Summary
Request a simplified, authentication flow that reduces repeated re‑logins, removes redundant per‑connector prompts where possible, and clearly separates background service‑account indexing from per‑user consented actions—implemented with an SSO‑first design and admin‑controlled defaults. This will reduce friction, increase adoption, and lower support load.
Problem & Evidence
· Employees are seeing recurring login prompts and short‑lived sessions, creating daily friction and blocking work at times (cookie/session churn reported).
· For GitHub, users face a two‑step flow to index Wikis (connect GitHub, then grant separate Wiki permission), which limits adoption and creates confusion compared to code search behavior.
· With Salesforce, there is ongoing confusion about when Glean uses a background service account vs. when it prompts for individual user auth, leading to fear of misconfiguration and unnecessary prompts for end users.
· Today, users are asked to authenticate multiple data sources directly in Glean; while permission‑respecting is good, the cumulative friction across sources is high for non‑power users.
Desired Outcome
A streamlined, SSO‑centric authentication experience that:
- Minimizes prompts during first‑run and routine use.
- Uses background, admin‑provisioned service accounts for read‑only indexing by default.
- Only asks for per‑user OAuth when a feature truly needs user‑scoped privileges (e.g., “take action as me”).
- Extends sessions sensibly and renews them silently where enterprise IdP policy allows.
- Provides clear, in‑product explanations of which account and scopes are in use and why.
