CASE STUDY: Loblaws Single Sign On Discovery Work

r

With over 400,000 customer login abandonments per month across Loblaw’s retail sites, PCid™’s mission was to provide authentication and account management as a platform service for 14 Million+ accounts and end customers.

Built with Oracle’s Identity Management System and servicing 18+ business integrations, Single sign on allows the user to log in once and access all products and services without having to re-enter authentication factors, such as passwords and 2FA again, allowing them to navigate across Loblaw’s sites with a recognized and more personalized experience.

As a design strategist, my role was to continue the work started by Deloitte in 2019, to define and gain alignment at the enterprise level for a persistent digital customer retail experience.

Utilizing design thinking the SSO discovery and road map project was structured as a series of evaluative and generative workshops with PCId™ and the various lines of business, that began with defining and aligning on the business and customer problem space, customer journeys, feature prioritization, use case and user flow generation that culminated with interactive prototypes for user testing and concept validation.

r

PROJECT ROLE

Design strategy, mixed research, design thinking, workshop planning and facilitation, concept development, user testing and road map definition.

r

STRATEGY AND DESIGN DELIVERABLES

r

▸ Design workshop 1: Problem space definition and alignment
▸ Design workshop 2: Customer journey and SSO concept creation
▸ Feature prioritization
▸ Define use cases and user flows
▸ Create and validate concepts
▸ Co-author executive summary and road map


r

PROJECT TEAM

PCid™ Product owner, product management, design strategist, product design, front end and back end development

r

PROJECT MANAGEMENT METHODOLGY

● Agiler
r
r

00 EXPLORE: Understand the Project

R

The primary on this project was PCid™ reporting directly to VP of product at Loblaws.

r

0A. DEFINED DECISION MAKERS

● VP of Product
● Line of Business owners: PC Optimum, PC, Joe Fresh and Shoppers Drugmart.
● PCid™ product owner

r

0B. STAGE GATES

1. Define and align the business and customer challenges and opportunities
2. Imagine: Model the SSO experience
3. Imagine: Model and validate the SSO MVP
4. Create executive summary and roadmap for SSO deployment

r

0C. BUSINESS STRATEGY AND SUCCESS METRICS

r

The success metrics for this project were directly tied to reducing current login abandonment and creating a seamless digital retail experience for current and new online shoppers.

● Define and gain alignment on a validated single sign on experience at the enterprise level.
● Implement the Oracle identity management system at the enterprise level.
● Do a phased release of authentication and account management as a platform service for 14 Million+ accounts and end customers.

 

01 EXPLORE: Understand the Business and the Customer

r

Mixed research to gain a greater understanding of the business and customer challenges and opportunities.

R

1A. BUSINESS AND CUSTOMER RESEARCH

My first task was to conduct mixed research to gain a deeper understanding of the frictions that the lines of business and online customers were currently experiencing.

● Conduct interviews with the impacted BU’s and their technical teams.
● Conduct interviews with the data analytics team.
● Review of voice of customer feedback on Medalia and Inmoment,
● Review findings with PCid™ leadership.

The next step was planning and facilitating the first design thinking workshop with a focus on knowledge share, as well as  definition and alignment around the core lines of business and customer values, challenges and opportunities.

r

1B. FORMAT

Half day design workshop, held with 25 participants from the various lines of business at Loblaws that would be involved with and impacted by the Single Sign On experience.

● PC Express
● Joe Fresh
● Shoppers Drugment SDM and DRx
● PCid™

r

1C. PROBLEM SPACE DEFINITION

How might we provide customers a persistent digital session across all of Loblaw’s properties?

“Our customers have to login again and again to each of our businesses, even though they are all part of the same family.”

● Current login conversion: DRx: 88%, SDM Frontshop: 86% , PCO web: 71%, RCSS: 78%, Loblaws: 77%, Wholesale Club, SDM Photo, RC Liquor: 65%
● Customers are not aware of all the places that they can use their account, such as e-commerce, loyalty and health. Customer logins: PCO 4.4M, PCX 2.1M, SDM 2M, JF 240K, PC Health 113K, DM Photo 36K, PC Chef:16K, RC Liquor 2K.
● Frustrating experience when we send a customer from one property to another property, such as PCO to Joe Fresh and they aren’t recognized along the journey. Customers expect that we know who they are as they use several of our services.

