The Sign In pattern describes how a user authenticates to an application. This is a common action for enterprise applications. Sign In information is usually presented in a form on a page or sometimes on a tablet it appears in a popup. This includes both required and optional elements to display as part of the sign in process.
- Required Elements: Elements that are needed to allow the user to sign in.
- Optional Elements: Elements that maybe used by some applications.
Appearance characteristics for this pattern.
- Branding: The Oracle logo and application name should appear on the page.
- Sign In Area: This is a form for components.
- User ID Textbox: A field to enter User ID or Email address. Hint text should be used in the field. An optional label maybe place top-aligned or left of the field.
- Password Textbox: A masked password/secret field for entering a password associated with the ID. An optional label maybe place top-aligned or left of the field. Masks hide the password.
- Sign In Button: A button labeled "Sign In" that initiates the sign in sequence and is place below the fields.
- Other Components: These are optional and described below.
- Placement: The Sign In Area fields are usually place closer to the top of the page, to be visible when the soft keyboard slides up.
- Required Indicator: The required indicator is not necessary for sign in area components.
- Instructions: The page may have instructional text (e.g., Enter Single Sign-On User ID & Password, Welcome to...).
- Registration: This is displayed as a "Sign Up" button or link on the page or header.
- Another Service: Used on public facing applications, where a user can sign in with an account from another service. A button is displayed for the service the user is signing for example Facebook, Twitter, etc... This is not common for enterprise applications unless there is a partnership in place with this other service.
- Domain: Used to enter domain, tenant, or server that the user is intending to sign in on. A Domain is a collection of users and roles that have specific privileges to use that domain. Each domain should have a unique name. This is displayed as either a text input field if the user needs to specifically enter the domain, or as a select one choice where they may select a domain.
- Remember Me: Used to remember the currently entered User ID and/or Password on subsequent visits. This is displayed as either a Checkbox or Switch (more common for iOS).
- User ID and Password Recovery: This allows the user to retrieve or reset their User ID and/or Password. Most commonly used on public facing applications. This is displayed as a link to another page where retrieval information is asked for.
- Error Messaging: Exception handling is required for an unsuccessful authentication attempt. Feedback to the user is either presented as an inline page level message.
- Demos: Some apps will provide demo access. The user does not need to Sign In, they can tap a Demo button or link.
- Legal & Policy: Required copyright, trademark notices and legal policies are placed at the foot of the page and usually linked away to.
- Biometric ID: Review the Biometric ID pattern.
Common behaviors for this pattern.
- Input Focus: When a Sign In page loads, the input focus is often on the User ID fields. This automatically displays the soft keyboard.
- Soft Keyboard: When an input text field receives focus, the Mobile OS will display an on device keyboard.
- Errors: Exception handing is used when authentication is unsuccessful. Error messaging is usually displayed inline, until the error state is corrected.
- Hint Text: Hint text inside a text input field, will be cleared, when the component receives focus.
- Remember Me: If this option is selected, on subsequent visits the Sign In page will be bypassed.
- Remain Signed In: Mobile applications often allow the user to stay signed in, until the user decides to sign out. This may not be recommended for enterprise applications, unless device based pin is used after a selected timeout.
- Sign Out: After the user Signs Out of an application, the Sign In page should be displayed. On sign out the "Remember Me" option should be turned off. It may be desirable in some cases to have an intervening page confirming that the user has signed out of the application. Another sign out scenario is a session or security time out.
Usage guidelines for this pattern.
- Care should be taken not to indicate what aspect (e.g., User ID, password) of the authentication failed. Only indicate, generally, that the authentication sequence failed.
- Ensure there is help on how to handle forgotten User ID's and passwords.