Streamlining customer SSO setup via the PTC Operator Center application, this feature enables internal users to set up and manage SSO for customers using PTC products.
Role
Lead Designer, PTC Atlas Team
Key Collaborators
Product, Engineering, Design, Tech Writing
Project Timeframe
October 2023 - April 2024
Challenge
Customers configure Single Sign-On (SSO) between their corporate identity provider (IDP) and PTC systems by working with PTC technical support. The PTC Operations team requests parameters from customers and uses pre-existing Domain Admin tool for configuration.
This process is inefficient and has several limitations including:
Limited Customization
Built on Legacy UI Framework
Access Issues
Lack of customer access
How can we address these issues and create a more streamlined experience for users?
Results
Authorized PTC employees can now leverage the new Single Sign-on (SSO) feature within the internally facing PTC Operator Center. This feature allows for the new and enhanced setup of SSO for customers, through a refined, accessible interface, eliminating the need for additional backend processes required for setup. It also centralizes organization, user, and license management to accomplish the following tasks:
Create a new SSO Connection
Modify existing connections
Refresh connections
These features manifest in the following pages and tabs:
Understanding the Problem Space
Before I onboarded onto this project, an MVP scope had already been defined by stakeholders on my team. In order to fully understand their vision and the overall context of the project, I held a series of meetings to learn more about scope and the technical landscape.
After these discussions, I learned that there were two primary objectives for this project:
Extend the SSO configuration options available to our customers by adding capabilities supported by Auth0, our team’s new authentication and authorization management platform, to the Domain Admin tool.
Make it easier for the PTC Operations team to access and use the Domain Admin tool by moving it to the PTC Operator Center and redesigning it to follow the Operator Center’s design system and patterns.
While I began to understand high-level project goals, I did not yet fully have a picture of the current problem space as well as the current primary users. Luckily, all of the users of the current SSO admin tool are internal, so it was easy to collaborate with them.
What I learned was primarily about the tool itself as well as the overall flow of real life SSO setup cases and the groups/teams involved.
Key Learnings
Through conversations with stakeholders and mapping key workflows, I identified the primary users for the new SSO Manager feature: PTC Operators. PTC Operators are PTC Atlas employees with expertise in Atlas and SaaS product configurations, often from development or technical product management roles.
They support platform operations with tasks including:
Order fulfillment for internal teams and beta programs
Customer order troubleshooting
User access troubleshooting and support
SSO integrations for customers
In addition to understanding the user base, I explored how SSO affects end users. User authentication for PTC products falls into two categories: Local User login and Federated User login (SSO). Collaborating with the team enabled me to map these key workflows and better understand the similarities and differences between the two login types.
Discovery and Definition
Understanding the current SSO setup processes and tools was essential for refining stakeholder requirements. I worked with internal users to review the tools and gather their experiences with customers and external teams.
I learned that the SSO feature exists as a barebones feature within the Vuforia Admin Center, an application that falls outside of the domain of my team’s suite of applications, but leverages a shared Atlas backend system. It allows the internal PTC user to enter customer information like Domain Names and Metadata information.
Current State Overview
The overall process of setting up SSO configurations for customers is a multistep process. In summary, customers reach out to PTC tech support to set up federation. Tech support communicates with the customer to manage essential data like:
Desired federated domains
Metadata files or URLs
Entity ID and ACS URLs
I created and validated a workflow diagram with stakeholders to ensure that I understood the current process and was able to identify pain points and opportunities for growth within this effort:
Major Pain Points in Current SSO Setup Process
Built on an unmaintained legacy application.
UI lacking overall clarity and missing key fields and data necessary for SSO setup.
Current feature does not support SaaS transformation and new technologies.
Growth Opportunities
Integrate the feature into modern applications to support updates and the SaaS transition of PTC products that require SSO.
Future support for advanced organization management features, like SSO configuration.
Streamlined SSO setup and management.
Greater overview of SSO setup details.
Research and Planning
At this stage, I had a firm understanding of the problem and requirements. However, I needed to dig further into real life examples of SSO management to better shape my preliminary design thoughts and ideas.
Comparative Analysis
After understanding the current users, technologies, and processes, I conducted a comparative analysis of internal and external products to gain inspiration and uncover best practices for SSO management. I analyzed both internal and external products offering SSO setup, including competitor products and those used by PTC and industry leaders.
