Streamlining customer SSO setup via the PTC Operator Center application, this feature enables internal users to set up and manage SSO for customers using PTC products.
Role
Lead Designer, PTC Atlas Team
Key Collaborators
Product, Engineering, Design, Tech Writing
Project Timeframe
October 2023 - April 2024
Challenge
Customers set up Single Sign-On (SSO) by working with PTC technical support, using the legacy Domain Admin tool. However, this process is inefficient and faces several challenges:
Limited Customization
Built on Legacy UI Framework
Access Issues
Lack of Customer Access
How can we overcome these limitations and create a more efficient, user-friendly experience?
Results
Authorized PTC employees now use the enhanced Single Sign-On (SSO) feature within the PTC Operator Center, simplifying customer SSO setup through an intuitive interface.
The new tool eliminates backend processes and centralizes organization, user, and license management, enabling tasks such as:
Creating new SSO connections
Modifying existing connections
Refreshing connections
These capabilities are featured across the following pages and tabs:
Where We Started
Before I joined the project, stakeholders had already defined an MVP scope. To align with their vision and understand the technical landscape, I held several meetings with the team.
Through these conversations, I identified two main objectives:
Expand SSO configuration options by integrating Auth0 into the Domain Admin tool.
Improve usability for PTC’s Operations team by migrating the tool into the Operator Center and aligning it with its design system.
To better understand the current problem space and user needs, I connected with internal users of the existing SSO admin tool. These discussions revealed how SSO setup works in practice and the teams involved—giving me critical insight into both workflow and pain points.
Meet the Operators
By speaking with stakeholders and mapping workflows, I identified the primary users of the new SSO Manager: PTC Operators.
These are internal Atlas team members—often from dev or technical PM roles—who support platform operations, including:
Internal and beta program order fulfillment
Troubleshooting customer orders and user access
Setting up SSO integrations for customers
I also explored how authentication affects end users. PTC products support two login types: Local User and Federated (SSO). Collaborating with the team helped me map the workflows and better understand their differences and edge cases.
It's not our tool - but it's our problem
To refine stakeholder requirements, I needed a clear picture of the existing SSO setup. I partnered with internal users to review current tools and capture their experiences working with customers and external teams.
I learned that SSO functionality currently exists in a minimal form within the Vuforia Admin Center—a tool outside our team’s ownership but built on the shared Atlas backend. The tool allows internal users to input customer data, such as domain names and metadata, but offers limited functionality and a disjointed user experience.
How it actually works (and why it's clunky)
Setting up SSO configurations is a multi-step process involving coordination between customers and PTC tech support. Typically, customers reach out to request federation setup, and tech support gathers key information, including:
Desired federated domains
Metadata files or URLs
Entity ID and ACS URLs
To better understand this process, I created a workflow diagram and validated it with stakeholders. This helped surface pain points and opportunities for improvement in the existing setup.
Major Pain Points in Current SSO Setup Process
Built on an unmaintained legacy application.
UI lacking overall clarity and missing key fields and data necessary for SSO setup.
Current feature does not support SaaS transformation and new technologies.
Growth Opportunities
Integrate the feature into modern applications to support updates and the SaaS transition of PTC products that require SSO.
Future support for advanced organization management features, like SSO configuration.
Streamlined SSO setup and management.
Greater overview of SSO setup details.
Learning from the Landscape
With a solid grasp of the problem and user needs, I shifted focus to researching how SSO is handled in real-world applications. This helped inform my early design thinking.
Comparative Analysis
I reviewed a mix of internal tools and external platforms—including competitor products and solutions used by PTC and industry leaders—to identify patterns and best practices for SSO management.
Key Takeaways:
Clear guidance text for each setup step
Support for multiple domains under one SSO entity
Visibility into all relevant fields and metadata
Ability to edit existing SSO configurations
Where should this live?
With a clearer vision after research, I began shaping the structure of the new feature. I mapped an information architecture to align my design direction with product requirements and team expectations.
The SSO Manager would live within the PTC Operator Center, introduced as a new page dedicated to creating and managing SSO connections - a collection of federated domains grouped under a single configuration.
Mapping the Moving Parts
To bring clarity to the SSO Connection creation flow—a feature unique to Auth0—I created a detailed workflow diagram that outlined all major steps. Collaborating closely with the product team, I refined and validated the flow until we reached alignment.
