As we began a pivotal redirection with the next-gen version of our EHS software, we knew our authentication experience was one of the keys for broader adoption of the product. Customers found the current authentication process to be limiting, arduous, and often confusing. The current login experience did not closely enough account for who our customers were and what they needed.
Our objective with the authentication experience was to create something that would be readily adopted by current customers and provide added value by being a market differentiator for future customers. We needed to design an authentication framework that was more flexible and customizable based on the different data security needs of our customers, whilst meeting data protection and security best practices.
After researching with numerous customers, it was evident just how common of a pain point it was for EHS managers to have employees that didn't have email addresses or want to share them with their employer. We pivoted to the use of usernames instead of email addresses, but after a couple of workflow iterations, it quickly became evident that username availability among millions of users may become a concern in the future. To address this, I designed an experience that allowed users to login via their own VelocityEHS domain. In addition to providing the customer with a more customized portal, it required that usernames only be unique among their respective domains. Testing revealed that branding the portal was a huge value add for customers, and users appreciated that the domain was cached after their initial login.
To further enable users who didn't have email addresses, we incorporated SMS services. The design enabled users to manage how they wanted to receive notifications, password resets, etc. in their user profile.
To enhance security measures, we implemented the ability for customers to enable two-factor authentication. When enabled, the design prompted the user for additional validation based on the communication method(s) specified in their user profile.
Customers also now had the ability to customize their password complexity rules. The design informed the user of the configured password parameters, which were dynamically validated as they entered a password.
I also designed an interface in the product settings for customers to manage their authentication methods and configure their SSO connections.
