Organizational Identity Sources create read-only Org Identities. This is generally a good thing, since it reflects source data unmodified. However, there are circumstances where this is a problem, such as when the source data is incomplete or wrong.
Shadow Org Identities would be full fledged Org Identities, but attached to a read-only Org Identity generated from an OIS (and not to a CoOrgIdentityLink). They would operate in two modes, according to the OIS configuration:
- Corrective: Shadow data overrides data in the parent Org Identity.
- Supplemental: Shadow data is used to complete the parent Org Identity, but does not override it.
Merged data would be available in Pipelines and other views.
Shadow Org Identities could be created manually by an administrator, or as part of enrollment (in particular for Enrollment Sources in Authenticate mode, but maybe for others as well by linking after petitioner_attributes).
Self Service could be enabled for Shadow Org Identities, perhaps on a per-OIS basis.