Identity and access management is a shared responsibility between you and Bold Penguin. There are two aspects of identity and access management that we will discuss: user management and assigning roles.
The Bold Penguin terminal uses role-based access control (RBAC) based on the information we receive from your Identity Provider (IdP). As a partner, you create users and assign them to roles which we then consume on the Bold Penguin side. Once users are assigned to the appropriate role, the users will have the permissions inherent to that role in the Bold Penguin terminal.
Users are entities that log into the Bold Penguin platform, such as agents or call center representatives. Users are both created and managed on the partner side through your IdP management system. When the user logs into your Identity Provider, we will create an equivalent user in the terminal on their behalf.
When a user accesses the Bold Penguin terminal, the system will check to see if the user has a valid session with our authenticator service. If the user doesn't have a valid session, they are directed to your IdP where they will sign in. After the user successfully signs in to the IdP, it will direct the user back to our authenticator service to create a terminal session. The user is then sent back to the your terminal with the valid session token so they can proceed.
Note: There is no instantaneous sync with regard to disabling a user. Existing user sessions are active until the session expires unless you contact us and request that the user's access be revoked immediately.
Roles are assigned to users on the partner side through your IdP SAML application. Bold Penguin consumes the role sent over with the user SAML assertion and assigns the appropriate permissions for the user's session in the terminal. If a user has more than one role mapped to them, that user will inherit the permissions from all of the mapped roles.
We recommend that partners map to the following Bold Penguin defined roles:
- Agent - All of the permissions a licensed agent would need to use the service and quote, including the ability to search across consumer and agent applications.
- Principal - Full administrative permissions.
If you have permissions needs that fall outside these roles, please consult with your account team.