Enterprise MFA Self-Service Platform: Web, Mobile, and QR Code Enrollment
Built three interconnected authentication platforms used by the entire enterprise workforce.
The Problem
Prudential employees experiencing MFA or VPN login issues required help-desk intervention to resolve authentication problems, creating bottlenecks and degrading employee productivity at scale.
The enrollment process for MFA tokens was manual, slow, and created unnecessary help-desk overhead. As the workforce became increasingly mobile, the web-only solutions created additional access gaps for employees on iOS and Android devices.
The Approach
Built and owned the RSA Self Service Portal end-to-end, a platform enabling employees to resolve their own MFA and access issues without help-desk escalation. Managed all deployment cycles, uptime, and reliability for this zero-downtime-tolerance authentication service.
Conceived and built the QR Code Portal, an internal platform allowing all enterprise help desks to generate and send QR codes for software token installation. Designed for zero-training adoption across all help desk teams.
Co-designed the RSA Self Service mobile application, extending the portal's capabilities to iOS and Android. Led UX design decisions to ensure the mobile app matched the zero-friction experience required for enterprise authentication workflows.
The Impact
- Over 300,000 QR code activations generated across an 8-year period
- Self-service tool used 18,000+ times in 6 languages during COVID-19 alone
- Eliminated help-desk-mediated token provisioning as the default workflow
- Extended self-service authentication to the full mobile workforce
- Adopted as the standard enrollment and self-service mechanism across all enterprise help desks
Related
A One-Day Security Baseline for a Solo Fleet
You cannot out-staff a security team when you are the whole team. But the failures that actually end a solo operation are a short, known list, and each has a cheap defense you set up once. Here is the catastrophic floor I stood up in an afternoon.
When CI Costs More Than It Saves
GitHub Actions' default minute allowance is priced for a team that types at human speed. At agent velocity the bill breaks before the engineering does. Here is how a forced workaround, a local CI mirror plus local deploys, became the better default.
The caskeycoding.com tech stack at a glance
A high-level tour of the technologies running this site: Next.js on CloudFront, Python Lambdas behind API Gateway, DynamoDB plus S3, Anthropic's API with a Bedrock fallback, and AWS CDK wiring it together.