Overview
What this challenge is about.
Design the auth architecture: identity provider (managed), session model (JWT with rotation), workspace-membership claims, RBAC permission model (4 default roles, custom-role capability for Enterprise plan, around 60 permissions across 8 resource types). Define an SSO (SAML + OIDC) integration pattern with per-workspace IdP configuration. Define an audit-log pipeline. Produce a migration plan for the 9,000 existing workspaces (staged by plan tier). Deliver the architecture document (12 pages), permission-model spec, migration plan, and a 3-page security threat-model with mitigations.
The Brief
What you'll do, and what you'll demonstrate.
Design a multi-workspace auth + RBAC system that fixes the homegrown system's gaps and migrates 9,000 workspaces without disrupting customers.
Earning criteria — what you'll demonstrate
- Design a workspace-scoped RBAC model that supports both default and custom roles
- Integrate SAML and OIDC for per-workspace identity-provider configuration
- Apply STRIDE threat-modeling to an authentication subsystem
- Plan a staged migration that protects existing users and contracts
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.