Nolan Kembel

Product Manager

About

Journey

Writes

Bookmarks

Projects

2024 Goals

Social

Linkedin

Github

Behance

Layers

Medium

Nolan Kembel

Product Manager

About

Journey

Writes

Bookmarks

Projects

2024 Goals

Social

Linkedin

Github

Behance

Layers

Medium

Nolan Kembel

Product Manager

About

Journey

Writes

Bookmarks

Projects

2024 Goals

Social

Linkedin

Github

Behance

Layers

Medium

Onboard faster

User Authentication

Lorem ipsum, dolor sit amet consectetur adipisicing elit. Maiores impedit perferendis suscipit eaque, iste dolor cupiditate blanditiis ratione.

Role: Product Manager, Product Designer

Contributions: PRD, UX Flow, UI Mockups

Result: 30% higher success rate when authenticating users.

Product Builidng Process

Research

Best practices

Technologies stacks

Architecture

Design

Analyze

What did I learn from researching? How do we begin building?

Design

Create mockups and wireframes of the product

Prototype

Work with engineers to build the product

Product Requirements

body text

Research

The fastest way to build user authentication into an app is to leverage a pre-built Identity-as-a-Service (IdAAS) solution like Auth0, Firebase Authentication, or Okta, which handle the complexities of user management and authentication, saving time and effort. 

Leverage Pre-Built Authentication Services (IdAAS):

Instead of building authentication from scratch, which is complex and time-consuming, we opted for an established IdAAS solution. 

Examples:

Auth0: Offers a wide range of authentication methods, social logins, and single sign-on (SSO) features. 
Firebase Authentication: A robust solution from Google, particularly well-suited for web and mobile apps. 

Okta: Another popular option, known for its enterprise-grade security and flexibility. 

Benefits:

Simplified Implementation: IdAAS solutions handle the backend logic, making integration easier and faster. 

Security: They are designed with security in mind, providing robust authentication and authorization features. 
Scalability: They are built to handle large numbers of users and traffic. 

Reduced Development Time: You can focus on building your app's core features instead of authentication. 

Conclusion:

IdAAS solutions handle the backend logic, making integration easier and faster. 

Decision criteria matrix

Source: AWS Blogs

Authentication Architecture Diagram

Source: Yurii Kuzemko

Analyze

I mapped out the current steps in our login process for both the DML Publisher Hub and Marketplace. 





The goal here was to get a clear sense of the flow and find existing pain points. 





Issues I found were unclear error messages, outdated flows, and outdated UI.

Since we were almost certainly going to use AWS Cognito as our pre-built Identity-as-a-Service (IdAAS), our considerations moved to using the hosted UI or Custom UI (SDK).





We had designed custom UI so it was easy to want to use it, but after more research, it was obvious that it was the right choice to use the pre-built Cognito UI.

While it would have been possible to use custom UI, it requires a significant development effort to implement the WebAuthn ceremony and the custom authentication flow using Lambda triggers and creating functions for WebAuthn Ceremony, Error and Fallback Handling, Storing Public Keys, and more. Cognito has these functions already built.

Prototype

We already had the UI prototypes built out before we decided to utilize the pre-built AWS Cognito UI. 





This was an unnecessary step, but also a learning lesson in my journey to becoming a senior product manager.





Although we didn’t use this exact UI, it was still helpful for the product and engineering team to visualize what we want the login process to look like.


Pre-built Identity-as-a-Service (IdAAS):

AWS Cognito
- Why it's a great fit: 

The main reason we used Cognito is because our platform is built on AWS. It's a scalable and cost-effective IDaaS that integrates seamlessly with other AWS services.

- User Pools: Provides a user directory with built-in functionality for sign-up, sign-in, and managing user profiles.
- Federation: Supports social logins (e.g., Google, Facebook) and SAML-based identity providers.
- Email & SMS Verification: Handles sending emails for account verification and password resets.
- Customizable UI: Provides a hosted UI that can be customized, or you can use its SDKs to build your own.

Sign-up Flow Mockup

Login Flow Mockup

Sign-up Flow Diagram

The Sign-up Flow Diagram illustrates a comprehensive user login and registration process with several key features:

1. Authentication Methods:

Username/Password: A traditional registration and login method with email verification and password reset functionality.
Social Logins: Users can sign in or sign up using third-party identity providers like Google, Facebook, and LinkedIn.

2. User Types:

New User: This path includes registration, email verification, and a "first-time" user flow. It involves entering personal details and receiving a confirmation email.
Returning User: This path handles both traditional password-based logins and social logins.

3. Password Management:

Forgot Password: A flow that sends a password reset link to the user's email.
Change Password: A feature for existing users to update their password.

4. Email Verification:

Both new user registration and password reset flows rely on sending verification links to the user's email inbox. This is a critical security measure to confirm user identity.

5. Device Management:

Passkeys for both mobile and desktop

6. Flow Logic:

Clear decision points (diamonds) and sequential steps (rectangles) to guide users through different scenarios, such as successful vs. failed logins, correct vs. incorrect email addresses, and verification link redirects.