With the workflow locked in, I moved into wireframing.
User Journey Diagram
Application Workflow Diagram
The Iteration Loop
With stakeholder alignment in place, I began wireframing, grounded in research and validated workflows. I explored multiple approaches for:
Creating SSO Connections
Managing existing connections
After each round, I gathered feedback from product and engineering to ensure alignment with both feature goals and technical constraints.
Final Designs Prioritized
After multiple rounds of wireframing, I settled on approaches that fit various critera:
Followed industry patterns for SSO management
Followed PTC Design System and Atlas team guidance patterns
Captured feature requirements
Adhered to technical limitations for development
Bringing It All Together
With designs finalized and approved, I moved on to high-fidelity designs. Drawing from research, workflows, and wireframing, I crafted the Organizations page to display and manage all SSO Connections.
A grid layout was selected to logically group connections and related data, accommodating the potential scale of hundreds or thousands of connections per environment. This simple yet scalable design ensured ease of management for both new and existing connections.
High Fidelity Design - SSO Connections Page
The SSO Connections Page serves as the main interface for viewing and managing all SSO connections. A clean table layout presents the most relevant values, giving users a quick overview of each connection.
Key features:
Display all existing SSO connections within the environment (Dev, Staging, Production)
Filter SSO Connections
Create new SSO Connections
Delete existing SSO Connections
View connection statuses
Drill into specific SSO Connections for more details
SSO Connections Page
High Fidelity Design - Create SSO Connection Page
The Create SSO Connection Page is a form-based interface designed to capture critical SSO metadata. Given the complexity of the task, I included clear help text for each section to explain its purpose and impact.
While the form is lengthy, I made the intentional choice to display all fields at once. This decision was based on feedback from users who frequently create SSO connections live with customers, handling complex, real-time information.
Ensuring all fields were visible at once allowed users to manage the full context without losing track of necessary details.
Collaborating closely with engineering also helped ensure the form met both technical requirements and user needs.
Key Features:
Create new SSO Connection
Customize federation type
Select scope of SSO by customer domains
Generate metadata to send to customer for IdP configuration
Configure SAML Mappings
SSO Connection Details Page
High Fidelity Design - SSO Connection Details Page
The SSO Connection Details Page mirrors the layout of the initial creation form to maintain a consistent user experience. By keeping the same format and information structure, users can seamlessly transition between creating and managing connections without any cognitive load.
Key Features:
Edit configuration details (e.g., domains, paired organizations)
Delete configurations
Refresh configuration status
SSO Connection Details Page
Example Workflows
These workflows illustrate the step-by-step processes users follow to accomplish key tasks using this feature, focusing on managing both new and existing SSO Connections. For a more in depth look into the other Pages and Workflows not depicted, please reach out to me at mdunkelman@gmail.com.
Create SSO Connection Workflow
Delete SSO Connection Workflow
Update SSO Connection Workflow
Measuring Success
After launching the SSO Manager, internal PTC users praised its ease of use and the ability to streamline SSO setup with customers, making configurations faster and more efficient.
Key outcomes:
Efficient SSO Setup: Reduced time spent troubleshooting and configuring.
Positive Feedback: Users found the interface intuitive and streamlined their workflows.
Continuous Improvement: A feedback loop with users and stakeholders informed our backlog for future updates.
This feedback confirmed the tool’s effectiveness and set the stage for ongoing refinement.
Final Takeaways
Reflecting on this project, several key insights have emerged along with considerations for future steps:
Understanding the problem space
Focusing on SSO and establishing a solid foundational knowledge base significantly streamlined the process. Armed with this knowledge, asking informed questions prompted deeper conversations with stakeholders, sparking new feature ideas and design considerations.
Importance of collaborating with engineering
This project relied heavily on technical knowledge and understanding of the Auth0 framework and SSO. Asking questions, validating designs, and maintaining close collaboration with engineering were crucial for designing a sound, technically feasible solution.
Overall Reflection
I gained essential insights through stakeholder collaboration and delved into a new problem space. This experience has equipped me with valuable knowledge for future projects, as well as for enhancing and adding features to this project itself.
Design Next Steps
As the lead designer for the Operator Center, where this feature resides, I continuously gather and incorporate internal user feedback. Additionally, SSO configuration will have customer-led capabilities on another application managed by my team, which I am currently designing.
