HemiKnowledge BaseHemiCore
Table of Contents
Related Articles
Knowledge Base
Hemi System Administration Integrations Hemi PRD Library Hemi Content Stream General Information Custom additions Core Integrations & Marketplace Documentation Hemi Advanced Functionalities Data Management MP Tokens generation Hemi Technology Trainings Hemi Platform Integrations Release Notes
FAQs

Hemi UI / Hemi 3 0 UI - Functional Scope and Wireframes / Login - Done

Login - Done

The login in Hemi will happen via 3C manager portal as part of the 3C products portfolio. Threecolts Single Sign On (3C SSO)

  • Old Scope Archived

    User Journey Flow

    The journey visualize the possible flows (successful and unsuccessful login) and also the requirements for each phases.

    As per agenda, we have described the things that we “must have“ - pink color, “nice to have“-green color & things that we can “improve/change“ - blue color. Also, we have listed a “frustrations“- yellow color. Note: Each frustration is taken into account in “must have“ , “nice to have“ or ”improve/change” sticky note.

    Important: “Nice to have“ things that we have listed would not be part of MVP. They will be implemented on a later stage.

    Requirements and Functionalities

    • Standard login - email + password
      • Password strength enforcement
      • Brute force protection with exponential time out
        • 30 seconds after 3 wrong attempts
        • minute after the 4th
        • 5 minutes after the 5th
        • user block after the 6th wrong consecutive attempt with notification for the instance to be tracked by authorised personal - send a mail notification
      • If first login user should be guided to change their generated password
      • Password field to be masking every character after 5 seconds of no input, or after the input of a next character
      • Password field to have a view icon to allow for password reveal
      • Hint for Caps Lock when writing down a password
    • 2 factor authentication
      • Most probably Google authenticator integration
      • Remember me on this device (working only for the 2 factor authenticator)
      • Brute force block
        • 3 wrong attempts give a warning notification
        • 4th wrong attempt - block the account with relative notification - send mail too
      • If first login user should be guided to set a 2FA
    • Reset password/Forgot password
      • email providing field to send the new password to (if mail not triggered by you please check your account security or please ignore this message)
      • Brute force block
        • 3 wrong attempts give a warning notification
        • 4th wrong attempt - block the account with relative notification - send mail too
      • Password reset should not reset or go around an already set 2 factor authentication on an account. IF a password has been reset, 2FA “remember me” should be dropped and 2FA enforced for the next login attempt
      • After password reset and successful login the user should be guided to change their password
    • Contact support - Link to the tool ticketing system accessible on every step of the way
    • FAQ - Link to the FAQ sections of the tool accessible on every step of the way
    • Other
      • Preselected username type
      • “enter” keyboard stroke to trigger the “login” function
      • “tab” keyboard stroke to move to next available element (from user to password, from password to login key, etc.)
      • Every field on every section where input is available is a “mandatory” field. Upon trying to proceed without input an error is to be returned
    • If user write down wrong password, proper error message to be displayed ( for example “wrong password“)

    Tracking

    • Unsuccessful attempts & blocked users
    • Successful logins and time ❓ spent in the tool
    • User devices connected
      • Send security mail notification for connections from new devices

    Session

    Using the login page to add a bit more on session and expiration - I’d prefer us to keep a session running for up to 30 mins or an hour if possible if idle and if not idle (clicks in the tool to refresh) up to 24 hours past which a login should be enforced. At any such forced session expiration of a user the login page should already have a pre populated user and selected password field for a login attempt

    Visuals

    Simple, straight to the point login page with branded colours and primary and only focus on the login

    Idea: have a split screen 30/70 % with branded colours, login box in between or in second part of screen. As a successful login is performed the 30% colour goes into animation shrinking to the left and turning into the menu, simultaneously loading the main page in the main section

    Danail Deltchev (Unlicensed) to add images

    Mock up:

Is this article helpful?
0 0 0