Author Archives: Peter Philips

5 Critical Areas for IT Adoption of Employee Recognition

Map on a table

Travel Trip Map Direction Exploration Planning Concept

You’ve decided that your company deserves a modern recognition program. You’ve received buy-in from your executive leadership. The last hurdle to pass is approval from IT.

Based on the seven key areas of enterprise SaaS cloud providers (http://cloudstrategies.biz/requirements-for-building-enterprise-saas-applications/), here are five areas specific to employee recognition and employee rewards software that every organization should cover to clear IT approval.

1. User Authentication for Employee Recognition Programs

How will your users log into the recognition program? Will you burden your IT team or help desk with support queries for misplaced passwords? Instead, use a recognition program that does not require or store usernames or passwords. Instead they delegate to the industry standard OAuth or Single-Sign-On protocols.

2. User Provisioning

How will users be added into the recognition program? Users should be preloaded into the system so as users activate their account they can see their colleagues. Manual entry is not scalable for large organizations and even spreadsheet imports can be tedious and error prone. A modern employee recognition program should be able to sync with your user directory in the cloud, such as with Yammer, Microsoft, or your HRIS software. SCIM is the industry standard protocol for user provisioning that is supported by Microsoft Azure, Facebook, and Slack.

3. Employee Recognition Notifications and Email Deliverability

Modern employee recognition programs should utilize several channels to notify and engage users of their recognitions. Often, email is a tricky channel due to spam and phishing filters. We recommend utilizing a program that supports desktop and mobile push notifications. As a last resort, email deliverability can be addressed by ensuring email is delivered by a fixed pool of IP addresses that can be whitelisted by IT.

4. Data Privacy and Security of the Employee Recognition and Rewards Data

Depending on your industry, the sensitivity of the data sent in your recognition program may vary. Make sure your recognition software has strict privacy rules and follows industry standards such as ISO27001, SOC2, or HIPAA compliance. Also look for 3rd party vulnerability testing.

5. Integrations

Recognition programs are their best when they are top of mind which means being close to where work is getting done. Integrations into existing software toolchains are critical non-only for the success of the recognition program, but for making life easier on IT.

Learn more about how Recognize addresses each of these areas here: https://recognizeapp.com/resources

Single Sign On with Iframes (eg Sharepoint)

user-experience

Single Sign On is a great tool for implementing seamless user experiences. In order to mix many third party tools together, the authentication puzzle quickly stacks up. Single Sign On via SAML to the rescue!

Implementing SSO via SAML is well documented on the internet, so I won’t go into it here. However, imagine a scenario where you want to implement SSO which integrates a third party application into your main app via an iframe. Iframes are notorious around the web yet are still used quite pervasively in places such as Sharepoint, and Outlook Web Apps.

The difficulty lies in the fact that Identity Providers do not permit their authentication screens to be embedded in iframe. And rightly so. Auth screens collect credentials and having an auth screen inside an iframe makes it real easy for a hacker to steal a user’s account information.

So, how do you work around this?

Popups. Yes, popups.

While working on this problem, I was extremely resistant to the idea of using popups as they also have a bad rap in the internet community because of how they are abused. However, after reading this article, I gave in to the fact that popups are a “necessary evil”.

Remember that the end goal here is to provide a seamless experience as much as possible. The central idea is that once a SAML flow is initiated in an iframe, a page is rendered that does the following:

1. Renders javascript to open a new window and send the user through the actual SSO/SAML flow.
2. Renders a page in the iframe that instructs the user that the popup may be squashed by the browser and to allow it, or to click a link that manually opens a new window to go through the SSO/SAML flow.
3. The page that is rendered in the iframe also continues to check(via js) whether or not a logged in session has been established. Once the user is logged in, the iframe page can be reloaded showing the logged in user content.

When a browser squashes a popup, it usually gives an indication it did so and provides an option to open it. However, this is not always obvious. This is why we give an explicit link to open SSO flow window.

