ND Onboarding Portal · v1

One door in. Every product, every hire.

Centralized identity and onboarding for TheNextDoorAI — invite, verify, approve, and provision new hires across Interviewlift and every product that comes after, without re-collecting a single document.

I have an invite HR sign in
≤ 2 days
Median time-to-onboard target
6 verifiers
DigiLocker · RPD · PAN · eSign · BGV · Manual
DPDP
Compliant from day one
How it works

From the offer email to a working SSO login — one pipeline.

STEP 01

Invite

HR enters candidate, role, joining date, and products. Signed JWT, single-use, configurable TTL.

STEP 02

Sign in

Magic link or mobile OTP. No password required. CAPTCHA on signup, rate-limited.

STEP 03

Profile + docs

Mobile-first capture with autosave. Direct-to-S3 upload, ClamAV scan, version history.

STEP 04

Verify

Pluggable verifiers walk allowed_methods in order. Manual review is always the safety net.

STEP 05

Approve

HR signs off, eSign offer letter, EmployeeOnboarded event fires through the outbox.

STEP 06

Provision

Each product subscribes idempotently. ACTIVE only after every product acks success.

Built on

Six non-negotiables.

Identity centralized, employment federated

ND owns the user; each product owns its employees record keyed by canonical user_id.

Manual is always available

Every doc type is HR-reviewable. External APIs are optimization, not dependency.

All side effects are events

Transactional outbox, EventBridge fanout, idempotent consumers. No cross-service writes.

State is explicit

Application and document FSMs with allow-listed transitions. No flag-based ad-hoc state.

Audit everything

Append-only, hash-chained log of every transition, doc op, and integration call.

Privacy by design

AES-256 at rest, presigned-URL access only, DPDP retention enforced from creation.

Security & Compliance

Trust isn't a feature. It's the floor.

TLS 1.3 in transit. AES-256 at rest with SSE-KMS. Per-service IAM, WAF on every public endpoint, VAPT before each major release. Backups daily, cross-region weekly to ap-southeast-1, RPO 15 min.

DPDP Act 2023
Granular consent, purpose limitation, 30-day deletion SLA
IT Act §3A
Aadhaar e-Sign on offer letters, legally binding
ISO 27001-aligned
Audit log retained 7 years, hash-chained for tamper evidence
ap-south-1, multi-AZ
Data residency in India by default

Ready when your next hire is.

Open the invite from your offer email, or sign in to the HR workspace to start sending them.

Open inviteHR sign in