONS