Table of Contents

Key Expectations

What are the “Must Haves” in order for our customers to consider User Security and Authentication to be vastly improved in Next Gen?

  • One sign-on for a user that may have many roles to fill.
  • One place to manage Users and assign security elements.
  • One place to manage Security Groups and assign to Users.
  • One place to emulate Users.
  • Better granularity of permission assignments.
  • Better self-managed security options for users.

Changes & Differences from Existing Functionality  

  • Authentication
    • Third-party user authentication
      • Identity providers maintain user secrets
      • Applies to API requests
    • Multiple Federated Identify Provider support
    • User credentials are cached
    • Permission changes are immediate
    • Will be Single Sign-On
      • A user can have a single user account that is used for all of their Aeries roles
  • Login
    • Login Page
      • > Persona + School Selection Page (if needed)
    • Single-Persona-Single-School users bypass the Persona selection page
    • User can switch Persona without logging out
  • Permissions
    • Aeries permissions are aligned with Role-Based Access Control
    • Personas define the role and are tagged with a User Type for ease of maintenance.
    • A User is top level and is granted many Personas
      • Can be granted additional permissions & field restrictions through direct group assignment
    • Are now Personas
    • Permissions are now created and granted per feature
      • Helps prevent unintended access by adhering to Principle of Least Privilege policies.
  • Account Management
    • Account & Security Management is a permission
    • Fewer Aeries maintenance pages
      • Admins can manage all accounts and security from consolidated management pages:
        • User Management, Security Management
    • Improved ability to view a user’s full effective permissions set
    • Intuitive and simplified user self-management tools
    • All emulation is handled from User Management page

      • Emulation is a permission

Wireframe Concepts  

The Login Page (mockup)

Persona Selection Page (wireframe)

Security Management Page (wireframe)

Persona Management Page (wireframe)

Security Group Management Page (wireframe)

Security Permissions Page (wireframe)

User Management Page (wireframe)

Federated Identity Provider Model

Permissions Model

Plan Summary  

  • Security Management for all types of users in Aeries NextGen will become more intuitive thereby allowing ease of (self)management with increased granularity and flexibility in assigning permissions.
  •  Users will no longer need multiple accounts!