Content
View differences
Updated by Wieland Lindenthal about 1 year ago
# User Problem
## User
_What persona, persona segment, or customer type experiences the problem most acutely?_
* Project manager
## Problem
_What problem or job does the user have?_
1. UX and security are conflicting goals when adding guest users to an object, e.g. sharing a work package.
1. UX: It should be as simple as possible to enable collaboration.
2. Security: There needs a single source of all users for all users to ensure security guidelines (e.g. MFA, locking, GDPR)
2. Project admins must have a lot of information/training to understand how create users in the IDP.
1. Create a user in the IDP
2. Approve user creation
3. Sync the user to OpenProject
4. Add the user to the resource (e.g. project or work package)
## Pain
_What is the primary workaround that users perform that we could remove or replace? Why is it painful?_
* The Project Admin has to know how to request a new user in the IDP.
* The status of the user creation process is unclear.
* After the user has been created the Project Admin needs to be informed to add the user to the resource.
* In the meantime the collaboration flows are broken.
* For integrating OpenProject with other Applications, like Nextcloud, we need the same user to be present in all Applications so that a guest user can still gain the access rights on files in Nextcloud that were linked to work packages in OpenProject.
# Business Case
## Reach
_About how many users, customers or potential customers currently have this problem? (Low / Worst Case)_
* Only relevant for OpenProject that are connected to IDP (e.g. openDesk).
* Only relevant for organiations with security guideline for user management.
## Impact
_Among relevant customers or prospects, how much value do they get from a comprehensive solution to this problem? (Conservative case)._
* Easily adding users to a task makes it much easier to collaborate with those users.
## Confidence
_What are the top risk factors that could inhibit our ability to deliver this solution? Please consider how we can mitigate these risks._
* Strong dependiecies to the capabilities and product roadmaps of the IDP (e.g. UCS).
## Urgency and Priority
_What is the relative priority of this opportunity in your backlog? What tradeoffs must you make? Is there a hard deadline or could this wait?_
* Users will identify this problem on the first time when experimenting with OpenProject. However it would drive adoption and acceptation if organiations can easily add users to their resources in OpenProject.
## Solution
_How do we solve the user’s problem. What is our “pain killer”? What must we achieve in the first version of the solution in order to achieve value for the user?_
**Option "Webhook"**
* A user is created in OpenProject.
* The IDP is notfied using a webhook.
* The IDP creates the user and maps it with the OpenProject user.
* The IDP informs the user to setup the account (password, 2FA)
* There is only one email sent to the user.
* In the OpenProject frontend the status is visible.
* In the OpenProject the relevant people can be informed.
* Resend invitation
* Request approval
**Option "SCIM"**
* OpenProject and the IDP (e.g. Keycloak) both act as SCIM API provider and SCIM client.
* Users are always centrally created in the IDP. Then the IDP acts as SCIM client and creates the the users in all connected SCIM providers, e.g. OpenProject and Nextcloud.
* In case that a guest user is needed in OpenProject, OpenProject can act as a SCIM client and ask the IDP if that user already exists as a normal user or guest user.
* If the user does not exists OpenProject can POST a new Guest User via the IDPs SCIM API. That user has an attribute/flag that marks the user as a "Guest user".
* Then the IDP can propagate that guest user to all relevant systems, e.g. Nextcloud until it is present in all systems.
* Once the guest user is created in OpenProject, that user can be used as a guest user.
## Out of Scope for the MVC
_What should NOT be in the minimal viable change, and can be considered for future iterations? Why? Please order them by importance._
* Automatically create users in connected software applications (e.g. Nextcloud)
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">Get anyone on board: Seamless integration of guest accounts across multiple applications</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p">"Before this you either communicated with people of your organisation or you had to fall back to e-mail. Now, I can continue using our dedicated work management tool "OpenProject" and keep track on all tasks. Anybody of our external providers, clients, partners can be included. And we still can control the access centrally. A dream from a GDPR perspective. Nice!"</p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_
## User
_What persona, persona segment, or customer type experiences the problem most acutely?_
