Join InCommon

COmanage Class

Managing Identities & Collaborations Workshop

May 19 – 20, 2020

An Online Workshop

Training Overview

This two-day hands-on class will provide a conceptual understanding of COmanage, and the technical know-how to get this solution up and running. Whether you represent a research computing center or central IT, you can expect to learn:

The Fine Print

In a nutshell, here is what you can expect over the next two days:

Knowledge of identity management concepts and related implementation experience is strongly recommended.

Tuition Schedule

Collaboration Success Program AlumniInCommon Participant Non-Participant
Early Bird Rate*$1,500$1,800$2,300
Regular Rate$1,500$2,000$2,500

*Early bird rates apply through May 8, 2020

Preparing for the Workshop

Detailed preparation instructions will be available and distributed prior to the class.

  1. The training makes use of Virtual Machines (VMs), in this case derived from Amazon Marketplace Images (AMI) loaded on Amazon Web Services. The training team will provide access instructions when you arrive for the first day of training.
  2. You will need to have an SSH client on your laptop you can use to SSH into the VM.
  3. You will need root/administrator access on the computer you will be bringing to class so that you can modify the local hosts file.
  4. Your VM will be available during the training and for two weeks after the training. After two weeks, the VM will no longer exist, so be sure to save anything you need within two weeks of the end of the training.

Curriculum Outline

Day One: Understanding COmanage’s Structure

As with most tools, COmanage uses a specific structure for modeling people and organizations. After getting an overview of the purpose of COmanage, you will get to work installing your own version of COmanage, and starting the process of modeling a simplified organization or collaboration and the people that you will register and manage within COmanage

Sample Agenda:

CO101 – Getting to Know COmanage 

COmanage has superpowers in linking to other systems and in automating workflows for enrollment and provisioning. On day two, you will customize and build your own enrollment flows, and will set up provisioning so your newly-registered people can be set up to access systems outside of COmanage. You will also set up offboarding policies and learn about the ways that COmanage can be configured or extended to do things that we won’t be able to cover during our time together.

CO201 – Installing COmanage Using the InCommon Docker Images 

In this lesson, you will gain a conceptual understanding of COmanage, what it can do, and how it integrates with other tools and processes. You will better know what you don’t know, and will have a general scaffolding to build additional knowledge.

In this lesson, you will learn how to install COmanage and configure it for basic use.


CO310 – Modeling People in COmanage

COmanage is a registry for people. In this lesson you will learn how people are represented within COmanage. You will explore how COmanage stores and manages information about people and how this information is linked to systems outside of COmanage. You will learn the types of roles that people can play and the privileges that are granted in COmanage as a result. Also covered is how to manage user authentication.


CO320 – Modeling Organizational Structures in COmanage

When using COmanage with your organization or collaboration, the people that you have registered will naturally fall into groups, perhaps by organizational unit, project team, or the activities that a group of people can do. In this lesson, you will learn how these structures are modeled within COmanage and understand which structures to use to meet your needs.

Day Two: Understanding COmanage’s Superpowers

Sample Agenda:

CO330 – Linking to Systems Outside of COmanage 

One of COmanage’s superpowers is in linking the registered people to their representations in your other systems. These systems include both “inbound systems”, or “systems of record” as well as “outbound systems” or “provisioned systems”. In this lesson you will learn how COmanage interprets systems of records as sources and links them to the registered people. You will also learn how COmanage shares information about registered people with systems so that these systems can make decisions about the rights and access privileges the person has.

CO340 – Workflows: Enrollment 

Another one of COmanage’s superpowers is in being able to manage workflows related to your registered people. A key one of these workflows is the enrollment workflows, or the creation of registered people within COmanage. In this lesson you will learn how enrollment workflows work and how to customize them to meet your needs. You will get to know the common ways that enrollment workflows are initiated, for example, by invitation, self-signup, or account linking. You will understand how to link your registered people to the organizational structures that you created and your “inbound systems” or “systems of record.”

CO350 – Workflows: Provisioning

The last step of the enrollment workflow is enabling provisioning, or the links between your registered people and “outbound” or “provisioned” systems. These links will enable these “provisioned systems” to make decisions about the rights and access privileges that the person has. In this lesson we will learn the basic structure for enabling these linkages, and review how to set up several commonly provisioned systems.

CO360 – Workflows: Offboarding

Eventually people that you have registered will no longer have a connection to part or all of your organization or collaboration. In this lesson we will learn how offboard people: how to unwind provisioning, roles and COmanage access. We will review workflow policies to handle the common reasons for offboarding, and learn how to set up automatic processing.

CO370 – Extending COmanage

During this workshop, we learned the basics of COmanage, though it can do so much more. During this lesson, you will whet your appetite for other topics to explore related to COmanage. You will learn how COmanage can be extended through plug-ins, and will be exposed to some of the ways that COmanage can handle more complicated use cases. We will discuss resources for continuing on your COmanage learning journey, and how to connect with the broader COmanage community for support and inspiration.