This approach took about a half day to architect, and about a week of hair pulling trying to get SSO to work without popups. I recommend going the popup approach. In fact, it is probably the only way to get this to work.

Testing tips with Capybara on Rails

Downtime, layoffs, security breaches, and bugs are among the worst things that technology teams have to deal with. Surprisingly, bugs are the most manageable. To help make bugs more trivial, here are a few application testing techinques when working with Rails.

Any time you deploy new code, you need to have confidence the new code works as advertised and that old code hasn’t broken down. There’s no way to have 100% confidence, but having good code coverage is a start.

Rails provides many ways to test, but in my opinion the two most important ways are unit tests and integration tests. Unit tests examine your low-level model code, and makes sure core functionality doesn’t break. In any modern web app worth its salt, you will need full-stack integration tests. How do you know that an Ajax action actually replaced the element you thought it would?  Functional controller testing is decoupled, but assumes form parameters are sent through in a certain way, but what if there is a bug in your html? You need to be able to reproduce user behavior exactly as a user behaves, with no assumptions. This couples things, but that’s ok. Better to be coupled and catch a bug, than not catch it all.

We use capybara and capybara-webkit for headless browser testing. I have a love/hate relationship with capybara. On one hand it provides the best full stack testing interface for a Rails app I’ve ever seen and has saved me countless hours of debugging.  On the other hand, I”ve hit so many weird synchronization issues (due to the asynchronous nature of ajax) with capybara and capybara-webkit and spent countless hours pulling my hair out.  See this discussion on Capybara’s google group (https://groups.google.com/d/topic/ruby-capybara/sjgRGiNcL7g/discussion) and this one on capybara-webkit’s (https://groups.google.com/d/topic/capybara-webkit/i51R5I4sMCI/discussion)

They are not without faults, but the gains are so worth it when you see your test suite go green prior to a deployment.  Also, most of Capybara’s synchronization’s issues have been solved in their latest version, I think > 2.0.  Shout out to Jonas Niklas for his great work on this project.

I do have a small bone to pick though. Prior to v2 of Capybara, it had this nifty helper method called #wait_until which I used heavily to wait until an element appears.  In v2 this was removed, see: http://www.elabs.se/blog/53-why-wait_until-was-removed-from-capybara.  Jonas says that there shouldn’t be any synchronization issues any more and that if there are its really just a matter of how you are testing.  Hmm… test suites should get out of your way, no? Not tell you how to write your tests?  I don’t know, perhaps he’s right, but I didn’t look kindly on rewriting our massive test suite.  Luckily, Jonas is so awesome he provided this workaround that plugged and played right into our suite: https://gist.github.com/jnicklas/d8da686061f0a59ffdf7

def wait_until
  require “timeout”
  Timeout.timeout(Capybara.default_wait_time) do
    sleep(0.1) until value = yield
    value
  end
end
Awesome.  Also, here’s a nifty capybara pattern I just came up with and posted on my personal blog, http://p373.net/2013/02/22/capybara-custom-matcher-alternative/
If you want to add functionality to a Capybara::Session, or “page”, where you need to check multiple things, and want to do it in a DRY and reusable fashion, check this snippet:

#Let's say you want to check super awesomeness on the page
#which involves checking multiple things, like the current path,
#the page has some content, and a particular css selector is present
#Like so:
page.should be_super_awesome

#in spec_helper.rb
Capybara::Session.send(:include, SuperAwesomeHelper::Session)

#The the implementation:
module SuperAwesomeHelper
  module Session
    def super_awesome?
      errors = false
      errors ||= "Wrong path" unless current_path == super_awesome_path
      errors ||= "Missing content: You are awesome" unless !errors and has_content?("You are awesome")
      errors ||= "Missing selector: #awesome-div" unless !errors and has_selector?("#awesome-div")
      People.all.each{|p| errors ||= "missing person #{p.name}" unless !errors and has_selector?(".person-#{p.name}")}
      !errors or raise Capybara::ExpectationNotMet, errors
      return true
    end
  end
end

Check the p373 blog post for all the gritty details.