Error Messages

NotAuthorizedException

UserNotFoundException

InvalidParameterException

CodeMismatchException

ExpiredCodeException

LimitExceededException

AliasExistsException

InvalidPasswordException

UserLambdaValidationException

ThrottlingException

ServiceException

Onboard faster

User Authentication

Lorem ipsum, dolor sit amet consectetur adipisicing elit. Maiores impedit perferendis suscipit eaque, iste dolor cupiditate blanditiis ratione.

Role: Product Manager, Product Designer

Contributions: PRD, UX Flow, UI Mockups

Result: 30% higher success rate when authenticating users.

Product Builidng Process

Research

Best practices

Technologies stacks

Architecture

Design

Analyze

What did I learn from researching? How do we begin building?

Design

Create mockups and wireframes of the product

Prototype

Work with engineers to build the product

Product Requirements

body text

Decision criteria matrix

Source: AWS Blogs

Authentication Architecture Diagram

Source: Yurii Kuzemko

Research

The fastest way to build user authentication into an app is to leverage a pre-built Identity-as-a-Service (IdAAS) solution like Auth0, Firebase Authentication, or Okta, which handle the complexities of user management and authentication, saving time and effort. 

Leverage Pre-Built Authentication Services (IdAAS):

Instead of building authentication from scratch, which is complex and time-consuming, we opted for an established IdAAS solution. 

Examples:

Auth0: Offers a wide range of authentication methods, social logins, and single sign-on (SSO) features. 
Firebase Authentication: A robust solution from Google, particularly well-suited for web and mobile apps. 

Okta: Another popular option, known for its enterprise-grade security and flexibility. 

Benefits:

Simplified Implementation: IdAAS solutions handle the backend logic, making integration easier and faster. 

Security: They are designed with security in mind, providing robust authentication and authorization features. 
Scalability: They are built to handle large numbers of users and traffic. 

Reduced Development Time: You can focus on building your app's core features instead of authentication. 

Conclusion:

IdAAS solutions handle the backend logic, making integration easier and faster. 

Analyze

I mapped out the current steps in our login process for both the DML Publisher Hub and Marketplace. 





The goal here was to get a clear sense of the flow and find existing pain points. 





Issues I found were unclear error messages, outdated flows, and outdated UI.

Since we were almost certainly going to use AWS Cognito as our pre-built Identity-as-a-Service (IdAAS), our considerations moved to using the hosted UI or Custom UI (SDK).





We had designed custom UI so it was easy to want to use it, but after more research, it was obvious that it was the right choice to use the pre-built Cognito UI.

While it would have been possible to use custom UI, it requires a significant development effort to implement the WebAuthn ceremony and the custom authentication flow using Lambda triggers and creating functions for WebAuthn Ceremony, Error and Fallback Handling, Storing Public Keys, and more. Cognito has these functions already built.

Prototype

We already had the UI prototypes built out before we decided to utilize the pre-built AWS Cognito UI. 





This was an unnecessary step, but also a learning lesson in my journey to becoming a senior product manager.





Although we didn’t use this exact UI, it was still helpful for the product and engineering team to visualize what we want the login process to look like.


Pre-built Identity-as-a-Service (IdAAS):

AWS Cognito
- Why it's a great fit: 

The main reason we used Cognito is because our platform is built on AWS. It's a scalable and cost-effective IDaaS that integrates seamlessly with other AWS services.

- User Pools: Provides a user directory with built-in functionality for sign-up, sign-in, and managing user profiles.
- Federation: Supports social logins (e.g., Google, Facebook) and SAML-based identity providers.
- Email & SMS Verification: Handles sending emails for account verification and password resets.
- Customizable UI: Provides a hosted UI that can be customized, or you can use its SDKs to build your own.

Sign-up Flow Mockup

Login Flow Mockup

Sign-up Flow Diagram

The Sign-up Flow Diagram illustrates a comprehensive user login and registration process with several key features:

1. Authentication Methods:

Username/Password: A traditional registration and login method with email verification and password reset functionality.
Social Logins: Users can sign in or sign up using third-party identity providers like Google, Facebook, and LinkedIn.

2. User Types:

New User: This path includes registration, email verification, and a "first-time" user flow. It involves entering personal details and receiving a confirmation email.
Returning User: This path handles both traditional password-based logins and social logins.

3. Password Management:

Forgot Password: A flow that sends a password reset link to the user's email.
Change Password: A feature for existing users to update their password.

4. Email Verification:

Both new user registration and password reset flows rely on sending verification links to the user's email inbox. This is a critical security measure to confirm user identity.

5. Device Management:

Passkeys for both mobile and desktop

6. Flow Logic:

Clear decision points (diamonds) and sequential steps (rectangles) to guide users through different scenarios, such as successful vs. failed logins, correct vs. incorrect email addresses, and verification link redirects.

Error Messages

NotAuthorizedException

UserNotFoundException

InvalidParameterException

CodeMismatchException

ExpiredCodeException

LimitExceededException

AliasExistsException

InvalidPasswordException

UserLambdaValidationException

ThrottlingException

ServiceException