* Project manager
## Problem
_What problem or job does the user have?_
1. UX and security are conflicting goals when adding guest users to an object, e.g. sharing a work package.
1. UX: It should be as simple as possible to enable collaboration.
2. Security: There needs a single source of all users for all users to ensure security guidelines (e.g. MFA, locking, GDPR)
2. Project admins must have a lot of information/training to understand how create users in the IDP.
1. Create a user in the IDP
2. Approve user creation
3. Sync the user to OpenProject
4. Add the user to the resource (e.g. project or work package)
## Pain
_What is the primary workaround that users perform that we could remove or replace? Why is it painful?_
* The Project Admin has to know how to request a new user in the IDP.
* The status of the user creation process is unclear.
* After the user has been created the Project Admin needs to be informed to add the user to the resource.
* In the meantime the collaboration flows are broken.
* For integrating OpenProject with other Applications, like Nextcloud, we need the same user to be present in all Applications so that a guest user can still gain the access rights on files in Nextcloud that were linked to work packages in OpenProject.
# Business Case
## Reach
_About how many users, customers or potential customers currently have this problem? (Low / Worst Case)_
* Only relevant for OpenProject that are connected to IDP (e.g. openDesk).
* Only relevant for organiations with security guideline for user management.
## Impact
_Among relevant customers or prospects, how much value do they get from a comprehensive solution to this problem? (Conservative case)._
* Easily adding users to a task makes it much easier to collaborate with those users.
## Confidence
_What are the top risk factors that could inhibit our ability to deliver this solution? Please consider how we can mitigate these risks._
* Strong dependiecies to the capabilities and product roadmaps of the IDP (e.g. UCS).
## Urgency and Priority
_What is the relative priority of this opportunity in your backlog? What tradeoffs must you make? Is there a hard deadline or could this wait?_
* Users will identify this problem on the first time when experimenting with OpenProject. However it would drive adoption and acceptation if organiations can easily add users to their resources in OpenProject.
## Solution
_How do we solve the user’s problem. What is our “pain killer”? What must we achieve in the first version of the solution in order to achieve value for the user?_
**Option "Webhook"**
* A user is created in OpenProject.
* The IDP is notfied using a webhook.
* The IDP creates the user and maps it with the OpenProject user.
* The IDP informs the user to setup the account (password, 2FA)
* There is only one email sent to the user.
* In the OpenProject frontend the status is visible.
* In the OpenProject the relevant people can be informed.
* Resend invitation
* Request approval
**Option "SCIM"**
* OpenProject and the IDP (e.g. Keycloak) both act as SCIM API provider and SCIM client.
* Users are always centrally created in the IDP. Then the IDP acts as SCIM client and creates the
* In case that a guest user is needed in OpenProject, OpenProject can act as a SCIM client and ask the IDP if that user already exists as a normal user or guest user.
* If the user does not exists OpenProject can POST a new Guest User via the IDPs SCIM API. That user has an attribute/flag that marks the user as a "Guest user".
* Then the IDP can propagate that guest user to all relevant systems, e.g. Nextcloud until it is present in all systems.
* Once the guest user is created in OpenProject, that user can be used as a guest user.
## Out of Scope for the MVC
_What should NOT be in the minimal viable change, and can be considered for future iterations? Why? Please order them by importance._
* Automatically create users in connected software applications (e.g. Nextcloud)
## Messaging
_If you were to write a press release, how would you describe the value to customers?_
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Headline</p></th><td class="op-uc-table--cell"><p class="op-uc-p">Get anyone on board: Seamless integration of guest accounts across multiple applications</p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">First Paragraph</p></th><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Customer Quote</p></th><td class="op-uc-table--cell"><p class="op-uc-p">"Before this you either communicated with people of your organisation or you had to fall back to e-mail. Now, I can continue using our dedicated work management tool "OpenProject" and keep track on all tasks. Anybody of our external providers, clients, partners can be included. And we still can control the access centrally. A dream from a GDPR perspective. Nice!"</p></td></tr></tbody></table></figure>
## Go to market
_How are you planning on getting this into users' hands?_