Authentication, Access Control, and User Management

Marketplace is designed with robust authentication and access control mechanisms to ensure the security and integrity of user data and system functionality.

All users are required to authenticate using a unique username and password combination, providing secure access to the platform. Users can either self-register through My Dual Code, or they may access courses via their employer’s LMS, which is powered by Dual Code. In employer-managed environments, authentication is typically handled through SAML or OAuth single sign-on (SSO), allowing users to log in using their existing organizational credentials.

For users accessing Marketplace via My Dual Code, passwords are securely hashed in the database to protect against unauthorized access. If a password is forgotten, users can initiate a secure email-based password reset. In contrast, users accessing Marketplace through a workplace environment rely on Active Directory or other identity providers, with password policies and authentication fully managed by the employer.

Marketplace supports role-based access control with three default roles: Account Owner, Account Administrator, and Learner. Only the Account Owner has the authority to add or remove administrators, preserving centralized control over platform management and permissions.

All production and staging environments are protected with strict access controls:

• Two-Factor Authentication (2FA) is mandatory for all server administrators

• Server access is restricted to Secure Shell (SSH) using public/private key authentication, with password-based logins completely disabled

These layered security measures ensure that only authorized individuals have access to system resources and sensitive information, whether through self-service or enterprise-level deployments.