Back to all work
Employee Ops Platform5 functionsOne identity

Connect

An internal employee operations platform — one web application the whole company uses to get work done across departments.

Role Architecture owner & engineering manager

Connect centralizes service requests for HR, IT, Finance, Legal, and Security behind one login and one permission model, then grows into a broader operations hub: contract and legal-entity management, digital signage, a skills matrix, device management, and embedded departmental apps. At its core is a configurable request-and-workflow engine.

What it does

  • Department workspaces — isolated per-team spaces with their own members, request types, and rules.
  • Custom request types & configurable workflows — self-built forms, cloneable as templates, with linear or branched state machines.
  • Automation rules — if→then logic, time-based escalation, auto-close, assignments, subtasks, and webhooks, every execution logged.
  • Parallel tasks — one ticket spawns per-team tasks; the parent auto-closes when all complete.
  • SLA tracking & immutable audit trail — per-department SLAs and searchable logs of every transition.
  • Operations modules — legal & entity management, contracts, digital-signage wallboards, skills matrix, device management.

Architecture & approach

  • Backend-for-frontend (BFF) auth — the browser never handles raw tokens; authorization is centralized, not duplicated across services.
  • Independent, message-driven .NET microservices — requests, workflow, notifications, SLA, entity, skills, devices, HR sync, file storage.
  • Cloud-native — SPA on CDN, containers on Kubernetes, a managed SQL database, isolated dev/staging/prod.
  • Configuration over code — departments express request types and automations as configuration, so new processes launch without an engineering change.
Why it mattersThe hard part of an internal platform is resisting the pull to hard-code each department's process — and instead building an engine general enough that teams configure themselves while identity, permissions, SLAs, and audit stay consistent underneath.
ImpactOne front door for the whole company — five functions on shared identity, permissions, and audit; departments launch new workflows as configuration rather than code; and Connect became a genuine platform other internal teams build on.
Built with
.NETMicroservicesBFF authRBAC / SSOEvent busKubernetesManaged SQLSPA / CDN