Product authentication survey

# Product authentication survey NOTE: This is a full list of question we had brainstormed. We sent out a [more focused list of questions](https://forms.office.com/pages/responsepage.aspx?id=PCsO473TL0i84iM4oQ4dpAX20ciU459Kr6yz_3dlkmFUQzBEUUg1TFBUSlRNMFk1NURaR0pNOTAyQS4u). See the results [here](https://forms.office.com/Pages/DesignPageV2.aspx?origin=NeoPortalPage&subpage=design&id=PCsO473TL0i84iM4oQ4dpAX20ciU459Kr6yz_3dlkmFUQzBEUUg1TFBUSlRNMFk1NURaR0pNOTAyQS4u&analysis=true). ## Product Activation - How does product activation work? - Is the person activating the product always an end-user? - What is the license entitlement model (users, machines, terabytes etc.)? - If you know, how often product users use air-gapped activation? - Does the product have an unattented install option (e.g. in a build pipeline)? ## End-user Authentication - Does the product care about user identity beyond license activation? - What are authentication methods for end-users used by the product (if any)? - What are the app/services that require authentication? What tech stack do they use? - What are authentication clients and their authentication flows for initial authentication? - Do we expect customer to use the same authentication methods with other apps and services? - Is every part of the product covered by the same authentication methods? - Does product configuration and user management affect authentication? If yes, how? - Anything else we should know? ## Authorization - Does the product use an authorization system? - What is the base authorization terminology (e.g. roles, permissions, resources)? - How does authorization relate to authentication? Does the product support anonymous access, groups etc.? - Examples of a couple authorization scenarions - How is authorization configuration managed? ## User profiles - Does the product store additional information about users? - Does the product import addititional information about users from other systems? ## User managements - Anything important about user management that hasn't been covered yet? ```mermaid graph TD subgraph Customer Directory[[Directory]] UserGroup1[User Group] UserGroup2[User Group] Directory --> |includes| UserGroup1 Directory --> |includes| UserGroup2 UserGroup1 --> |includes| User end subgraph Redgate Org[[Organization]] Team1[Team] User1[User] UserGroupRef[UserGroup] Org-->|manages| Team1 Team1 -->|includes| User1 Team1 -->|includes| UserGroupRef User1 -.->|references| User UserGroupRef -.->|references| UserGroup2 end ```