design-system icon indicating copy to clipboard operation
design-system copied to clipboard

Published 20 hours ago verified publisher icon Royal-Navy

Design Patterns: Account flow

Open k9dh3zij opened this issue 3 years ago • 3 comments

  • [ ] Spike: Understand what is possible with keycloak
  • [ ] Sign up (new account creation)
  • [ ] Sign in
  • [ ] Reset password
  • [ ] Sign out
  • [ ] Account page (?)

k9dh3zij avatar Sep 15 '21 12:09 k9dh3zij

On hold until we can get more information to allow us to progress with design.

k9dh3zij avatar Oct 04 '21 08:10 k9dh3zij

This issue has been marked as stale because it has been open for 60 days with no activity

github-actions[bot] avatar Dec 06 '21 01:12 github-actions[bot]

Some questions to consider

General questions

  • How do end-users get their app accounts?

    • Is there a minimum set of details required to sign up?
    • Is there a minimum set of details required to reset a password?
    • How is access control guaranteed?
      • Do new applications get manually approved by an admin or is it an automatic process, eg. based on email domain?

  • Are there any minimum standards regarding:

    • Password complexity
    • 2FA
    • Failed number of attempts to login

  • If there is 2FA, what methods are available?

Technical questions

  • Is there a SSO/Federated system or does each app require a new account?

    • If there isn't - can we push for one?

  • Does Keycloack allow theming and to what extent?

    • Form inputs and buttons?
    • Background image?
    • Logo?
    • Changing default text (eg "Username" to "Email address", "Sign up" to "New account", "Reset password" to "Forgot password" etc)

  • Does Keycloack have set flows for 'New account' / 'Reset account' ?

    • Can these change? (eg. to integrate 2FS, or minimum set of information needed for a password reset)

  • What other solutions are used, in addition to Keycloack?

  • Anything else?

k9dh3zij avatar Mar 20 '22 18:03 k9dh3zij