Identity and access management is a joint venture between you and Bold Penguin. There are three aspects of identity and access management that we will discuss; user management, assigning roles, and assigning permissions.
As a partner, you will create your users and map them to roles, which we will map to user groups on the Bold Penguin side. Permissions are based on roles, which you will map in your Identity Provider or IdP. Once users are assigned to the appropriate user groups, the users will have the permissions inherent to their group memberships.
Users are entities that log into the Bold Penguin platform, such as agents or call center representatives. Users are both created and managed on the partner side through your IdP management system. When the user logs into Bold Penguin, we will create an equivalent user in the terminal on their behalf.
Once the user logs into Bold Penguin, the system will check to see if the user has a valid session with our authenticator service. If the user doesn't have a valid session, they are directed to their IdP where they will sign in. Once the user successfully signs in to the IdP, it will direct the user back to our authenticator, and logs the user into our SSO service, creating a session. The user is then sent back to the original agent portal with a valid session so they can proceed.
Note: There is no instantaneous sync with regard to disabling a user. If the user is still signed in to our platform, that session will be active until the session expires unless you contact us and request that the user's access be revoked immediately.
For information regarding configuring an AzureAD IdP, please see our Azure Documentation for further details.
Roles are assigned to users on the partner side through your IdP at the application level. They are then mapped to user groups in the Bold Penguin Terminal, which define the permissions available to the members of these groups. If a user has two or more roles mapped to them, that user will inherit the permissions from all of the mapped roles.
In Azure AD, roles must be defined for a given application. We recommend that partners create the following four roles that map to Bold Penguin defined user groups:
Agent - All of the permissions a licensed agent would need to use the service and quote, including the ability to search across consumer and agent applications.
Manager - All of the above permissions as well as some light reporting, including carrier health, active users, etc.
Developer - None of the above permissions, but this role does have the permissions needed to manage API integrations via webhook subscriptions.
Admin - All of the above permissions. This role is essentially a superuser.
Bold Penguin recommends that partners utilize these four defined roles. If you have additional needs, please consult with your account team.
Permissions are sets of functions that agent terminal users are granted that allow them to complete a set of required tasks based upon their assigned role. Permissions are determined on the Bold Penguin side, based on the user groups your roles are mapped to.
For example, an agent group would allow all users of that group to perform the functions necessary to successfully perform the role of an agent. These may include functions like retrieving consumer quotes, generating quotes themselves, or binding existing quotes with carriers.