Redesign UX flows, onboarding, SSO

This is in fact a multi-circle topic: the redesign of the user/member onboarding flow. In the document I have described the current pain points and some suggestions for redesigning the process in the new website. It should help us discuss the need for a user account / identity management server. We have the offer from IndieHosters to learn from their experience with keycloak. This document is a non-technical approach to explore what we could need short and mid-term.
It also provides ideas for making the website the central place for users to deal with and get access to everything

Please have a look in the document, add comments, improvements and corrections as you see fit and feel free to comment here :wink:
BTW I have taken the flow diagrams that we initiated on Eileen’s miro board and described the key issues, usecases and possible plans for the future into this document:


I was halfway through making a new post about this when I realised I was basically duplicating your work @wouter. Thank you for starting this! I wonder if it’s worth adding “SSO” to the title to make clear that this is the place to discuss it.

One thing I wanted to add to the “pain points” is that operational members need at least 4 sets of credentials per person: Discourse, Nextcloud, Greenlight (possibly ×2), and Kimai.

And, on the technical platform, I thought it would be helpful to drop in the earlier thoughts from the tech circle:

As a post-script, Autonomic uses Keycloak and it’s OK but I share @unteem’s concerns with the UI.

Nextcloud also now does support OIDC so maybe hyda is a better solution, although it doesn’t sound like any of us has personal experience with it.

Last I checked a couple of months ago, Kimai doesn’t support any SSO protocols (LDAP, SAML, or OIDC) and the only option for login integration is LDAP – but I don’t think that should hold us up.

Autonomic could potentially help with implementation, especially if any budget can be allocated to this work.

1 Like

thanks @3wc for recompiling these posts and the offer to help out with this. As we discussed last week, we look forward to first have an exploratory meeting to study 1) our needs and 2) the possible solution with keycloak. Our needs are somewhat drafty documented and I feel this is a moving target: the more the solution can provide us, the more interesting our needs :wink:

We look to plan a dedicated session in the first weeks of January where we get together with @unteem, hopefully @decentral1se and @3wc to get a better feel for keycloak as part of the solution and @georgiamoon, Eileen, @melissamcnab @osb @benhylau @Yurko to think of how we want to streamline our onboarding and user management with SSO. Also I’d like to invite @NickM from Resonate as they are struggling with similar challenges over there.

Here’s a few options

keycloak SSO user management session
  • 12/01 10 GMT
  • 13/01 10 GMT
  • 14/01 10 GMT
  • 15/01 10 GMT
  • 12/01 14 GMT
  • 13/01 14 GMT
  • 15/01 14 GMT
  • it’s not problematic if I cannot make it

0 voters

hopefully one of those dates fits most or all!


great, thanks for your votes! 12th and 13th fit all, let’s see who helps to make the final choice :wink:
@decentral1se @dvdjaco @NickM ?

1 Like

Good day, new year and new decade to you all :slight_smile:
based on your preferences I conclude that we meet next Wednesday 13th at 14h GMT, see here the event. See you then!

thanks to all for the great session, I learnt a lot and was happy to validate several doubts! Thanks to @unteem in particular. And to @georgiamoon for keeping notes - I have added to them after the meet, and included the links to the recordings of the session. See here the notes.