Select Page

There are 2 major authentication concepts within NLogistics

  1. User Login/Password
    1. An admin invites a new user, which will provide access to a login and password (https://usermanagertest.corpfleet.app)
      1. The login and password is held in Microsoft AD, and the application permissions for the login are held in Microsoft ADB2C
        1. This facilitates shifting of identity servers without losing application permissions
    2. If a new user has a CompanyID issued by HR/Cytric, the user can self-register, authenticated by CompanyID and matching verified email (https://selfregistrationtest.corpfleet.app)
  2. Traveler (a booking cannot be made for a passenger unless they are first created as a traveler)
    1. Once a user has a password, the user can be synced into being a traveler
      1. The verified email address is joins the Login/Password identity to the Traveler identity
      2. Anyone issued with a CompanyID is automatically synced to be a traveler
      3. Soft syncing of CompanyIDs to be travelers happens automatically (upsert), but hard syncing (“delete and replace” traveler list can only be done by an admin)

Within User Manager

  • “UserReader” can see all users in User Manager, not just themselves
  • “UserManager” can add/modify users in User Manager
  • “ProfileReader” can manually sync users to become travelers in Logistics (without this permission, a manual sync will fail)

Overall, the authentication factors currently catered for:

  • Can create bookings/feedback, or operational staff, or something else?
    • Profile?
      • Staff/booker
      • Dependent?
      • Guest traveler?
        • e.g. extended family?
    • Contractor
    • Adhoc traveler?
      • Dropdown select of names
      • Type in names
  • Book on behalf?
    • Goshow bookings?
    • Belong to 1 or more groups for bookings?
      • Default
      • Internal
      • External
      • Booker belongs to more than one group e.g. SPDC and default?
        • Group belongs to one of more fare-categories?
      • Payment or free?
        • Payment type?
      • Exempt from companyrules?
  • Which password authority?
    • NLNG for SSO?
    • Binarystack for contractors?
    • Shared PowerBI licensing?
  • Application Roles
    • Am I an application admin?

The User Manager roadmap currently includes:

  • All roles/permissions for all modules can be managed in the same place
  • Lists can be imported for self registration by an admin e.g. a group of 300 teachers can be setup to self-register