1D. BUSINESS & CUSTOMER VALUES

What are the business and customer values?

● Personalization: Improved customer experience with a single shopping profile.
● Seamless: The ability to switch between different brands without having to login again.
● Cross Platform: Reduce friction between Web and Mobile App.
● Discovery: Easier to discover, transact and interact with any of the services and offerings from Loblaw.
● Security: Peace of Mind
● Conversion: Reduce friction for new customers for new services and offerings when they have an existing PCid™. 

r

1E. BUSINESS & CUSTOMER CHALLENGES

Challenges, risks and concerns that SSO may present to the business and customer?

● Multiple Accounts: Multi user households may have account confusion – which account is this on this site/banner?
● Privacy: Different privacy rules for different business, specifically pharmacy, financial and health.
● Internal competition: Cross-site discovery can also lead to leakage and internal competition, ie winners and losers.
● SeamlessEach service can have different requirements for authentication.
● Fraud: Higher risk of account takeovers or fraud?
Session Management: How will the cookie-less future affect the persistent login state.        

r

1F. BUSINESS & CUSTOMER OPPORTUNITIES

The final exercise of the workshop was determining the key opportunity areas for an enterprise SSO experience.

● Personalization: More relevant and customized shopping experience for customers.
● Discovery and conversion: Make it easier for customers to convert across brands and build carts with products available at different banners.
● Loyalty: Improve loyalty experience through greater integration with PCid and PCO.
● Know me: 360 customer data. Greater insights into consumer behaviors and shopping habits.
● Loyalty: Improve loyalty experience through greater integration with PCid and PCO.
● Cross Platform: Allow customers to move seamlessly between web and the mobile app.

r

1G. NEXT STEPS

The next step and workshop was focused on mapping the mixed research insights to the Loblaws personas, co-creating customer journeys and SSO enterprise concepts.

1. Collate insights to define strategy pillars: Customer and LOB problem space and opportunities.
2. Create Experience Strategy deck.
3. Schedule 2nd workshop to co-create SSO solutions.

R

 

02 IMAGINE: Model the Single Sign On Experience

r

Once we had established the business and customer, values, challenges and opportunities, we planned for our second workshop, focusing on defining and co-creating the customer journeys and SSO concepts.

r

2A. FORMAT

Half day design workshop, held with 25 participants from the various lines of business at Loblaws that would be involved with and impacted by the Single Sign On experience

● PC Express
● Joe Fresh
● Shoppers Drugment SDM and DRx
● PCid™

r

2B. LOBLAWS ENTERPRISE PERSONAS

Part of the pre work for this workshop included initial creation and validation with the core project team of the Loblaws enterprise persona’s that could be mapped to the customer journeys and SSO concepts.

● Shabnam: Brick and mortar shopper, with online PCid™ and PCO (Presidents Choice Optimum) account
● David & Marco: Online, PC power user. Weekly PC Express delivery. Have separate PCid™, PCO, Shoppers SDM and DRx accounts.
● Cindy: Brick and mortar shopper, with online PCid™ and PCO (Presidents Choice Optimum) account.
● Chantall & Jamal: Online PC Express shoppers with in person weekly pickup. Have separate PCid and Shoppers DRX accounts. Share PCO and PC Express accounts.

r

2C. CUSTOMER JOURNEYS

With assigned personas in hand, the team set out to define ideal state omni channel single sign on customer journeys.

● Team Blue scenario: Shabnam is planning her weekly shopping trip and goes online to check her PCO points. She see’s there that Joe Fresh is having a storewide sale on back to school clothing.
● Team Green scenario: David is on his laptop and logs into Loblaws.ca to order his weekly groceries online for pick-up. Later that week he opens the SDM app to order personal care items for delivery.
● Team Orange scenario: Cindy is putting together her shopping list and opens the PCO app on her phone to check her offers. She sees that SDM has an offer for beauty items. Her phone’s battery runs out so she opens her laptop to PCO.ca. She clicks on the SDM offer and visits SDM.ca for the first time.
● Team Red scenario: Jamal is shopping for the softball team game on the weekend. He logs into the PCX app on his iPhone to order supplies for pickup. A few hours later he logs into the SDM app to order additional items for pickup.

r

2D. PROTOTYPING

The teams next task was to incorporate the insights from the customer journeys, the security settings from Oracle identity management system and the experience pillars from workshop 1 to model the ideal omni-channel SSO experience for their assigned personas.

