Single Sign-On Feature Launch
Pioneering a single sign-on feature to provide secure user management and enhance user convenience
End-to-End
Identity and Access Management
PROJECT TYPE
8 Engineers
1 Product Manager
1 Product Designer
THE TEAM
User Research
Wireframing
Prototyping
Usability Testing
MY ROLE
Figma
Jira
TOOLS
3 Months (Q1 2022)
3 Months (Q4 2022)
DURATION
Overview
How might we streamline users’ log-in process and reduce the burden of manually managing their account?
Single sign-on (SSO) is a standard authentication method that allows users to log into multiple applications with one username and password. This features offers enhanced security and is especially valued by enterprise customers. However, SSO is incredibly an incredibly technical feature, and this proved to be a unique learning experience and challenge for me.
Esper’s product team prioritized this feature because many customers had already vocalized their frustrations with not having SSO to manage their users’ accounts created security concerns. The main user group who felt frustration over the lack of a SSO feature were administrator users, users who were responsible for managing multiple usernames and passwords for their organization’s team members.
In January 2022, my team at Esper set out to launch SSO, with a goal of deploying SAML SSO by Q2, then OpenID Connect (OIDC) in Q4 of 2022. After deploying SAML SSO, we conducted an internal usability test with 25 users and three key customers. We analyzed our findings, then successfully redesigned SAML SSO and launched OIDC in December 2022, resulting in a 38% adoption rate of existing enterprise-level customers.
The Opportunity
SSO is a high value technical feature that many businesses view as a necessity to manage their organization’s accounts efficiently and securely. Many of Esper’s existing enterprise-level customers have made their frustration about manual account management clear, and business opportunity, potential and current, would suffer if not for the addition of SSO.
The Solution
My team and I researched, conceptualized, and implemented a SSO feature for administrator users to seamlessly set configure two of the most common SSO methods for their organization. We discovered users’ main pain points when configuring SSO, and checked multiple designs against user heuristics, principles, and validated decisions with usability testing.
Background
I collaborated with my PM and customer-facing team to better understand which SSO methods Esper’s customers used most.
My product manager and I worked with customer success managers to better understand which types of SSO enterprise customers used most. Customer success managers maintain close relationships with users, and because of this, many customer success managers knew what their users wanted. From these conversations, we found that the two most common types of SSO were SAML and OIDC. Roughly 70% of enterprise customers used SAML while the other 30% used OIDC.
Based on this knowledge, our team decided to prioritize SAML integration for Q1. Later, we made a decision to add OIDC integration in Q4, providing flexibility to users who do not use SAML.
Research & Findings
My PM and I thought through creative methods of uncovering SSO requirements and user needs, in lieu of direct user contact.
Ideally, I would have loved to schedule user interviews to chat with customers about their process of configuring SSO and their pain points around the process. At Esper, customer success managers had direct access to users, but due to their numerous recurring meetings, often focused on issue resolution, our business needed to strike a balance in contacting specific customers. This caution about reaching out sometimes posed challenges for the UX team in obtaining direct customer insights.
As an alternative, my project manager and I delved into SSO guides and set up mock SSO connections across various applications. This approach allowed us to gain a deeper understanding of the information required for SSO configuration and the steps users needed for a successful setup.
During the SSO revamp in Q4, I collaborated with Esper's own IT administrators, who were coincidentally working on implementing SSO for Esper members. This collaboration provided valuable insights into common pain points during SSO configuration as well as necessary feature functions.
SSO Configuration Flow
Informing the Architecture
Diagramming user flows help me isolate each step and function our users needed to take.
SAML SSO (Q1)
SAML & OIDC SSO (Q4)
Ideation & Designs
After ideating various designs, my process yielded a design that was simple and focused.
Simplification was incredibly important for both iterations of SSO. The process of configuring SSO is innately complex, as it forces the user to go back and forth between two different applications. I wanted to minimize the number of steps users needed to configure SSO in order to make the process clear and efficient.
The second iteration of SSO required multiple steps, so I chose a multi-step form approach. This design allowed users to focus on each complex sub-step of the process one-by-one, reducing cognitive load.
Below are some explorations I went through before finalizing my designs.
Designing for Simplification
Designing Different Multi-Step Forms
Challenges
Time constraints, inefficient process execution, and engineering limitations presented interesting challenges that resulted in more effective collaboration and trade-offs.
During the first iteration of our SSO project, I faced the challenge of having a tight timeline and significant time zone differences when collaborating with our engineering team in India. This led to simultaneous design and engineering work, resulting in features being built without proper consultation. To address this, I broke down my design work into smaller chunks and scheduled more live demo meetings with the engineering team. This approach kept them informed of my progress and upcoming work, enabling more real-time communication and reducing rework.
During the second iteration of our SSO project, I faced engineering limitations for a specific user function. Creating a solution for this function required creativity and flexibility, as my initial solutions didn't align with engineering capabilities. I had to think outside the box and generate multiple options to find the best one that worked within engineering constraints.
Testing
My PM and I tested users’ ability to configure SSO by conducting a usability test with 25 internal users and 3 enterprise customers.
Using a link to a test environment, my PM and I provided testers with clear instructions to configure SSO asynchronously. The usability test revealed one significant user flow issue: if users attempted to switch their sign-in method to SSO-only without having successfully configured SSO, an error would occur and they would not be able to log in.
Although my designs had checkpoints to ensure that users completed each step of the process, configuration errors could still occur, purely due to the complexity of having to go back and forth between two different applications. To address this issue, I implemented a modal screen with clear instructions for administrator users to log out and log back in via SSO. This feature guides users to test their SSO configuration while allowing them to still be able to log in with Esper credentials.
Launch & Impacts
Once I finalized my designs and flows, our team launched our SSO feature, resulting in a 38% adoption rate of enterprise customers.
After exploring solutions that met user requirements, engineering limitations, and solved usability testing pain points, I finalized my design and flows. The second SSO iteration included more functions that we were unable to complete during the first iteration. Enhancements were also made during the second iteration, due to gaining more user information from Esper’s own IT admins and results from usability testing.
Reflections
Some lessons that I’d take for my next project…
Observe users during testing.
In our usability testing, the absence of observational data limited our understanding of users' behavior and difficulties. Relying solely on user feedback may have overlooked important details. To improve future testing, I plan to track real-time user behavior to assess task completion ease.
Establish the hand-off process early.
In hindsight, starting a hand-off discussion with the engineering team before beginning the SSO project would have ensured better alignment. This was my first time working with our engineering team in India, so understanding their workload capacity and collaborating on design presentation in line with their timeline, especially across different time zones, could have been more effective.