COmanage provides collaboration management services for CILogon 2.0. COmanage enables research collaborations (virtual organizations or VOs) to manage the entire lifecycle of collaboration. Beginning with onboarding, COmanage provides flexible and customizable enrollment flows to bring people and their federated identities onto the platform and create a collaborative organization (CO). Each CO may have multiple active enrollment flows tailored specifically for particular types of collaborators such as faculty, students, or staff, and each flow may onboard users by invitation, self signup, and even conscription. During enrollment COmanage consumes the details about a user’s federated identity provided by their home organization and records it as an organizational identity. After enrollment the organizational identity is linked to the CO person identity representing the user as part of the CO or VO. Because researchers today may hail from multiple organizations and often participate in multiple VOs simultaneously COmanage supports linking multiple organizational identities to multiple CO person identities.

COmanage supports delegated management of the user and VO details necessary to support collaboration and access to applications. Users may be assigned multiple roles in the CO, and arbitrary sets of CO people can be pulled together into CO groups. COmanage supports the creation and management of multiple additional identifiers for a CO person record. These types of identifiers are often auto-generated at enrollment time and used to create specialized identifiers that can later be consumed by applications. COmanage can provision the roles, groups, attributes, and identifiers for a CO person so that they can be consumed by applications and other infrastructure and used to support authorization and tight integration. COmanage includes provisioning plugins for LDAP, Grouper from Internet2, GitHub, UNIX home directories, and a generic change log.

CO administrators can configure multiple flexible expiration policies on CO person records to support controlled offboarding. A user may transition from active to grace period status and then eventually to inactive or disabled, with configurable transition times and notifications. When a CO person transitions to inactive status COmanange deprovisions the CO person roles, groups, and attributes so that revocation of access to applications happens automatically and in accordance with VO policies.

For more info: