Role Management
NextGenPoll uses a four-level role system. Roles control which UI sections a user can access and which API endpoints they can call.
Role Reference
| role_id | Role | Granted by |
|---|---|---|
| 1 | Admin | Azure Entra ID App Role (Admin claim in JWT) |
| 2 | Instructor | Admin Panel → Users → set role, or auto-promoted on space add |
| 3 | Student | Auto-assigned on first space join via join code |
null | No role | Default for all new sign-ups |
Role Assignment Flow
How to Grant Admin Access
Admin access is controlled entirely through Azure Entra ID App Roles — no database changes are needed.
- In the Azure Portal, go to Microsoft Entra ID → Enterprise applications → select NextGenPoll.
- Click Users and groups → Add user/group.
- Select the target user and assign them the
Adminapp role. - Click Assign.
- The user must sign out and sign back in — the
rolesclaim is embedded in the JWT at login time.
On the user's next login, the backend automatically sets role_id = 1. The Admin Panel link appears in their dashboard sidebar and /admin becomes accessible.
After the user re-logs in, call GET /api/me — the response should contain "roleId": 1.
/admin performs a server-side role check on every load. Non-admin users are immediately redirected to /dashboard — the admin UI is never rendered for them.
How to Promote a User to Instructor
Instructors are managed in the database via the Admin Panel — no Azure portal changes are needed.
Automatic Promotion (Recommended)
- Sign in as an Admin and open the Admin Panel (
/admin). - Go to the Spaces tab.
- Edit a space and add the user with role ORGANIZER or MODERATOR.
- The system automatically promotes their global
role_idto 2 (Instructor).
The change takes effect immediately — no sign-out required.
Manual Promotion
- Open the Admin Panel → Users tab.
- Find the user by name or email.
- Set their role to Instructor (
role_id = 2).
How Participants Get the Student Role
Participants self-enroll using a join code set by an organiser on a space.
Setting Up a Join Code (Admin/Organiser)
- Open the Admin Panel → Spaces tab.
- Edit the target space.
- Set a join code and toggle Join code active to On.
Joining with a Code (Participant)
- Sign in and go to the Dashboard.
- Navigate to the My Spaces tab.
- Click Join a Space and enter the 6-character join code.
On success, a memberships row is created with role = ATTENDEE. If the participant had no role yet (role_id = null), they are automatically promoted to Student (role_id = 3).
Home Page Role-Aware UI
The home page renders different UI elements depending on the user's role:
| State | UI Elements shown |
|---|---|
| All states | User Menu (top-right) + Theme Toggle |
| Not signed in | Sign In + Join a Poll |
Admin (role_id = 1) | Admin Panel + Dashboard + Join a Poll |
Instructor (role_id = 2) | Dashboard + Join a Poll |
Student or no role (role_id = 3 / null) | My Spaces + Join a Poll |
Supported Identity Providers
| Account type | Sign-in method |
|---|---|
Harvard organizational (@harvard.edu, @g.harvard.edu) | SSO via Entra |
Google personal (@gmail.com) | Google OAuth SSO |
Personal Microsoft (@live.com, @outlook.com, @hotmail.com) | Email one-time passcode (OTP) |
| Any email (no IdP account) | Email one-time passcode (OTP) |