/
Platform Initiative: Single Sign-on

Platform Initiative: Single Sign-on

Owned by Ben Bradley, created
Last updated: Jul 26, 2023

 

Created Date

Oct 31, 2022

Target PI

2023 PI 4

Target Release

 

Jira Epic

https://economicmodeling.atlassian.net/browse/ARK-8745 - only a partial initaitives

Document Status

Draft

Epic Owner

@Ben Bradley

Stakeholder

@Christian Asivido @Kaleb Trotter

Engineering Team(s) Involved

Analyst

Initiative

Modernize Access

Customer/User Job-to-be-Done or Problem

As a customer admin, I want to be able to control access to the Analyst platform via my internal identity provider. I want to be able to purchase a package with unlimited seats to the platform, and have:

  1. New employees able to login using our internal SAML provider

    1. Users are able to log in on their first attempt via Just-in-Time Provisioning (JIT or SCIM, tbd)

  2. Old employees lose their access when they leave the organization, as their login is via my internal systems.

 

When adding/removing employees, I want to have their login controlled by SSO for authentication, so I can improve security and restrict access by former employees.

If I have paid to have unlimited users, enables me to manage this access without sending/uploading lists of emails to customers.

Value to Customers & Users

 

  • Single sign-on enables improved security, with a single point of entry, and (some) customer control over who has access to the tool

  • Enables customers to turn off departed employees, protecting their investment and any proprietary information that is in the tool

  • Enables customers to seamlessly work between applications used regularly, including Lightcast solutions (Talent Transform, Gazelle)

Value to Lightcast

Sometimes we do things for our own benefit. List those reasons here. 

Value to Lightcast:

  • Decreased time for CS and support spent supporting lost emails when customers are logged in through their own internal SSO systems

  • Decreases ability of users to share logins

  • modernizes platform with feature that most customers expect. Becoming table stakes

  • enables large organizations to have more users, more easily, increasing stickiness.

    • Example: AGS wants several thousand users of Talent Analyst

 

Target User Role/Client/Client Category

Main priority: enterprise clients

  • Allegis - expects SSO in order to expand usage significantly

  • Coursera - requires exception to proceed with 2023 renewal in absence of SSO

  • Accenture

  • Clients with multiple Lightcast products, on- and off-platform

Secondary, but broader: all other clients

  • especially important for any with protected data in Analyst (now or in the future), including Alumni Outcomes and Talent Transform customers.

Delivery Mechanism

  • CS will enable SSO for customers that opt in and they’ll be able to then use their own systems for logging in

Success Criteria & Metrics

 

  • Lightcast employees log in with JumpCloud credentials

  • successful SSO integration for 5 customers

  • 50% of accounts with >25 named users have SSO enabled by EOY 2023

  • All new accounts encouraged to enable SSO by Q4 2023

Aspects that are out of scope (of this phase)

What is explicitly not a part of this epic? List things that have been discussed but will not be included. Things you imagine in a phase 2, etc.

  • Full admin rebuild, including providing access for customers to manage individual users

 

Solution Description

Early UX (wireframes or mockups)

SSO Login

Non-Functional Attributes & Usage Projections

Consider performance characteristics, privacy/security implications, localization requirements, mobile requirements, accessibility requirements

 

Dependencies

Is there any work that must precede this? Feature work? Ops work? 

 

Legal and Ethical Considerations

Just answer yes or no.

Have you thought through these considerations (e.g. data privacy) and raised any potential concerns with the Legal team?

High-Level Rollout Strategies

  • Initial rollout to [internal employees|sales demos|1-2 specific beta customers|all customers]

    • If specific beta customers, will it be for a specific survey launch date or report availability date 

  • How will this guide the rollout of individual stories in the epic?

  • The rollout strategy should be discussed with CS, Marketing, and Sales.

  • How long we would tolerate having a “partial rollout” -- rolled out to some customers but not all

 

Need to phase the rollout, including:

  1. Get a timeline, and inform internal stakeholders that it is coming

  2. Work on updating email addresses where needed away from burning-glass.com, economicmodeling.com, etc.

  3. Time the release to avoid sales demos. Enable users to have a day or two to do it

  4. Test the challenges to prepare for broader rollout

  5. Identify for which customers it would be most useful

 

Risks

Focus on risks unique to this feature, not overall delivery/execution risks. 

 

Open Questions

What are you still looking to resolve?

 

Complete with Engineering Teams

 

Effort Size Estimate

Estimated Costs

Direct Financial Costs

Are there direct costs that this feature entails? Dataset acquisition, server purchasing, software licenses, etc.?

 

Team Effort

Each team involved should give a general t-shirt size estimate of their work involved. As the epic proceeds, they can add a link to the Jira epic/issue associated with their portion of this work.

Team

Effort Estimate (T-shirt sizes)

Jira Link

Team

Effort Estimate (T-shirt sizes)

Jira Link