Onboarded allows customers to define and upload custom attributes under core entities such as employee, employer, client, and job. These custom attributes can be used in access management to provide scope for permissions or create filters in custom views.
For example, a business may have multiple ops teams, each managing their respective service region. To set up access management in Onboarded based on service region, we first have to define service region as a custom property. The screenshot below shows how to create an employee custom property. If your use case requires managing access for multiple entities, please create a custom property for each entity. Please make sure to check both boxes for "Searchable" and "Permission Scope" so that the property can be used as a filter and in access rules when defining permissions (more on this later).
All custom properties used for access management must be marked as a "Permission Scope" when the property is created or updated (as shown in the screenshot above). This is important for several reasons:
- Not all property configurations are suitable for permission usage. For example, custom properties that are marked as "sensitive" may be encrypted and stored separately and thus not suitable for access validation.
- When configuring permissions, customers can only select from a list of custom properties that have permission scope enabled. This helps customers to select the right custom properties when building their access rules, as accounts can easily have hundreds of custom properties.
Now that we have defined the custom property, you can set this property when creating/updating records of this entity. The example below demonstrates how to provide service region when creating employees.
curl -i -X POST \
https://app.onboarded.com/api/v1/employees \
-d '{
"name": "Brad Marchand",
"custom_attributes": [
"service_region": "US East",
],
...
}'You can also set service region when creating or editting employees in the dashboard.
Next, continue reading to learn more about user groups and permissions.