First to Site
Release 3.0

Access Control & Authentication

Company-level access management, Auth0 PKCE authentication, SSO, division management, and user group configuration

Overview

Access control for the Ordering Portal is managed at multiple levels - from platform-wide authentication through Auth0, to company-level access toggles, to division and user group-specific service configurations. The system is designed to give administrators granular control over who can access the portal and what services are available to them, while providing customers with a seamless single sign-on experience.

Authentication

Auth0 Integration

The Ordering Portal uses Auth0 for secure authentication with the PKCE (Proof Key for Code Exchange) flow:

  • Pkce authentication flow - The industry-standard PKCE flow provides secure authentication without exposing client secrets
  • Single sign-on (SSO) - Customers use their existing FTS Platform credentials to access the Ordering Portal without any additional login
  • Automatic authentication - When a customer clicks the Ordering Portal link from the Customer Portal, they are automatically authenticated
  • Session management - Authentication sessions are managed securely across both portals

User Signup

New users can register for platform access:

  • Registration workflow - New accounts are registered with required fields including email, password, and profile information
  • Password requirements - Passwords must include at least 1 capital letter, 1 symbol, and a minimum of 6 characters
  • FTS Retail User Group - New signups are automatically assigned to the FTS Retail User Group with appropriate default permissions
  • Password recovery - Forgot password functionality sends a reset link via email

Company-Level Access Control

Access to the Ordering Portal is controlled at the company level. When enabled, all users belonging to that company see the Ordering Portal in their Customer Portal sidebar.

Individual Company Management

Administrators can enable or disable access for a single company:

  1. Navigate to Companies in the Admin Portal
  2. Find the company and click Edit
  3. Locate "Has Ordering Portal Access" in the Company Details section
  4. Toggle ON to enable, or OFF to disable
  5. Save Changes

Bulk Company Management

For managing access across multiple companies simultaneously:

  1. Navigate to Companies in the Admin Portal
  2. Click "Sync Services to All Companies"
  3. Use the toggle switch next to each company to enable or disable access
  4. Changes apply immediately - no save button required

The bulk management page displays service counts and other relevant information for each company, providing administrators with a comprehensive overview.

What Customers See

When access is enabled:

  • A new "Ordering Portal" menu item appears in the Customer Portal sidebar
  • The link includes an external link icon indicating it opens in a new tab
  • Clicking opens the Ordering Portal in a new browser window
  • Automatic authentication with existing credentials

When access is disabled:

  • The "Ordering Portal" menu item is hidden
  • The Customer Portal continues to function as normal

Rollout Checklist

Before enabling the Ordering Portal for a new company:

  1. Services configured - Company has services set up in their Company Services list
  2. Documents linked - Required document types are linked to each service
  3. Customer notified - Welcome guide shared with the customer's users
  4. Support aware - Support team informed of the new rollout

Division Management

The portal supports division-level configuration within companies:

  • Division selection - Customers can select their division during project creation
  • Division-specific services - Service configurations can vary by division within the same company
  • Division access controls - Division access settings provide granular control within company-level access
  • Division pricing - Division-specific pricing guidance is available for service configuration
  • Import capability - Company and division service configurations can be imported in bulk

User Group Configuration

User groups define the services and permissions available to sets of users:

  • Service assignment - Services are assigned to user groups, controlling which services are available to customers in that group
  • Core milestone settings - User groups can have core milestone sort buttons and service ordering capabilities
  • Position synchronisation - Service ordering within user groups synchronises with company service configurations
  • Account-based billing - User groups can be configured for account-based billing, allowing zero-priced services
  • FTS Retail User Group - The default user group for new retail customer signups

Access Guard

The platform includes API-level access control:

  • Ordering Portal access guard - An API-level guard ensures that only companies with enabled Ordering Portal access can make API requests to the ordering endpoints
  • Company-level enforcement - Access checks are performed at the company level, respecting the toggle settings configured by administrators
  • Project access control - A dedicated OrderingProjectAccessService manages project-level access within the ordering context

Email Redirection

Customer email notifications include intelligent portal linking:

  • Portal-aware links - Email notifications link customers to the appropriate portal based on their company's Ordering Portal access status
  • Seamless navigation - Links in emails direct customers to the correct interface without requiring manual navigation

RFI Management

Request for Information workflows, checklist generation, review processes, and document handling

Platform Integration

ArcGIS address validation, MapShare VIC mapping, Water Authority API, and system integration capabilities

On this page

OverviewAuthenticationAuth0 IntegrationUser SignupCompany-Level Access ControlIndividual Company ManagementBulk Company ManagementWhat Customers SeeRollout ChecklistDivision ManagementUser Group ConfigurationAccess GuardEmail Redirection