Streamlining sign in

December 2, 2021

11 min UX Design

‘What is there to fix?‘

To get started, this project was done for Cryptlex which is a SaaS company that offers a locking mechanism of sorts to Software Vendors. The service is used by different users with different roles.

Super Admin (Account Owner)
Administrators & Tech Support
Customers (Individual users and Organizations)

User roles

The edge-case

Signing in is straight forward till we introduce a particular edge-case. A Super Admin could be an Administrator for another Super Admin’s account, in which case, signing in will require a username, which is the email address in this case, a password (till the FIDO Alliance takes over with passwordless), and an account identifier.

The existing solution was to have two sign in URLs, one for Super Admins, which is ‘app.cryptlex.com’ and another URL for Administrators and Customers, which contains the account identifier required for them to sign in.

URL mapping for Super Admins and other Users

Problem

The Super Admins and the Administrators are ultimately signing into the same application known as the Admin Portal. However, both of them have to access the application from separate URLs, which led to a lot of confusion, as indicated by the number of support tickets.

The Customers are signing in to a different application called the Customer Portal to view and manage their software purchases(licenses). This application is usually whitelabeled by software vendors using custom URLs and their own branding, to ensure a seamless Customer Experience for their Customers where they do not have to bother knowing about Cryptlex.

References

This is not an uncommon problem, the idea of separate workspaces exists in many applicaitons, including Slack.

Slack sign in page asking for a workspace URL

Okta sign in page asking for an organization address

Tests and iterations

Just use what Okta does

Okta had a good solution, especially one that created the correct mental model upfront so we decided to test it. We adapted the above user flows as follows:

Enter your email
Select the account
Enter password
Press sign in
Redirected to Admin Portal if credentials are correct

I found the above flow to be the most correct when it comes to creating mental models but a majority of our users do not have multiple accounts and they found the added friction to be tiring and unnecessary.

Just use what Slack does

Alternatively, we could have a single set of credentials to sign in and then allow the user to choose which account to access. However, due to security reasons and varying security compliances on different accounts, we could not choose this method.

Solution

After testing multiple combinations of user flows, we found a user flow that neither upset the users with single accounts nor cause any issues for users with multiple acocunts. While the solution was supported by all users, I was not particulary happy about how it portrays the incorrect mental model. The user flow is as follows:

Enter your email
Enter your password
Press sign in
Prompted to select account (if multiple)
Redirected to Admin Portal if credentials are correct

As part of this change, we also planned to remove the cryptlex.app URLs to prevent any further trust issues caused by redirecting from cryptlex.com to cryptlex.app.

The new URLs for sign in

Acknowledgements

I would like to thank:

The Domain Name System for allowing 127 levels of Subdomains.
Matej Latin for his extremely helpful case study at GitLab
Pablo Stanley for the Open Peeps library