A. TEAM BLUE: Seamless desktop SSO experience 

● Scenario: Shabnam is planning her weekly shopping trip and goes online to check her PCO points and weekly offers. She sees that there is a Shopper Drug Mart offer on household items (e.g. toilet paper) which she needs to buy. The next day she navigates to SDM.ca for the first time.
● Security Profile: Medium (PCO) to Low (SDM, retail profile)

B. TEAM GREEN: Seamless iPad app to mobile app SSO experience 

● Scenario: Marco borrows David’s iPad to order some items for a friend’s BBQ on the weekend and to refill a prescription. He logs in and completes his order on the PCX app then logs into the SDM app to refill his prescription.
● Security Profile: Low (PCX app) to High (SDM DRx)

C. TEAM ORANGE: Seamless mobile app to mobile app SSO experience

● Scenario: Cindy is in store at Shoppers Drugmart and opens the PCO app on her iPhone to look at the SDM flyer. She sees an online-only SDM offer for bonus points and wants to purchase via the SDM app instead in order to get the points. She downloads the SDM app for the first time.
● Security Profile: Medium (PCO app) to Low (SDM app)

D. TEAM RED: Seamless desktop SSO experience 

● Scenario: Chantell is on the family laptop to order groceries for pickup. She visits Superstore.ca to shop and place her order. She then logs into SDM.ca, DRx to refill a prescription for her parents and for her husband Jamal.
● Security Profile: Low (SDM) to high (SDM DRx)
r

2E. FEATURE PRIORITIZATION

The final step was to translate the output from workshop 2 to a comprehensive feature list that the team then ranked and were then mapped to business and customer priorities.

A. PRIMARY Feature sets:

1. Primary Feature 1: Persistent session, retail experience.

● Element: Global header, maps to personalization and reducing friction.
● Tech stack: ORA_OCIS cookie (Proof of concept).

2. Primary Feature 2: Biometric login

● Element: Login, maps to personalization and reducing friction.
● Tech Stack: IDCS (Oracle) supports Face ID and touch.

3. Primary Feature 3: Multiple Accounts

● Element: Global, check box, PCid login. Maps to personalization and reducing friction.
● Tech Stack: Expand how accounts are linked

4. Primary Feature 4: Global navigation.

● Element: Global header, dropdown. Maps to reducing friction, discovery and conversion.
● Tech Stack: Quick links, reusable component, requires coordination with RP and LDS.

B. SECONDARY Feature sets:

1. Secondary Feature 1: Check Out functionality, maps to reducing friction, discovery and conversion.

Element: Check out, SMS or in App (Push or notification).
Tech Stack: Portable profile, requires shared APL, IDCS integration.

2. Secondary Feature 2: Account profile, name and or icon.

Element: Global header, maps to personalization and reducing friction.
Tech stack: TBD for icon based on if IDCS can store images.

3. Secondary Feature 3: Guest login, checkout.

Element: Check out as guest. Maps to reducing friction, discovery and conversion.
Tech stack: TBD, this would need to be separately implemented by LOBs.

r

2F. SSO EPICS

Workshop two marked a significant project milestone, with alignment on the optimal enterprise user flows and consumer retail experience, as well as prioritized feature sets.

The first step was incorporating the insights from workshop 2 to  define the types of scenarios and customer experiences across retail, loyalty and health (DRx) we would have to support for a customer experience that is effortless, friction free and seamless.

A. Authentication:  Define standardized, persistent PCX retail experience.

● User: Returning or logged in to
● User: Logged out
● Token duration: Retail, loyalty and DRx

B. Cross Channel: Login and out as a global behavior.

● Cross Channel: Web to native mobile app, native mobile app to web

R

2G. SSO SECURITY SETTINGS

The next step was defining the KMSI/ SSO token security settings and authentication requirements for a persistent experience across retail, loyalty and prescriptions (DRx).

