User Assignment Component Framework
I designed a set of reusable components to enable AWS applications to integrate with a central identity store. I contributed primarily as a UX designer to this project.
The Challenge
AWS Identity was launching new capabilities to enable AWS applications like SageMaker Studio or IoT SiteWise to connect to a central Identity store. This identity store could further be connected to a customer’s corporate directory to enable those identities to be used for authentication.
My challenge was to design a set of components that could be used and reused across AWS for user and group assignment. The components needed to work for a diverse set of applications who may have different requirement variants.
The Requirements
The experience needed to enable new users in a standalone AWS account to set up AWS SSO and underlying requirements such as AWS Organizations. In an account that was an AWS Organizations member account, there needed to be a method to check if the AWS account and AWS organization was configured correctly, and if not, display sensible error messages to enable the user to configure their account correctly.
The Process
I formed a cross-organizational working group with designers, engineers, and leadership from AWS application teams. In order for the project to succeed we needed consensus across several teams. I gathered requirements from those teams and understood what their users needed based on the research they had done. From there I identified two major user groups who had different needs. One group, the “quickstart” users needed to get started as quickly as possible, while the “enterprise users” group would want to integrate the application with their existing AWS footprint and follow all the best practices.
The Solution
I designed four reusable widgets to cover all the cases for setting up your AWS application.
1. The Config Widget - The config widget ran a series of test to ensure your AWS account was configured properly to set up an AWS application and connect it to the central identity store. To help the team visualize how it worked I created a flowchart to make sure we captured all the possible edge cases.
The implementation of the widget was a simple alert message with specific details about prerequisites needed if your account wasn’t configure properly.
1. The First User Widget - The first user widget was simple but has a lot of logic packed into it. It performs multiple API calls in sequence to configure the environment for standalone AWS accounts, and create your first user. You can add additional users subsequently. This widget was targeted specifically at the “quickstart” use case.
1. The Picker Widget - The picker widget let AWS app administrators pick users to assign to an application. This could be done during the creation of the application, or later after the application was initialized.
1. The Microsoft AD Picker Widget - This is a variant of the picker widget, specifically for the case when customers have a Microsoft AD directory connected as their identity source. This widget is different because due to the latency to list users from a potentially very large Microsoft AD directory, some alternate methods and interaction patterns to look up users were necessary. It also needed to account for multiple domains within a Microsoft AD directory.