Payment, Cancellation, and Refund Policy

Cancellations received on or before 11:59:59 PM EDT on May 8, 2020 are entitled to a full conference refund less a $20 administrative fee. There will be no refunds after this date. If you cancel after 11:59:59 PM EDT on May 8, 2020 and have not paid by any other means, your credit card will be charged the cost of the registration fee.  If you cancel your registration after 11:59:59 PM EDT on May 8, 2020, you may name another person from your organization to take your place for meetings that allow transferred registrations. To cancel, transfer, or make changes to your registration, please contact  Thank you.

Participant Consent

Any person who attends an Internet2 event or workshop grants permission to Internet2 to use and publish his or her image or likeness collected in connection with the event for any usual and customary purpose of Internet2, including promotion of Internet2 and its programs.

As part of this event, participants in this conference may be videotaped, audiotaped, or otherwise recorded, and this footage may be edited, streamed, archived, broadcast, and otherwise retained by Internet2 or made available to the public. By participating in this conference, Participant consents to Internet2 performing these actions, and agrees to hold harmless Internet2 and its affiliates, members, trustees, agents, officers, contractors, volunteers, and employees against any and all legal claims arising out of, by reason of, or caused by the performance of these actions or other use or distribution of any footage.

Privacy Policy

(Updated July 1, 2015)

Internet2 values your privacy.  We recognize that you may be concerned about how we will treat the information that you share while registering for an event through our website (

This Privacy Policy for Event Registration describes the policies and procedures of Internet2 on the collection, use, and disclosure of the information you submit to us through our website when you register for one of our events.  It also describes the choices available to you regarding our use of your information and how you can access and update it.  This Privacy Policy does not apply to the practices of third party websites.

When you register for an event hosted by Internet2, we may ask you to provide information including, but not limited to, your name, gender, title, institution/affiliation, mailing address, email address, phone number, and fax number.  If you are paying an event registration fee with a credit card, we may collect the credit card number, credit card expiration date, and the cardholder’s name.  When applicable to the event, we also may ask you about meal preferences, allergies, special needs, and emergency contact information.

We collect your information for organizational purposes relating to the event you will be attending.  We also may use your contact information to communicate with you about Internet2 news and events.  We collect credit card information so we can process and record your transaction, properly bill your account, and issue you a receipt.  If you choose to provide your gender, we use this information strictly for statistical reporting purposes and will not associate your name or other personal information with your gender in such reporting.


As a long-standing organizational practice, we may post an event attendee list, including attendee names and institutions, on the event website (Internet2 members or others with InCommon credentials may log in to access attendee email addresses). We post this information online as a service for conference participants, offering a convenient way for the community to collaborate. Internet2 does not sell the contact information of event attendees. Visitors to our website are not permitted to sell, harvest, or generate mailing lists from the event attendee list, nor should they use it for promotional purposes.

Also, as a benefit of sponsoring our events, sponsors receive an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable. We closely coordinate with sponsors so that attendees receive information of value about the sponsor, and not just sales materials.

Internet2 sometimes convenes workshops, webinars, and other events in conjunction with trusted third parties.  With respect to attendees who register for these collaborative events through the Internet2 website, we may share attendee lists, including names, titles, institutions, postal addresses, email addresses, phone and fax numbers, with such third parties.  If you are registering for one of these events through a third party website and not providing the information directly to Internet2, then that third party’s privacy policy governs and Internet2 expressly disclaims all responsibility for the sharing of information related to registration for such an event. 

Occasionally, third parties from the research and education community request event attendee lists for purposes of developing surveys, identifying community needs, or collecting data that will be used in research projects that will benefit the community.  Upon request, we will share with these third parties an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable.

We will never store or share with third parties the credit card information we collect from you.  Protected health information (PHI) may be shared with third parties only with your permission and to the extent necessary to accommodate your needs at an event.  PHI is deleted from our records following completion of the event.

Internet2 uses industry-standard methods to maintain the security of the information you provide us.  However, we cannot guarantee that such information will never be accessed, used or released in a manner that is inconsistent with this policy, and we expressly disclaim any liability for any loss, misuse, alteration or unauthorized disclosure of your information.

The opportunity to opt out of any of the lists described in Section V. above is available during the registration process.  Additionally, any recipient of an automatically-generated email from Internet2 may unsubscribe from future messages via a link at the bottom of each message.

For questions about our Event Registration Privacy Policy, to update your privacy options after you have registered for an event, or to update or correct mistakes in the information you provided us, please contact

The Event Registration Privacy Policy posted here will always be current.  We encourage you to review this statement regularly.

If you have any questions regarding our Privacy Policy for Event Registration, please contact