Ahmed Darrazi 3b1dd98f52 feat(rbac): Implement Tenant RBAC v1

This commit introduces a comprehensive Role-Based Access Control (RBAC) system for TenantAtlas.

- Implements authentication via Microsoft Entra ID (OIDC).
- Manages authorization on a per-Suite-Tenant basis using a  table.
- Follows a capabilities-first approach, using Gates and Policies.
- Includes a break-glass mechanism for platform superadmins.
- Adds policies for bootstrapping tenants and managing admin responsibilities.

2026-01-25 16:01:50 +01:00

759 B

Raw Blame History

Quickstart for Tenant RBAC v1

This document provides a brief overview of how to get started with the new RBAC feature.

Users can now log in to TenantAtlas using their Microsoft Entra ID credentials.

2. Managing Tenant Members

Users with the owner or manager role can manage tenant members from the "Settings" -> "Tenants" -> "Members" page.
From here, you can add, edit, or remove members from the tenant.

3. Role Mappings

Optional role mappings can be configured from the tenant detail page to automatically provision memberships based on Entra groups or app roles.

4. Break-glass

A local superadmin account exists for emergency access. When logged in as the break-glass admin, a persistent banner will be displayed.

759 B Raw Blame History

Quickstart for Tenant RBAC v1

1. Login

2. Managing Tenant Members

3. Role Mappings

4. Break-glass

759 B

Raw Blame History