Raffaele Gesulfo
Authorization & Authentication Experience
Mode │ Lead Product Design │ 2018 - 2019
As of mid-2020, Mode serves over 50% of the Forbes 500. These enterprise customers have very specific needs in terms of security and workflow. Not only do they manage the digital access of hundreds of people. They also have to ensure the available data is visible to the right people only. This is where everything related to authentication and authorization comes into the picture. Moving from small to big companies means a big overhaul of the way users access and interact with the huge amount of data Mode hosts. My goal was to help the team to build a robust and scalable infrastructure to accommodate thousands of users in this sensitive context.
To comply with my non-disclosure agreement, I have omitted and obfuscated confidential information in this case study. The information in this case study is my own and does not necessarily reflect the views of Mode.
Understanding the pain points
The first step was for the whole product and design teams to understand the growing pains of our customers as they kept adding more users with different profiles into Mode. We did a series of phone and video interviews to identify the key concerns.
Getting familiar with the space
Due to the fundamental nature of the problem, it exists a lot of solutions, and more importantly, integrations to solve it. We decided to go with the service provider Okta as it currently is the dominant player in terms of identity management. We also did an audit of all the ways users could sign in the app and identify any vulnerability or improvements. I was constantly thrown a lot of acronyms such as SAML, SCIM, and SSO. A big part of my job was to untangle their purpose, summarizing how they affected our solution, and leveraging their advantages.
A seamless sign in experience
At the end of my work, I defined a series of milestones for the product and engineering teams to build progressively the desired sign in experience. The changes impacted the end-user experience, as well as the administrator settings, who would be able to customize the parameters based on their company's policy.
Full control on users access
The most challenging part was to define an architecture and a lexicon for the whole company to adapt. So that everyone would understand complex concepts the same way across departments. For instance, talking about our reports, spaces, and data connections as resources, and users and teams as actors. This aspect of the project was planned for months and designed in a flexible way to take into account other initiatives running in parallels.