ORCID provides a persistent digital identifier that uniquely identifies researchers. The ORCID iD is researcher-centric, meaning in general the researcher is responsible for creating, maintaining, and asserting their own ORCID iD. ORCID provides an API for integrating ORCID services with research systems.
Leverage COmanage to allow the researcher to authenticate their ORCID iD to the collaboration, and to write the ORCID to LDAP for use in collaboration services.
This will be achieved by using a COmanage Organizational Identity Source to sync an ORCID record to a COmanage Organizational Identity, and then using a COmanage Pipeline to copy the ORCID to the CO Person record. Finally, the ORCID will be provisioned using the LDAP Provisioner.
Architecture and Components
The major components in this pilot are
- COmanage Registry, used to manage participant registration in the collaboration
- SQL database backend, used by COmanage
- LDAP Server, provisioned by COmanage and used by collaboration services as a source of account information
- ORCID, a researcher digital identity registry.
This section assumes that each component is already installed and configured for basic connectivity.
An ORCID iD is required. For non-members, it will be necessary to use credentials established from a personal ORCID iD, ORCID does not currently support "institutional" or "service" accounts except for paid members.
The LDAP server must be configured with the eduPerson schema (201602 or later).
It is assumed that COmanage is already set up with an enrollment process, such as the one used for the COmanage SSH pilot, and that an LDAP provisioning target has already been created.
The Pipeline must be defined first. The configuration should look like:
- Name: ORCID Pipeline
- Status: Active
- Match Strategy: Do Not Match
- Sync on Add: Yes
- Sync on Update: Yes
- Sync on Delete: Yes
- Create CO Person Role Record: No
Next, configure an ORCID Organizational Identity Source. The initial setup will look like:
- Description: ORCID
- Plugin: OrcidSource
- Status: Active
- Sync Mode: Manual
- Pipeline: ORCID Pipeline
After saving the initial setup, the ORCID configuration page will show the redirect URI needed to obtain the Client ID and Secret from ORCID. (More information about how to obtain the Client ID and Secret is available here.) Record the Client ID and Secret in the COmanage ORCID configuration page and click Save.
Next, create an enrollment flow for researchers to self-link their ORCID iD. The relevant configuration options are:
- Name: ORCID Linking
- Petitioner Enrollment Authorization: CO Person
- Pipeline: None
- Identity Matching: Self
- Require Approval For Enrollment: No
- Email Confirmation Mode: None
- Do not add any Enrollment Attributes. (If prompted after saving the configuration, simply page back.)
- Click Attach Org Identity Source, then Add Enrollment Source. Configure it as follows:
- Organizational Identity Source: ORCID
- Org Identity Mode: Authenticate
Finally, update the LDAP Provisioner configuration to export the eduPersonOrcid attribute.
To link an ORCID iD, the researcher simply logs into COmanage, selects People > Enroll, and clicks Begin next to ORCID Linking. The researcher will be redirected to ORCID to authenticate, and then returned to COmanage which will link the ORCID iD into the Registry record.