Enterprise Workforce Management Platform

Overview

A comprehensive workforce management platform built for staffing agencies that manage candidates, clients, and placements across multiple tenants. The system handles the full recruitment lifecycle — from candidate intake to placement tracking — with strict data isolation between tenants.

The Challenge

Staffing agencies managing hundreds of candidates across multiple client organizations need a system that enforces strict data boundaries. Each client must only see their own candidates and placements, while agency administrators need a unified view. Existing solutions were either too generic (missing staffing-specific workflows) or too rigid (unable to adapt to different agency processes).

Key requirements included:

• Multi-tenancy with strict data isolation at the database level
• Role-based access with granular permissions per tenant
• Modular design allowing features to be enabled per client
• Audit trail for compliance in regulated industries

The Solution

A modular monolith architecture that balances the simplicity of a single deployment with the clean boundaries of domain-driven design:

• PostgreSQL Row-Level Security (RLS) — data isolation enforced at the database level, not the application layer
• Role-based access control — granular permissions with Keycloak for identity management
• Backend-for-Frontend (BFF) pattern — tailored API responses for different client types
• Contracts/Core separation — clean module boundaries with explicit contracts between domains
• Event-driven communication — modules communicate through domain events, not direct calls

Technical Architecture

• Backend: .NET 9 with a modular monolith structure (Contracts + Core per module)
• Frontend: React with TypeScript, component library for consistent UI
• Database: PostgreSQL with Row-Level Security policies for multi-tenant isolation
• Identity: Keycloak for authentication, authorization, and tenant-scoped roles
• Infrastructure: Docker Compose for local development, container orchestration for production
• API Design: BFF pattern with dedicated endpoints for web and mobile clients

Architecture Highlights

Multi-Tenant Data Isolation

PostgreSQL RLS policies ensure that every query is automatically scoped to the current tenant. Even if application code has a bug, the database layer prevents cross-tenant data leaks. This provides defense-in-depth security that satisfies enterprise compliance requirements.

Modular Monolith

Instead of jumping to microservices, the system uses a modular monolith approach. Each domain (Candidates, Clients, Placements, Billing) has its own module with:

• Contracts — public interfaces and DTOs exposed to other modules
• Core — private implementation, database access, and business logic

This gives the deployment simplicity of a monolith with the architectural cleanliness of service boundaries.

Results

• Strict multi-tenant isolation via PostgreSQL RLS — no cross-tenant data leaks
• Modular architecture enabling feature toggling per client
• Role-based permissions with tenant-scoped access control
• Single deployment with the boundary clarity of microservices
• Audit-ready logging and compliance tracking