Single Sign-On
Designing a unified customer messaging platform for business teams
Role
Lead Product Designer
Team
1 designer, 5 engineers, 2 PMs
Duration
3 month
Tools
TL;DR
The Single Sign-On (SSO) initiative addressed a critical security and usability gap, enabling customers to use their own corporate credentials to login. Prior to this project, enabling SSO for a client was a manual, 2–4 week process involving engineering support, a costly bottleneck that frustrated customers and delayed deployments. I delivered a self-service SSO setup wizard that reduced setup time from weeks to under one hour, virtually eliminated the need for engineer involvement (a ~95% reduction in manual work), and removed a key barrier to winning enterprise deals where SSO was a mandatory requirement.
The Business Problem
Security & Usability Gap
AvidXchange lacked a native single sign-on capability for its AvidSuite products, meaning customers’ end users had to manage separate passwords and login processes. This was inconvenient for users and IT admins, leading to password fatigue, repeated reset requests (avg 500 reset request/day), and reduced productivity. More critically, many enterprise clients’ security policies require SSO integration; by 2024 the absence of SSO had become a frequent customer complaint (e.g. “We’ve been promised SSO for years… end users and our AP team are frustrated with the additional login steps”).
Sales & Competitive Pressure
SSO is a standard feature in most modern SaaS platforms and a common line item in RFPs. Without a scalable SSO solution, AvidXchange was at a competitive disadvantage. In fact, “lack of SSO” was explicitly identified as a product deficiency contributing to lost deals. We had ~20 customers in a limited Early Access program for SSO, but each new configuration required manual setup by Avid’s identity engineers, a process taking up to a month per customer and tying up engineering resources. This not only threatened customer satisfaction and security standards, but also slowed down onboarding of new large clients and risked potential revenue.
- Lost sales due to no SSO
- Avg of 10hrs for engineering support per setup
- Security gap in our offering
Solution & Design Approach
Success criteria
Enable self service federated SSO configuration for AvidSuite portals to improve security and user experience while drastically reducing time to enable and internal effort. Cut SSO deployment time (~2 days), reduce manual configuration by ~95%, and ensure a high self-service success rate (~95% of customers configure SSO without assistance). We also aimed to satisfy enterprise IT requirements to remove SSO as a blocker in the sales process.
Research & Collaboration
As the Product Design Lead, I worked closely with Product Management and Engineering leads in a triad model. We began by reviewing customer feedback and pain points: security teams wanted to enforce their own password/MFA policies via SSO, and administrators expressed frustration with complex, slow setup. We also gathered input from Sales on lost deals and from our Customer Support/Onboarding teams who had been manually guiding SSO setups. This research guided our ideal service blueprint for Single Sign-On for an end to end solution.
Design & Testing
I designed an intuitive setup wizard that walks an administrator through providing identity provider details (e.g. certificates, SAML endpoints, domain verification) and shows real time status of the SSO setup. We focused on clarity and dynamic field names, based on Identify Provider, to ensure admins could confidently self serve. I led usability testing with IT administrators using a high fidelity prototype. Feedback from these sessions was positive: participants were able to complete the setup with minimal confusion. Less tech savvy users needed only a step by step guide for reference, which informed us to provide in app help and an updated SSO Configuration Guide.
Throughout, our cross functional team iterated rapidly, aligning via design and executive reviews to ensure stakeholder buy in. By keeping the experience consistent with our design system components and focusing on the critical path, we delivered a streamlined solution ahead of time for the Q1 2026 General Availability (GA) launch.
Design challenges
- Platform Constraints: Product initially proposed building the SSO setup as an internal only tool due to limitations in the NextGen framework, which external users couldn’t access. I challenged this approach, as it would have added significant training and workload to onboarding and support teams. We reached a compromise: internal teams would initiate setup via an internal UI, then hand off to customers through a secure splash page to complete their portion. Then platform improvements occurred and enabled external access to NextGen, I redesigned the experience to be fully self-service within the AvidSuite portal eliminating internal handoffs and delivering the intended customer autonomy.
- Testing the SSO Configuration: Product initially deprioritized automated testing, assuming manual testing with customers was sufficient. I advocated for a self testing feature to align with industry standards and reduce dependency on internal teams. After discussions with the VP of Engineering, we implemented a self testing capability, enabling customers to validate their setup independently and securely.
Results & Impact
The SSO project delivered tangible business results and improved user experience, achieving and even exceeding its key targets:
- Dramatically Faster Onboarding: SSO configuration time was cut from a 2–4 week process to essentially same-day setup (under 1 hour of admin effort). This speed enables customers to get up and running with SSO in the same week of their onboarding kickoff, instead of waiting nearly a month. It also accelerates time-to-value for new customers.
- Operational Efficiency & Cost Savings: By automating the federation setup, we virtually eliminated the need for engineering intervention in standard SSO setups. This is a ~95% reduction in manual configuration work for our Identity Engineering team, translating to significant labor cost savings and allowing engineers to focus on core product improvements. What used to require numerous back-and-forth emails and ~10+ hours of an engineer’s time per customer is now handled by the customer’s admin independently, with Avid engineers only consulting on exceptions. This efficiency improvement not only reduces costs but also scales indefinitely as our customer base grows.
- Customer Experience & Security: The SSO feature directly addresses top customer concerns around security and ease of access. Customers can now enforce their own password policies and MFA through AvidSuite, enhancing security compliance, and their end-users enjoy a frictionless login experience without additional passwords. This has a positive effect on user satisfaction – for example, it solves the password fatigue and lockout issues cited in previous customer feedback. Early adopters have responded positively, and we anticipate a boost in customer NPS related to the improved login experience and time savings.
- Enabling Sales & New Deals: Strategically, the SSO capability has made AvidXchange more competitive in the enterprise segment. Many large prospects require SSO as part of their IT vendor standards, and our absence of SSO was a deal-breaker in multiple prior sales opportunities. Now, with a robust SSO solution GA, AvidXchange can meet this common RFP requirement. This removes a hurdle in the sales process, paving the way for new closed-won deals where SSO was previously a sticking point. While the All Hands presentation of this project focused on efficiency gains, it’s important to note the revenue enablement aspect: our sales team reports that several late-2025 enterprise deals might have been lost had we not offered SSO (e.g. in the **FinTech and Real Estate sectors as noted in win/loss analyses). In short, the SSO project not only saved costs but also helped protect and unlock revenue by meeting customer demands.