Key Takeaways:
Guidance text for setup steps
Ability to add multiple domains to an SSO entity
Exposure of all relevant fields and metadata values
Editability of created SSO configurations
Information Architecture
After conducting research, I had a clearer vision for structuring the new feature. I created an information architecture to visually present my ideas alongside Product Management requirements. Overall, the feature would reside within the PTC Operator Center on a new page, allowing for the creation and management of SSO connections, which represent a collection of federated domains.
Update Workflow
The new feature primarily involves creating and managing SSO Connections, a feature unique to Auth0. To finalize the workflows with the product team, I created a detailed workflow diagram outlining all major steps. Once I received alignment, I proceeded to wireframing.
User Journey Diagram
Application Workflow Diagram
Wireframing & Iteration
With this all stakeholders aligned on the proposal, I started wireframing.
Based on my comparative research and workflow alignment, I began multiple rounds of wireframing. After each round, I brought in product management and engineering to assess the designs and see if they fit both feature and technical requirements.
Wireframing Overview
Throughout multiple rounds of wireframing, I focused on several key concepts:
Creating SSO Connections
Managing existing SSO Connections
I consistently sought feedback from stakeholders to iterate effectively and pivot if necessary.
Wireframing Finalization
After multiple rounds of wireframing, I settled on approaches that fit various critera:
Followed industry patterns for SSO management
Followed PTC Design System and Atlas team guidance patterns
Captured feature requirements
Adhered to technical limitations for development
High Fidelity Designs
Once all designs were finalized and approved, I began creating high-fidelity designs.
Based on my comparative research, workflow alignment, and wireframing, I was ready to create high-fidelity designs. The Organizations page is designed to display all existing SSO Connections and allow users to create new ones. A grid layout was chosen for logical grouping of SSO Connections and associated data, accommodating potentially hundreds or thousands of connections per environment. This simple layout made the most sense given the number of connections and the operations needed for managing existing and new connections.
High Fidelity Design - SSO Connections Page
Overview
This page presents a table layout as the primary interface for viewing all existing SSO connections.
The columns display the most relevant and distinguishing values, providing users with a quick summary of each connection.
Key features:
Display all existing SSO connections within the environment (e.g. Dev, Staging, Production)
Filter SSO Connections
Create new SSO Connections
Delete existing SSO Connections
View connection statuses
Drill into specific SSO Connections for more details
SSO Connections Page
High Fidelity Design - Create SSO Connection Page
Overview
This page offers a form-like experience as it serves as the primary location for entering essential SSO metadata.
Given the form's complexity, I included ample help text to describe each section's purpose and overall impact on the customer.
Each field was selected based on core Auth0 requirements for establishing new SSO Connections, with many inclusions predetermined by technical needs.
However, much of the challenge involved collaborating with engineering teams to fully understand the requirements.
Key Features:
Create new SSO Connection
Customize federation type
Select scope of SSO by customer domains
Generate metadata to send to customer for IdP configuration
Configure SAML Mappings
SSO Connection Details Page
High Fidelity Design - SSO Connection Details Page
The post-creation SSO Configuration Details page follows a similar layout to the initial connection creation form. This intentional design choice provides users with a consistent experience by maintaining the same format and information structure they are already familiar with.
Key Features:
Edit configuration details (e.g., domains, paired organizations)
Delete configurations
Refresh configuration status
SSO Connection Details Page
Example Workflows
These workflows illustrate the step-by-step processes users follow to accomplish key tasks using this feature, focusing on managing both new and existing SSO Connections. For a more in depth look into the other Pages and Workflows not depicted, please reach out to me at mdunkelman@gmail.com.
Create SSO Connection Workflow
Delete SSO Connection Workflow
Update SSO Connection Workflow
Final Takeaways
Reflecting on this project, several key insights have emerged along with considerations for future steps.
Understanding the problem space
Focusing on SSO and establishing a solid foundational knowledge base significantly streamlined the process. Armed with this knowledge, asking informed questions prompted deeper conversations with stakeholders, sparking new feature ideas and design considerations.
Importance of collaborating with engineering
This project relied heavily on technical knowledge and understanding of the Auth0 framework and SSO. Asking questions, validating designs, and maintaining close collaboration with engineering were crucial for designing a sound, technically feasible solution.
Overall Reflection
I gained essential insights through stakeholder collaboration and delved into a new problem space. This experience has equipped me with valuable knowledge for future projects, as well as for enhancing and adding features to this project itself.
Design Next Steps
As the lead designer for the Operator Center, where this feature resides, I continuously gather and incorporate internal user feedback. Additionally, SSO configuration will have customer-led capabilities on another application managed by my team, which I am currently designing.
