CTG was tasked with developing a mobile application for a large government agency. The challenge was to create a secure and user-friendly mobile identity provider solution that complied with the National Institute of Standards and Technology (NIST) standards for authentication and authorization. The solution needed to provide a high level of confidence in the user's identity and ensure a smooth and intuitive user experience.
Security & Identity, Human-Centered Design, UX, & Design, Mobile Apps, Software Development
TypeScript, React Native, Java, Spring Boot, Keycloak, HTML, CSS, and TypeScript. Elastic Kubernetes Service (EKS), Relational Database Service (RDS), CloudWatch, CodeBuild
To address the challenge, CTG's team adopted a human-centered design approach. We conducted discovery sessions to understand the problem and collaborated with the government agency to align our solution with the needs of real users. Our team identified different user personas and analyzed their behaviors, motivations, pain points, and goals. This understanding guided the design and development of the solution.
Our solution leveraged the OpenID Connect (OIDC) authentication protocol and provided a secure Identity Provider (IdP) that operated at the NIST Authenticator Assurance Level (AAL) 2. The IdP allowed users to create and log in to their accounts and access a secure mobile application relying party (RP). The user interface (UI) of both applications was designed to be clean and intuitive, ensuring a user-friendly experience.
We utilized a human-centered design approach to meet the needs of real users and provide an intuitive user experience.
Achieved high code coverage for different components, exceeding the government agency's target and enhancement goals.
Ensured inbuilt quality through usability tests, functional manual tests, automated front-end scripts, and various types of testing activities.