Skip to main content

SSO & RBAC

Overview

Role-Based Access Control (RBAC) in BeTalent is integrated with AWS Cognito to manage and define roles for users accessing the system. This system provides both B2C (Business to Consumer) and B2B (Business to Business) authentication flows, where users can authenticate through external identity providers or via pre-provisioned credentials for backend integrations.

RBAC Mechanism

Once authenticated, AWS Cognito assigns roles to users and systems based on the information provided by the identity provider (IdP) or pre-defined roles. The roles determine the level of access and permissions the user or system has within the BeTalent platform.

User Roles

The BeTalent platform defines the following standard roles managed within Cognito User Pools:

  1. ADMIN:
  • Full administrative privileges, including user management, global configuration, and comprehensive system access.
  1. ORGANIZATION_ADMIN:
  • Administration privileges restricted to the user's organization.
  • Ability to assign roles and manage users within their organization only.
  1. TENANT_ADMIN:
  • Administrative control confined to a specific tenant or business unit.
  • No permissions to alter global system settings outside their tenant.
  1. HR:
  • Permissions focused on managing candidate data and processes relevant to HR workflows.
  • Restricted access to global administrative configurations.
  1. USER:
  • Standard role for individual users with permissions limited to personal data management and interactions specific to their own data.

Role Association in Federated Authentication

When users authenticate via federated identity providers, AWS Cognito assigns roles based on the information (e.g., claims) received from the Identity Provider (IdP). These roles are included in the JWT token issued by Cognito.

Roles can be mapped based on the user's profile, group, or organizational affiliation within the identity provider.

Managing Roles

Roles are assigned either automatically or manually by platform administrators based on the user's information or organizational policies. The platform provides flexibility for both manual and automated role assignment, ensuring a smooth experience for organizations managing their users.

Conclusion

By leveraging AWS Cognito for SSO and RBAC, BeTalent ensures a secure and flexible method for managing user authentication and access control. This system allows organizations to control user permissions through roles while maintaining the scalability and security of their platform.