A. Retail channels: PCX, Joe Fresh

● Basic session: Low security, ability to shop and purchase without logging in again.
● 6 month token

B. Loyalty channel: PCO

● Secure session: Medium security: Requires login.
● 2 hour token

C. DRX session channel: SDM DRx

● Secure session: High security, hippa compliant, requires login.
● 20 min token

R

2H. PRIORITIZED CROSS PLATFORM SSO USE CASES AND USER FLOWS

With the epics and security requirements defined, the next step was incorporating the insights from workshop 2, as well as the required security settings, to create use cases and user flows for validation from Oracle for the IDMS tech stack.

A. USE CASE 1: In session (KMSI/ SSO token) . As a user I want to avoid having to re-enter my password when I am trying to access multiple Loblaw sites on the web.

● Low to high: (PCX) basic to secure session (SDM DRx).
● High to low: Secure session (DRx no SSO cookie)to basic session (PCX, requires password).
● Hybrid: Basic session (PCX sign in, PCO basic to PCO secure
• App to App: Account verification

B. USE CASE 2: As a user when I log out of 1 account, I want to be logged out of all Loblaws sites on the web.

● Log in and out as a global behavior

C. USE CASE 3: As a user when I log into 1 account, I want to remain logged into my other Lowblaw apps.

● PCX, PCO and SDM/ DRx app.

D. USE CASE 4: As a user, who does not have an active session, when I navigate from Loblaws web to native mobile app I expect to login again.

● PCX, PCO and DRx web to PCX, PCO and DRx app.

r

2I. NEXT STEPS

The next step and workshop was reviewing the prioritized use cases, user flows and security requirements for SSO retail experience with the technical team and Oracle.  

1. Schedule workshops with Oracle to review and define the technical requirements and complexity for SSO IDMS.
2. Schedule workshops with the technical team to determine complexity and timelines: technical architects and developers.
3. Model the SSO concepts (Bronze and Gold) for user testing.
4. Create the user research guide and schedule user testing for current state and the bronze and gold concepts.

r

03 IMAGINE: Model and Validate the Single Sign On MVP

r

With a shared understanding of the ideal state use cases and validated user flows by technical team and Oracle, my next step was creating the SSO concepts, user research guides and scheduling the user tests for validation.

r

3.A CURRENT STATE TESTING 1 & 2

In order to validate assumptions, and to establish a base line I did two rounds of rigorous testing of the current retail, loyalty and DRx customer experience.

● 30 test candidates, existing Loblaws customers
● Unmoderated, task based user test
● Software: UX Playbook

A. Objectives: Determine

What challenges are customers currently experiencing when trying to login to multiple digital businesses?
How do customers navigate between loyalty, grocery, apparel and beauty and pharmacy?
How do customers feel about having to re-authenticate when they move from loyalty to retail sites?
How do customers know that when they create an account with Loblaws, that account allows them to access all of the retail, loyalty and health sites?

B. Test: Hypothesis

Users have challenges with understanding what PCid is.
 Users have challenges with navigating between retail, loyalty and health.
Users expect offers in PC Optimum are linked to products in retail.
Users expect a persistent session across Loblaws banners after logging in once.
Users expect offers to be clickable, ie link directly to  products in retail.

C. Results: Insights

● All the users expected to be signed in, ie have a persistent session when shopping/ browsing Loblaws banners after they have logged in once. Some users called out it would have deterred them from purchasing.
● Majority of users were confused about what PCid is.
● Callout for global navigation to navigate between banners.
● All the test subjects experienced confusion using search & finding products on Shoppers Drugmart. Some users experienced confusion and or frustration around how to redeem PCO offers.

D. Results: Themes

● Discovery: Customers had challenges navigating between banners.
● Know Me: All the customers expected a persistent session after logging in once.
● Friction & Conversion: Majority of users rated the overall user experience as average or below.
● Brand Awareness: Majority of customers had challenges with understanding what PCid is.

E. Summary: Current State Testing 1 + 2

Majority of users were confused about what PCid is.
All the users expected to be signed in, ie have a persistent session when shopping/ browsing Loblaws banners after they have logged in once.
Lack of a global navigation was particularly onerous for the users.

3B. BRONZE CONCEPT TEST

Once the baseline for customer needs, challenges and priorities had been established, the next step was creating a ‘bronze’ concept that addressed the lack of PCid™ awareness and streamlined login experience.

