This guide explains how to manage users, roles, and permissions within the Karat platform using Role-Based Access Control (RBAC). This content is intended for admins on the Karat platform.

Prerequisites

Before you begin, ensure you have the following permissions:

• Admin access on the Karat Platform.

If you don’t have these user permissions, contact your organization's administrator.

Overview

Role-Based Access Control (RBAC) is an access control system that governs access to Karat resources based on predefined rules set by an administrator. In Karat’s RBAC system:

• Admins define conditions users must meet to access specific resources.
• The system evaluates a user’s credentials against these rules.
• If conditions are met, the user is granted access to manage candidates, view interview results, and perform other functions.

Karat RBAC

On the Karat Platform, organizations can either operate as a single group or be divided into multiple groups. When an organization uses multiple groups, users can be granted access to one, several, or all of these groups. Candidates are invited to a Karat Assessment (or role) that is tied to a specific group, meaning their interviews and related activities will be managed within that group's scope.

The Karat User Management (RBAC) is based on a hierarchical structure. The Karat Platform organizes access into organizations, groups, roles, and candidates to ensure granular control.

1. Organization

• Represents the highest level in the RBAC hierarchy.
• Each organization must have at least one Organization Admin. This super-admin has full control over users, groups, and roles.
• Admin accounts are typically provisioned by the Karat support team.

2. Groups

• Regions: These represent subdivisions within the organization, likely representing functional groups.
• Admin User: If the admin user doesn't have access to all groups, they will only be able to perform actions for the groups they have access to. Admin users are able to perform all actions within the Karat Platform for the groups they are assigned to in an organization.
• Team Member: Can view, invite, schedule, and update candidates while accessing analytics for assigned roles/groups.

An organization may only have one group.

3. Roles

• Roles can be within a group (for example, Sr. Backend Engineer, Principal Engineer, Backend Engineer): These roles define what kind of interviews an organization wants for an specific job. Each role has a distinct set of specifications associated with it.
• Team Member: A Team Member can have access to specific roles within  a group. A team member is able to view, invite, schedule, and update candidates, while can view analytics for all roles and groups they have access to.
• Limited Team Member: Likely represents an individual who is not part of the core recruiting team but needs limited access to view  and update candidates, and view analytics for all roles and groups they have access to.

4. Candidates

• Candidates: These are uploaded users (candidates)  invited by the recruiter team from your organization to take a Karat interview for a specific role. 
• External Team Member: An External Team Member can invite, schedule and view candidates they invited. This is the most granular access you can provide. 

For more information about user types, see How to: Identify user types at Karat.

Best Practices

For optimal security:

1. Limit access to strictly necessary permissions based on user roles.
2. Disable user accounts promptly when they are no longer required.
3. Integrate SSO or enforce Two-Factor Authentication (2FA) at the organizational level for added security.

Automatic Hiring Team Onboarding from ATS

When a role is created from an ATS requisition using an archetype, Karat automatically creates user accounts for hiring managers, recruiters, and followers. Hiring managers are added as Limited Team Members. Recruiters are added as Team Members.

Users will receive the following emails:

1. "Welcome to Karat!" A login link to access your account.
2. "Your role is live in Karat!" The role name, assessment areas, evaluated skills, and a link to view candidate results.

This capability is currently available for Workday and SuccessFactors integrations using archetype-based role creation. For other ATS integrations, please reach out to Karat’s Customer Support for more details.

Managing Users in the Settings Page

You can manage all your organization users on the settings page. The Settings page includes two key tabs for user management: Permissions and Users. These two tabs contain various user settings, which are described on the following sections. In summary, the Users tab contains settings for managing individual users and the Permissions tab contains settings for managing global user settings.

Go to the settings menu with the following steps:

1. Log in to the Karat platform.
2. Click Settings.

Permissions tab

The Permissions tab contains a table outlining the established actions that different user types can perform. The check mark (✔) indicates the allowed action for a user. Additionally, on the bottom of the table, you can find global settings (one row per organization) that allow you to enable access for all roles and two-factor authentication.

