User Management & SSO

User Management & SSO covers platform-level user account administration — creating and managing accounts, assigning platform roles, configuring SSO providers (SAML/OAuth2), managing staff permissions, and handling user data compliance (GDPR/FERPA data deletion).

This area differs from the Learner Identity & Accounts feature area: that area covers learner self-service (registration, account settings); this area covers administrator control over the user system.

• Django admin: Primary user management UI; administrators can view/edit users, assign roles, reset passwords, retire accounts

• SSO configuration: SAML and OAuth2 providers configured via Django admin (`ThirdPartyAuthConfiguration`); managed per-site

• RBAC: `edx-rbac` provides role-based access control framework; `CourseRole`, `OrganizationRole`, system-wide roles

• User retirement: GDPR/FERPA-compliant retirement workflow in `edx-platform`; anonymizes PII on request

• Enterprise admin portal: `frontend-app-admin-portal` provides B2B admins a more user-friendly interface for their learner populations

• User model: Custom `auth_user` + `UserProfile` in `edx-platform`; user data spread across multiple tables

• SSO: `python-social-auth` in `edx-platform` with `auth-backends` for institutional SAML/OAuth2; `ThirdPartyAuthConfiguration` model

• RBAC: `edx-rbac` JWT-based role system; roles encoded in JWT tokens at login

• Data retirement: `UserRetirementStatus` workflow in `edx-platform`; staged process for PII removal

• Org-scoped permissions: Organization administrators can manage users within their org scope via enterprise features