Bronze concept: Enhanced messaging and pre populated user credentials login screen
30 test candidates, existing Loblaws customers
Unmoderated, task based user test
Software: UX Playbook

A. Objective: Determine

What are the challenges or friction points that a customer faces when navigating our ecosystem with SSO via web experience?
What is the overall perception of a persistent session experience?
What user behaviour changes can be observed with a persistent login across sites?
For new users does SSO enhance their experience?

B. Test: Hypothesis

Users understand what PCid is.
Users have challenges navigating between retail, loyalty and health.
Users mind re-authenticating when navigating between Loblaws banners after logging in once.
Users expect that offers in PC Optimum are linked to products in retail.

C. Results: Insights

All users understood what PCid is.
Majority of users expected a seamless SSO experience, ie remain logged in when navigating between banners after having authenticated once.
Majority of users called out for a more seamless, friction less experience afforded by a global navigation or direct linking within PCO.
Majority of users rated the overall user experience (SSO and navigation) as average.
Majority of users experienced log in fatigue and expected to be logged into DRx.
Majority of users were confused and or annoyed with life style content on PCO offers page.
Majority of users expected that PCO offers linked directly to product/ banner.

D. Results: Themes

● Discovery: Customers had challenges navigating between banners.
● Know Me: Majority of customers expected to remain logged in when navigating between banners after having authenticated once.
● Friction & Conversion: Majority of users rated the overall user experience as average or below.
• Brand Awareness: Majority of customers understood what PCid is, ie one login for all brands.

ESummary: Bronze Concept Testing

Messaging was effective in communicating PCid™ Single Sign On experience.
Even with a pre-populated login, users still experienced login fatigue, resulting in an average customer experience.
Lack of a global navigation was particularly onerous for the users.

3C. GOLD CONCEPT TEST

The final concept addressed the lack of PCid™ messaging, and introduced a seamless login experience along with global navigation.

Gold concept: Enhanced messaging, seamless authentication and global navigation
25 test candidates, existing Loblaws customers
Unmoderated, task based user test
Software: UX Playbook

A. Objective: Determine

What are the challenges or friction points that a customer faces when navigating our ecosystem with SSO via web experience?
What is the overall perception of a persistent session experience?
What user behaviour changes can be observed with a persistent login across sites?
For new users does SSO enhance their experience?

B. Test: Hypothesis

Users understand what PCid is.
Users can easily navigate between retail, loyalty and health.
Users mind re-authenticating when moving between Loblaws banners after logging in.
Users expect that offers in PC Optimum are linked to products in retail.

C. Results: Insights

All the test candidates expected to be signed in, ie have a persistent session when shopping/ browsing Loblaws banners after they had logged in once.
All of the testers found it easy to navigate between banners because of the global navigation.
Majority of users knew what PCid is.
Majority of users thought the overall experience was very easy
Majority of users expected to be logged into Drx.
Majority of users found the global navigation effective means to claim offers.

D. Results: Themes

● Discovery: ALL of the customers found it easy to navigate between banners because of the global navigation.
● Know Me: ALL of the customers recognized and expected to be signed in, ie have a persistent session after they have logged in once.
● Friction & Conversion: Majority of customers thought the overall experience was very easy.
● Brand Awareness: ALL of the customers understood what PCid is, ie one login for all brands.

ESummary:  Gold Concept Testing

Messaging was effective in communicating PCid™ Single Sign On experience.
The seamless login experience, ie authenticate once, addressed the password fatigue current customers are experiencing.
The global navigation had a measurable impact on the overall customer experience by reducing friction and allowing for greater discoverability.

r

3D. NEXT STEPS

My next step, was to collate and present the research findings  to PCid™ leadership. Once the findings had been reviewed and recommendations approved, my next step was to co-author the executive summary and road map for SSO roll out.

