Extending the scale of a system’s Single-Sign On (SSO) authentication to support organizations using several identity providers
Single-Sign on (SSO) is an authentication scheme that allows a user to Sign in to several independent software systems with a single ID. I was embedded in an Engineering team which soon discovered that our system needed to support a new technical use case for organizations using multiple identity providers. This was also an opportunity to make several process, usability and interaction changes to the authentication flow. Here’s what I did:
- Redefine the authentication flow for a seamless user experience
- Design and Implement appropriate feedback patterns
- De-Clutter the starting screen by removing redundant links to reduce visual noise
Who I was Designing for
Enterprise team members that login directly to the online learning platform, are enrolled in SSO authentication and are part of a team that uses one of many different identity providers at their company.
Requirements and Design
Due to the technical nature of this project, solving for this required an in-depth understanding of SSO, security processes, current patterns, best practices and balancing those with user experience principles. I worked primarily with Engineering to understand the current authentication flow along with its implications and considerations for SSO.
The updated SSO authentication flow improves the user experience by applying established patterns and best practices by:
- Presenting well crafted and understandable error messages free of technical jargon with probable next steps to address edge cases.
- Minimizing the likely hood of errors by breaking input requests into multiple steps
How the login screen looked before
Single Sign On (SSO) authentication is a single click for most users.
While some organizations allow their team members to login with a password, others require that their users only use SSO (partly for security reasons) I designed the login screen to emphasize SSO for these users and had Engineering configure the system to determine whether a “Login with password” option should be available.
For organization using multiple Identity providers, their users are made to select the appropriate one from a list of options.
The screen features a dropdown selection control listing the identity providers (labeled according to the team which uses it in most cases) to chose from. We raise the likely-hood that a user will select the right identity provider by labelling them according to the corresponding team name.
These changes went live sometime November 2021, you can see them by visiting the online platform. You can also see this click-through prototype