Roles and Permissions

A well-structured role-based access control (RBAC) system is essential for effectively managing user permissions in B2C and B2B environments. LoginRadius provides a flexible and scalable RBAC framework tailored to the needs of businesses offering services to individual customers (B2C) and organizations (B2B). This system ensures that users and organizations access only the features and data they are authorized to access, enhancing security and operational efficiency.

Key Features

LoginRadius offers a robust role-based access control (RBAC) system that ensures structured access control and security for B2C and B2B environments.

For B2C (Consumer-Focused Role Management)

• Predefined User Roles – Assign roles like Admin, Moderator, or Standard User for structured access control.
• Granular Permissions – Define specific actions users can perform based on assigned roles.
• Dynamic Role Adjustments – Modify user roles based on behavioral triggers or subscription plans.
• Contextual Access Control – Enhance security by granting time-sensitive or location-based permissions.

For B2B (Business & Multi-Tenant Role Management)

• Tenant-Level Roles & Permissions – Define organization-wide roles applicable across multiple sub-organizations.
• Organization-Level Customization – Allow each organization to create and manage its roles while inheriting tenant policies.
• Scalable Multi-Tenant Management – Seamlessly support large enterprises with multiple clients, vendors, or departments.
• Delegated Admin Controls – Assign administrative privileges to specific organizational users for self-managed access control.

Use Cases

1. Multi-Tenant SaaS Application

   • A SaaS-based project management tool enables companies to onboard their employees with custom roles like Manager, Team Lead, and Employee.
   • Each company defines its access policies while adhering to the tenant-wide security rules the SaaS provider sets.

2. E-Commerce Marketplace

   • Vendors selling products on a marketplace platform can assign roles like Store Owner, Sales Manager, and Customer Support Representative.
   • Granular permissions ensure only authorized users can manage inventory, process orders, and handle customer queries.

3. Healthcare Platform with Compliance Requirements

   • A healthcare provider uses role-based access to restrict doctors, nurses, and administrators from accessing sensitive patient records based on their roles.
   • HIPAA-compliant security policies are enforced through multi-factor authentication and permission-based role management.

4. Enterprise-Level Identity Management

   • A multinational corporation manages thousands of employees across subsidiaries with different organizational structures.
   • The IT department assigns roles dynamically based on department, seniority, and geographic location while allowing local offices to manage user access independently.

Configuration Guide

This section explains how to configure roles and permissions within LoginRadius for both B2C and B2B environments.

B2C Configuration

1. Navigate to Customers > Roles & Permissions in the LoginRadius Admin Console.
2. Click Add Role to define a new role.
3. Assign permissions to the role.
4. Save the role and apply it within your application logic.

B2B Configuration

To create tenant roles for a B2B/Partner IAM case that can be assigned to all organizations, follow these enhanced steps:

1. Navigate to Admin Console > Organizations.

2. Select the organization for which you want to create a role and go to the Roles tab.

3. Click on Create Role to define the role’s attributes. Ensure that the role name is unique across the entire system.

4. Assign specific permissions to the role.

   • Permissions should include CRUD (Create, Read, Update, Delete) functionalities.
   • Each permission name must be unique to avoid conflicts.
   • A single permission can be mapped to multiple roles, facilitating flexible role management.

5. Remember that role names must also be unique to maintain clear organization when creating roles.

6. If you want to establish default roles, note that these are predefined roles that can be automatically assigned to users within the organization. Default roles ensure every user has a baseline set of permissions, simplifying role management.

7. After defining the role and associated permissions, save and apply it to the relevant organization users.

Assigning Roles

1. Navigate to Organizations > Users in the Admin Console.
2. Select the user to whom you want to assign a role.
3. Choose an appropriate role from the available options.
4. Save the assignment to enforce the access policy.

📌Note: Roles can also be utilized in Single Sign-On (SSO) configuration for role mapping. To configure this, go to Organizations > Click on specific organization > Click on the Features Tab, and the Custom IDP option will be visible there.

In the configuration under the Group and Role Assignment section, you can specify how roles are mapped during the SSO process. This integration ensures that users receive the correct permissions automatically upon signing in, simplifying access management across your organization.

Best Practices

To ensure secure and efficient role and permission management, follow these best practices:

• Grant Only Necessary Access: Assign the minimum required permissions to reduce security risks.
• Review Permissions Regularly: Keep user roles updated as business needs evolve.
• Use Custom ID-based Authentication for Organizations: Adjust authentication settings at both the tenant and organization levels.
• Enable Single Sign-On (SSO) for Businesses: Allow seamless login integration with enterprise identity providers.
• Personalize User Experience: Offer custom branding options for different organizations.

Related Resources

• User Management
• Consent Management
• Consumer Audit Logs
• Customer Security
• Roles Management APIs