How can I safely help people at organizations I trust, such as clients or business partners, to create user accounts in my system, if I don’t know who the person will be?
At Neoteric Design, we build web sites and web applications that integrate content management, digital publishing, customer support, and operations workflow. We’ve solved similar problems often enough that we’ve formalized solutions into reusable components of our software framework. This fall, Nick will be writing about them in a series of Design Patterns articles.
A host organization with a complex software system often has many relationships with partner organizations—they may be content partners, contributors, clients, or collaborators. These partner organizations have workflow needs: perhaps to contribute content, to edit or manage workflow, or to upload and manage documents, files, or image assets. Each partner organization needs an individual user account to do this work.
While the host organization has a contact at the partner organization, it isn’t always known ahead of time precisely which person will be doing the work. The host doesn’t know for whom to create the account.
Avoid the telephone game: although the host organization could contact the partner organization and ask ‘who will manage this?’, the answer may not be immediately available—the work may need to be discussed internally and assigned. Asking each partner doesn’t scale well if there are 20, 50, or hundreds of partner organizations. There can be a lot of back and forth to establish the role and responsibilities.
Uphold common sense security design patterns: avoid sending private emails, usernames, or passwords over email or insecure communication networks. While we acknowledge that the people at partner organizations are trusted, limit the risk of damage in the case of a security breach.
Support the partner organization’s decision making: ideally, the host organization can send a single communication that highlights the role and responsibilities, content needs, and ideal attributes for the person assigned to the role. This note might be forwarded within the organization until that person is identified.
Develop a trusted user account self-registration workflow. Create a non-expiring, non-unique, hidden URL. The URL’s parent path and all its children should be set to noindex, to avoid publicizing the path to search engines.
The self-registration page URL can be included in an email to all partner organizations, with explanatory text as needed. Each organization can forward the email to the correct person, who then goes through the process of registration. Since the user is trusted, we can ask that she identify herself via an email address, as well as correctly associate to the right organization, perhaps by selecting from a list of partners.
Although these users are trusted, this design pattern uses URL obscurity, which must be supplemented by assessing risk. If an unfriendly actor created an account, what damage could be done? All partner workflows should be carefully audited to ensure a trusted publisher role reviews them, for example.