The Hypercare team has been hard at work on a major overhaul of how user accounts and organizational memberships are managed within our system. We’re excited to announce that these foundational changes are now ready for release.
This update brings several important advantages, including:
- Granular control over user profiles
- Enhanced security and data isolation
- Improved performance
- A significantly simplified user experience
These improvements required substantial changes to our database schema and API design. This article outlines the core design updates and highlights key API changes introduced as part of this release.
What’s Changing?
One Account = One Organization
Each user account will now belong to a single organization. Previously, users could belong to multiple organizations under one account. It enables cleaner access control, more consistent audit logs, and improved account security. User settings, such as availability status and contact info, will now be account-specific.
More Control Over How Users Log In
Organizations can now decide how users log in, either:
- With a password
- Using a one-time code sent to email (OTP)
- Through Single Sign-On (SSO)
Admins can set login rules for the entire organization or tailor them for individual users. This offers greater flexibility and helps organizations enforce stronger security policies.
Improved Authentication & Login Experience
We’ve redesigned the login process to make it more intuitive and secure:
- Usernames will no longer be supported. All users must log in using their email address, simplifying account recovery and aligning with industry best practices.
- By default, users can authenticate via one-time code (OTP) or Single Sign-On (SSO) to save and enter all accounts associated with their email. If users want to log into one specific account, they can also manually authenticate via OTP, SSO, or password.
- Once logged in, users can switch between accounts and manage them from a central page
Enhanced Invitation Process
We’ve made the invitation process easier for onboarding:
- Once an invite is sent, a shell account will be created immediately, such that admins can start assigning shifts to the users without waiting for invite acceptance
- Invites are now sent via email only
To be noted
- Removed accounts before the deployment will not be kept for the new environment. Those users can be re-invited if needed.
- Pending invites will be deleted, except for those created within 15 days prior to deployment—these will be converted into shell accounts in line with the new invite process.
Next Steps
- Ensure that all users should have an email address in their profile, otherwise they will not be able to login after the deployment.
- Prepare for a Code Grey procedure during deployment, with up to 4 hours of service downtime across all Hypercare platforms.
- An announcement banner will be shown on web and mobile 2 weeks in advance, and a full-page maintenance announcement will be shown on web and mobile during downtime
- We can enable a temporary public on-call dashboard displaying your on-call schedules and contact methods. This access will be disabled two weeks post-deployment. Please contact your CSM if you would like this enabled for your organization.
- A mandatory mobile app update will be released approximately two weeks before deployment. Please ensure users and MDM / MAM devices are prepared to update.
- Educate users of the new login flows.
Post-deployment
- After the deployment, users will be logged out from web but remain logged in on mobile. There are rare cases where users might be logged out from mobile. Please request users to open the app as soon as possible once the service is resumed to avoid missing message notifications.