...

1. Assuming the self signup enrollment flow, the researcher begins the flow by authenticating using their home IdP. If the IdP is configured to release attributes and COmanage is appropriately configured, those attributes will be prepopulated into the signup form. Otherwise, and for any additional attributes, the researcher completes the signup form.
2. The researcher will be asked to confirm control of their asserted email address by clicking a link sent to it.
3. The collaboration administrator reviews the application and approves the enrollment.
4. Once approved, COmanage will assign a login ID and write the researcher's record to the LDAP server, effectively creating the researcher's Unix account. As part of the approval process, a notification is sent to the researcher regarding the approval and including the login ID and server address.
5. The researcher logs into COmanage and uploads their SSH public key.
6. COmanage adds the public key to the LDAP record.
7. The research may now log in to the Unix server, using the provided address, login ID, and their existing SSH private key.

Video on this work

Resources

• SSH Key Proof of Concept Screencast

• COmanage documentation

...