Overview
Firstwork uses role-based access control with four user roles. Each role determines which areas of the platform are accessible, what actions can be performed, and what data is visible.Role Summary
| Role | Description | Primary Purpose |
|---|---|---|
| Admin | Company administrator | Configure hiring, automations, settings; manage candidates and workers |
| Applicant | Job candidate | Apply to positions, complete forms, schedule interviews |
| Worker | Hired individual | Complete onboarding, manage documents, finish training |
| Platform Staff | Firstwork internal user | Manage companies, feature flags, templates, and platform tools |
Admin
Admins are the primary operators of the platform within a company. They have access to all company-specific modules.What Admins Can Access
| Area | Capabilities |
|---|---|
| Hiring Flows | Create, configure, and manage recruitment pipelines |
| Applications | View, filter, and take action on candidate applications |
| Form Builder | Design forms with questions, documents, signatures, and integrations |
| Automations | Build and manage event-driven workflows |
| AI Caller | Configure AI voice bots and review call logs |
| Scheduler | Manage schedules, events, and bookings |
| LMS | Create courses, assign training, and track completion |
| AI Agents | Build browser automation agents and review executions |
| People & Onboarding | Manage onboarding flows and contracts |
| Check-in Forms | Create and manage recurring data collection forms |
| Reports | View analytics dashboards and charts |
| Tasks | Handle manual review items (approvals, rejections, flagged items) |
| Settings | Manage company details, admins, API keys, integrations, templates, tags |
Conditional Features
Some admin features are only visible when specific capabilities are enabled for the company:| Capability | What It Unlocks |
|---|---|
| People module | Access to onboarding flows and contract management |
| AI Caller | AI Caller action available in automations |
| Prompt management | Access to OCR and AI prompt configuration |
| SMS delivery | SMS options in templates and automations |
Applicant
Applicants are job candidates who interact with hiring flows. Their experience is focused entirely on the application process.What Applicants Can Do
| Area | Capabilities |
|---|---|
| Dashboard | View all applications grouped by company |
| Application Forms | Fill out multi-page forms with questions, documents, and signatures |
| Document Upload | Submit documents, take photos, complete liveness checks |
| Scheduling | Book, reschedule, or cancel interview appointments |
| Live Meetings | Join video meetings from a waiting room |
| AI Caller Sessions | Participate in AI-powered audio or video screenings |
| Recollection | Re-submit flagged documents or fields |
| Check-in Forms | Complete assigned check-in forms |
| Course Enrollments | Complete assigned training courses |
| Language Selection | Choose a preferred language (when required by the company) |
| Profile | Update name, email, phone, and avatar |
Worker (Contractor)
Workers are hired individuals who have transitioned from the applicant stage. Their experience focuses on onboarding, ongoing tasks, and document management.What Workers Can Do
| Area | Capabilities |
|---|---|
| Dashboard | View profile summary and recent tasks |
| Onboarding | Complete onboarding forms, documents, and signatures |
| Tasks | View and complete assigned tasks (reviews, check-ins, courses) |
| Contract | View contract details (read-only) |
| Documents | View submitted documents (read-only) |
| Check-in Forms | Complete recurring check-in forms |
| Course Enrollments | Complete assigned training courses |
| Recollection | Re-submit flagged documents during onboarding |
| Profile | Update personal information |
First-Time Worker Experience
When a new worker logs in for the first time, they are automatically directed to their onboarding flow. Only after completing onboarding do they see the full worker dashboard.Platform Staff (SuperUser)
Platform staff are Firstwork employees who manage the platform across all companies. They have the highest level of access.What Platform Staff Can Do
| Area | Capabilities |
|---|---|
| Company Management | View, create, and configure all companies |
| User Management | View admin and worker lists per company |
| User Impersonation | Assume the identity of any admin or worker for support and troubleshooting |
| Feature Flags | Enable or disable features per company, with allow and block lists |
| Templates | Create and manage global hiring flow and question templates |
| Preset Options | Manage global option lists (countries, currencies, custom presets) |
| AI Agents | Create and manage global browser automation agents |
| App Integrations | Build custom webhook-based integrations |
| Prompt Manager | Configure AI and OCR processing settings |
| Audit Configurations | Define and trigger compliance audits |
| Scripts | Write and execute server-side scripts |
| Demo Accounts | Create demonstration environments with sample data |
| Bulk Import | Import applications in bulk from files |
| Billing Export | Export billable event data across companies |
| Fountain Tools | Manage ATS field mapping, application sync, and stage configuration |
| Static Files | Upload and host static files |
User Impersonation
Platform staff can impersonate any admin or worker across any company. This is used for troubleshooting and support. While impersonating, the staff member sees the platform exactly as the target user would. A visual indicator is displayed to make it clear that impersonation is active.Access Control Principles
Authentication Required
All platform functionality requires authentication. Unauthenticated users can only access:- Public job posting pages
- Login and registration pages
- Password reset pages
- Invite acceptance pages