For more information about the user types and the actions enabled for each one, see How to: Identify user types at Karat.

Users tab

The Users tab contains a bottom to create a New User, and a list of the current users in your organization. On this tab you can change the user type for a user and modify user's settings such as general information, security, notifications and API keys.

View and filter users

On the Users tab, you can  see a list of all current users including the user's current details. You can also filter your user list in different ways:

• On the Search bar, you can type a user name or email to search for a specific user.
• The User Type drop-down allows you to filter by user type (Admin, Team Member, Limited Team Member, or External Team Member).
• The Group drop-down allows you to filter by the Group the user has access to (this only applies to organizations with multiple groups).
• The Show disabled users check box allows you to view and search for disabled users. By default, the user list only shows current (non-disabled) users.

Edit user types

On the Users tab, you can quickly change the user type of a user  with the following steps:

1. Click the User Type drop-down next to the user name.
2. Select the new User Type you'd like to change for this user.
3. The user type will automatically update.

View user details

On the Users tab, you can go to view user details with the following steps:

1. Click the name of the user you want to view information for.
2. This will take you to the User Details page where you'll see four tabs:
   1. General Tab
   2. Security
   3. Permissions
   4. APIs
3. See the following sections to explore these four setting tabs for users management.

General tab

The fields on this tab allow you to edit or view user's basic details, such as name, email, phone, time zone, job title, user type, groups, and account status.  You can also update the which groups the user should have access to, and whether their account is disabled or not. 

To make changes on the general tab follow these steps:

1. Update information on the corresponded field. 
2. Click Update User to save changes.

Security tab

On this tab you can do the following:

• Send an email to the user so they can reset their password.
• View the status of the user's Two-Factor Authentication.
• Generate new backup codes so the user can reset their 2FA. The user also has access to generate new backup codes under their own login settings.

Permissions tab

This tab allows you to choose which roles (and subsequently candidates) this user needs to have access to on the Karat Platform.

To make changes on the permissions tab follow these steps:

1. Click the toggle next to the role access that you'd like to change. When the access is ON, the toggle is green. When the access of OFF, the toggle is grey.
2. Click Update User.

For more information about all actions you can perform on the settings page as an admin, see Settings page.

APIs tab

The APIs tab is used for building a self-serve integration. For more information, see  Karat API documentation : API Keys

Add new users

For adding new users to your organization, see How to: Add a user to your organization.

Disable users

For disabling users on your organization, see How to: Disable a user from your organization.

User Email Notifications

For setting up, viewing and editing user email notifications, see Update email notifications.

Troubleshooting issues

This section describes the most common issues you can face as an organization admin.

Resetting a password

 If a user can't log in or can't remember their password, follow these steps as an admin:

1. Log in to the Karat platform.
2. Click Settings.
3. Click the Users tab.
4.  Search for the user by name or email using the search bar.
5. After you have the user listed on the results, click on the user's name.
6. Go to the Security tab.
7. Click Reset Password. This action sends an email to the user so they can reset their password.

Issues finding a hired candidate

If a candidate has been marked as "hired", either manually or by an ATS integration, they will only be visible to client admins and that candidate's own recruiter. This is to prevent users from viewing their team members' Karat results.

Important: If you have any issues or need assistance, reach out to your Karat Team at support@karat.com. 

Automatic Hiring Team Onboarding from ATS

When a role is created from an ATS requisition using an archetype, Karat automatically creates user accounts for hiring managers, recruiters, and followers. Hiring managers are added as Limited Team Members. Recruiters are added as Team Members.

Users will receive the following emails:

1. "Welcome to Karat!" A login link to access your account.
2. "Your role is live in Karat!" The role name, assessment areas, evaluated skills, and a link to view candidate results.

This capability is currently available for Workday and SuccessFactors integrations using archetype-based role creation. For other ATS integrations, please reach out to Karat’s Customer Support for more details.