1. Collate user research insights and map to experience strategy pillars.
2. Co-author the executive summary and roadmap

r

r

04 CREATE: SSO Executive Summary and Roadmap

r

The final step for the Single Sign On initiative was creating an executive summary for executive buy in and the road map for Single Sign On rollout

r

4A. SECURING EXECUTIVE BUY IN

Once I completed the concept validation stage, my final step for the SSO MVP project was co-authoring an executive summary and road map with PCid™ product leadership.

r

4B. EXECUTIVE SUMMARY

● Problem space definition.
● User research and concept validation insights.
● Reach alignment on the Loblaw enterprise solution set.
● Determine timeframes for BU roadmap capacity for SSO roll out.

r

4C. PROBLEM SPACE DEFINITION & USER RESEARCH INSIGHTS

In our research, users consistently expressed frustration with needing to log in several times across different Loblaw businesses, leading to a majority of participants providing scores of average or below in current state user testing. SSO is an opportunity to significantly improve users’ satisfaction when using Loblaw’s digital properties, and to ensure that authentication is a process that they love, and are not annoyed by. 10% of visits (400k a month) who attempt to log in across PCid™ and exit the site without successfully logging in.

Users also expressed confusion about what PCid™ is and what services are available with their accounts. Login conversion is 78% among users who have tried to create an account and are told they already have one, which we hypothesize occurs more often when visiting other BUs than their most commonly visited one. Since these users are unlikely to try creating an account again we can reasonably assume their abandonment is above 20%. SSO allows those users to be authenticated automatically, reducing abandonment among the subset of that 250k per month group to zero.

The difficulty with navigating between various Loblaw properties was another pain point for the research participants. Many commented that the sites needed to be better connected to make it easier to navigate. The numbers show this frustration carries through to users not exploring between Loblaws BUs. A recent PCO performance report showed that of the 5.9M PCO users across web, iOS, and Android over a 30 day period, only 14% visited PCX and 2.3% visited SDM.

r

4D. SSO ENTERPRISE SOLUTION SUMMARY: BRONZE MVP

A. Friction: Password fatigue from having to login repeatedly across all our sites results in 10% login abandonment.

● [Web & App] Customers are recognized and can authenticate without providing their username and password.

B. Awareness: Customers are not aware of what PCid™ is, and what sites it encompasses.

● [Web & App] Login page will contain clearer information about PCTMid on web & mobile.
● This will be handled outside the scope of SSO experience as well with different experiments being run during account creation and on the login screen

C. Discovery: Customers are not aware of all our products and services that they can shop at today, and have a hard time finding them

● No solution explored

r

4E. SSO ENTERPRISE SOLUTION SUMMARY: GOLD MVP

A. Friction: Password fatigue from having to login repeatedly across all our sites results in 10% login abandonment

● [Web] Customers only have to login once for a persistent, personalized session across all non-secure sites for the web.
● [App] Customers are recognized and can authenticate without providing their username and password

B. Awareness: Customers are not aware of what PCid™ is, and what sites it encompasses.

● [Web & App] Login page will contain clearer information about PCTMid on web & mobile.
● This will be handled outside the scope of SSO experience as well with different experiments being run during account creation and on the login screen

C. Discovery: Customers are not aware of all our products and services that they can shop at today, and have a hard time finding them

● [Web] One possible solution is to explore a global navigation where customers can easily access PCO, PCX, SDM and JF so they have an anchor as to what family sites they are currently logged into via SSO and also a means to discover them
● [App] No solution explored

r

4F. SSO PRODUCT DEVELOPMENT ROADMAP: BRONZE MVP

A. Expected Outcome:

● Users will be able to access their accounts across all Loblaw sites without having to input username and password multiple times.

B. Goal:

● Decrease login abandonment by X%. 0 abandonment on confirm login page.

C. Timing:

● Now – Q4-Q1: Validate API spec with Oracle. Development work on Bronze for PCid™
● Next – Q2 – Q3: Launch Bronze and mobile SSO and integrate with # of BUs.

r

4F. SSO PRODUCT DEVELOPMENT ROADMAP: GOLD MVP

A. Expected Outcome:

● Users are automatically logged in on all Loblaw web sites after authenticating once and have a personalized session experience.
● Users will see a unified experience to show they’re logged in to PCTMid, and able to navigate to other Loblaw web sites.

B. Goal:

● Decrease login abandonment by Y% & Increase PCO visitors to other products by Z%.

C. Timing:

● Now – Q4-Q1: Development work on persistent session and global navigation.
● Next – Q2 – Q3: Launch Bronze and mobile SSO and integrate with # of BUs.
● Later 2022: Launch across Loblaw.