Organization user signup

[juanignaciosl]

There must be a new organization landing page for login and signup. It'll be accessible under organizationname.cartodb.com/login (+ /signup) and server/o/organizationname/login (+ signup). This second url is not urgent, if it's a problem we can postpone it.

Login works as usual, but it's only valid for that organization users.

Signup changes:

• For users signing up with Google login button at organization page, signup as usual will add them to the org. No email validation is needed, user will be able to log in after signup.
• For users signing up with a known organization email domain...
  • If they are signing up in the organization page, email validation is needed and they're added to the organization. User won't be able to log in until he validates email.
  • If they are not signing up in the organization page, email validation is not needed, but they are not added to the organization.

In both cases...

• If email is already taken, throws an error. User should delete his account in order to join organization.
• If they try to sign up with Google but username (which uses to be automatically assigned) is already taken, fallback to signup page with readonly email field. Username and password fields can be edited.
• If email is not validated, throws an error.
• An explanation about data privacy and administrator management should be provided

Design details in CartoDB/cartodb-central#646

Task break down:

• Accessible organization.cartodb.com/signup.
• Normal user signup with an async job.
• Google signup (async job as well).
• User creation ready polling endpoint.
• Existing mail error.
• Existing username error (Google signup).
• Enable/disable signup page.
• Email domain whitelisting.
• Validation email.
• Login attempt without validation.
• Custom message if login fails because of missing email validation, including "resend email".
• OS support (without Central).
• Signup screen.
• Waiting screen.
• Login screen.
• Add whitelisted domains and default quota fields to organization page.
• Replace enabled signup page column.
• Google signup auto login after completion. Moved to Google signup auto login after completion #4180.

Note: no industry form required.

[saleiva]

Done at https://github.com/CartoDB/cartodb-central/issues/646 cc/ @xavijam

[juanignaciosl]

Proposal:

• For users signing up with Google login button at organization page, signup as usual.
• For users signing up with a known organization email domain...
  • If they are signing up in the organization page, email validation is needed and they're added to the organization.
  • If they are not signing up in the organization page, email validation is not needed and they are not added to the organization.
• In both cases...
  • If email is already taken, throw an error. User should delete his account in order to join organization.
  • If they try to sign up with Google but username (which uses to be automatically assigned) is already taken, fallback to signup page with readonly email field, and username and passwords fields.

@saleiva could you review this?

[xavijam]

But maybe organization owner doesn't want that user in the organization, so we maybe need a confirm or validation state. What do you think?

[saleiva]

Admin can always delete an user so I'd not worry now with the moderation of the signups.
@juanignaciosl about your proposal:

1. Yep. They signup as part of the org.
   2.1. Yep.
   2.2. Yep
   3.1 Yep.
   3.2 how are they gonna change the username if it's already taken then?

[juanignaciosl]

3.3 The username field should not be readonly, just like password fields. Only the email must remain the same.

[saleiva]

then all ok :)

[juanignaciosl]

Ok, @saleiva, I've updated the description according to the final flow. cc @xavijam

[juanignaciosl]

@saleiva, @andrewxhill, just as a reminder, since there's no whitlisting of emails, any user with an organization email will be automatically added to it after signup.

[andrewxhill]

Well, we might want to give them a warning in the signup steps though.
Since being a part of an Org might change data privacy etc.

On Fri, Jun 12, 2015 at 7:36 AM, Juan Ignacio Sánchez Lara <
notifications@github.com> wrote:

@saleiva https://github.com/saleiva, @andrewxhill
https://github.com/andrewxhill, just as a reminder, since there's no
whitlisting of emails, any user with an organization email will be
automatically added to it after signup.

—
Reply to this email directly or view it on GitHub
#3902 (comment).

andrewxhill http://twitter.com/andrewxhill
http://cartodb.com

[cholmes]

As an org admin who is literally right now hand adding a bunch of users I definitely welcome these improvements.

I agree with @andrewxhill that I'd want at least a notification of a new user signing up, so I at least know to go back and delete them.

Would be better if they went in to a queue I could approve. But if I could also 'invite' users and they are pre-approved to go through without approval if they are on that list. (though much better to get these improvements out soon and then improve that later)

Also, is there a workflow where as an admin I can just add existing cartodb user accounts to my organization? This seems relevant for 2.2 - if a user in my org signed up and later I want to add them. It sucks to make them delete their account if they have a bunch of nice maps and data already loaded.

[juanignaciosl]

@andrewxhill: right, I've added the need for privacy and administrator management warning to this issue.

@cholmes good points:

• I've created a new issue for "Notify org owner when a new user is created Notify org owner when a new user is created #4045", it's really convenient.
• We've already talked to @saleiva about "whitelisting" or "inviting" users, but the problem with that approach is that it increases owner workload and that's something we want to avoid for the moment. I've written it down at "Org users approval queue + whitelisting Org users approval queue + whitelisting #4046" for further discussion, since it's something that will certainly come back sooner or later.
• No, right now you can't move existing CartoDB users accounts into an organization. It's problematic: org owner becomes account manager, so he somehow becomes owner and responsible for that user data, that's why we prefer that delegation to be explicit. Also, quota handling can be tricky. Since a user can change its email in his current user if he needs that email account for organization joining it's not a problem right now.