The full intern lifecycle runs inside the platform — proposal, dual approval, meetings, tasks with priority and proof, real-time comms, and GitHub integration — with security serious enough to match an enterprise environment.
This platform is owned by Sopra and lives on their servers — a bespoke internal tool built for their intern programme, not available for sale or demo. If your organisation needs a governed intern or HR workflow platform of this depth, we can build one tailored to your processes.
Role-native workspaces
Each role sees only what their job demands — interns manage their own work and comms, supervisors review and guide, managers govern and approve. No shared admin panel, no privilege creep.
Security architecture
Device-bound auth, single active session, 2FA, file-type validation, safe file storage, and hardened GitHub API access — all engineered to match an enterprise threat model.
What we built
Proposal to sign-off. Meetings to proof uploads. GitHub-integrated and enterprise-hardened.
Intern, supervisor, and manager — each gets a workspace shaped to their responsibility. Permissions follow the role precisely, not a shared admin view where anyone can touch anything.
The intern submits a project proposal. Work only begins after both the manager and the supervisor approve — a clear, auditable sign-off that removes all ambiguity about who authorised the engagement.
Online meetings, tasks with states (pending, delayed, done) and priority levels — all tracked inside the platform so the Sopra intern programme stays coherent without switching tools.
Moving a task to done requires uploading evidence. Accountability is structural, not optional — every completion carries a verifiable record attached to the right task.
The platform surfaces repository context and GitHub data relevant to the intern's work — integrated thoughtfully because the threat model around repository access demanded it, not bolted on as a convenience.
Authentication is only accepted from a laptop that belongs to Sopra — verified using MAC address and device fingerprinting — so credentials cannot be used from an unrecognised machine.
An account cannot be active on two devices at the same time. Real-time session enforcement prevents shared credentials and reduces the lateral risk of a leaked or borrowed token.
Push notifications and real-time messaging keep interns, supervisors, and managers aligned the moment something changes — no email chains, no status meetings to cover what the platform already tracks.
Video and audio calls run inside the platform — no third-party consumer calling API in the core experience, keeping comms within the governed Sopra environment without data leaving to external services.
Two-factor authentication at every login, plus a full emailing system for approvals, task lifecycle events, notifications, and operational comms — every touchpoint covered and logged.
Files are validated by type before storage — high-bar validation, not extension sniffing. Each file is renamed on disk to prevent collision and path guessing; the original filename is preserved in the database for UX and audit.
The interface carries Sopra's orange identity end to end — not a generic admin template with a new logo, but a product designed to look and feel like it belongs to this organisation.
Stack
Node.js · Express.js · React · GraphQL
Real-time APIs, GraphQL data layer, and a hardened security architecture on a modern Node/React stack.
Role
Full product development
Architecture, security engineering, and end-to-end delivery.
Hosting
Sopra servers · WeULT-maintained
Deployed on Sopra-owned infrastructure. WeULT owns engineering quality, releases, security patches, and integration health.