How to Balance Security With Usability for Single Sign On

Company Intranet Homepage


A custom application was created to centrally keep track of users and access rights for all web applications. I was brought on as the UX researcher to add single sign on and adapt all internal apps to the new sign on process.

  • Problems & Constraints
    The web app being added to had limited frameworks since it was created in an old programming language. I was asked to match the existing design elements already in place, and to make sure it was integrated to feel like it had not been bolted on.
  • Personas
    Employee This application affected all employees when trying to access internal resources from an unsecured location. They care most about getting past the login as quickly as possible.
    Developer care most about ease of configuration. As they add new applications to the system they need to configure the authentication to allow certain features to certain users.
    Application Owner The user base interacting with the interface for this application can range from experts setting permissions in the application two to four hours a day to managers unfamiliar with the application and only occasional users forced to input information.
  • Team Dynamics – 1.5 Years
    Project Managers-2, Researchers-1, Designers-1, Software Engineers-3.5


  • Employee trust improved for central authentication application because of consistent branding.
  • Ability to add old and new applications to central authentication application was completed.

Flow Evaluation

The first thing after joining the project was to verify each path. I worked with the security group to find different paths that worked securely and tested the paths against each other. From this I was able to work with the product managers and work out the stories assigned to different personas and the flow of the user with the developers.

Branding Evaluation

During the exploratory research one of the large concerns that came up was when switching all users over to a new sign-in, there would a lot of users that would be switched without any notice. There was a large chance they would feel like their computer was hijacked or they were at the wrong log-in page. This made getting the branding right and how it was presented to users important

Iterative Research

The project was being handled as an Agile process in the start then transitioned to Kanban to transition individual apps to the new authentication. To help with the research process I would stay one sprint ahead of the developers when possible. The authentication was added, then new features were added as needed as each app was switched over.
Wireframes were used to test different information architectures and how new features were added. Wireframes were also used to test a new wizard and branding styles as shown in the account information screen.

Once the software was built, User testing was done again with the finished product and audit reports were submitted for the next sprint backlog.


Different reports were created based on the audience. General overviews for project managers and weekly updates were created for the build team. More general presentation slides were created for Project sponsor updates, and after release analytic evaluations were done for feature effectiveness.