🎒 the background.
During my tenure at Clarity, I am working within the platform team for the Department of Veterans Affairs to help build VA.gov. I serve as a Frontend Engineer on the Identity team, which is an amalgam of Authentication, Authorization, and Identity Access Management (IAM). We act as gatekeepers for what a user is and what they can access every time they sign in at VA.gov. Because our team is so unique we work on a variety of challenges to build different services, applications, and internal tools for other platform teams and VA.gov users alike.
It is hard to encapsulate all of the tasks and tooling I have worked on during my time with the VA but here an outline of things I worked with my team on.
⚙️ the problems.
- Have to search in Github for mock users within a huge Markdown file
- Outdated user information including services and passwords
- No definitive way to see if the account is being used
- No way to view accounts without being on VA.gov’s network
- Dependent on 2nd-party teams for SAML integration
- User sign in flow takes too long (27 redirects)
- The sign in modal user flow causes cognitive overload
- No integration with VA’s flagship mobile application
- Secondary partners like eBenefits and My HealtheVet have different sign in flows
✅ the results.
Creation of a dashboard to manage mock user credentials colloquially known as the Test User Dashboard
- Creation of automated tasks that transform Markdown to SQL (Postgres)
- Creates the ability to sort, filter, and search for test users credentials across environments domain
- Setup authentication using OAuth and Github repo groups for access management without requiring them to be on the VA.gov internal network
Creation of an in-house Sign in Service authentication microservices framework
- Integration of OAuth 2.0 with PKCE on VA.gov with access and refresh tokens
- Implement secure session management with active refreshes
- No impact to original SAML’s Single Sign-On capability
Improve VA.gov for every user
- Increase speed of user flow by decreasing redirects from 27 down to 7 using OAuth
- Decrease cognitive overload by applying user research data in the redesign of sign in applications (modal and page)
- Creation of a flexible, configuration-based authentication for secondary partners that allows the usage of SAML or OAuth