Skip to content

US-101: Self-Service Signup & Tenant Creation

1. Story Title

Self-service signup creates initial tenant

2. Context / Background

Foundational onboarding flow enabling first-time user (Sarah) to register and immediately obtain a tenant workspace.

3. User Persona

Primary: Sarah – Small Business Owner Secondary: Priya – HR Manager (later invited)

4. Problem Statement

Prospects cannot currently create a workspace without manual provisioning, blocking fast time-to-value.

5. Desired Outcome

User completes signup and lands in a tenant dashboard with starter configuration (<2 minutes total).

6. Business Value

Drives acquisition and activation; reduces manual ops load.

7. Scope (In / Out)

In: email + password signup, tenant record creation, welcome screen. Out: OAuth SSO (deferred to US-106), billing plan selection upsell page.

8. Acceptance Criteria (BDD)

Scenario: Successful signup creates tenant
  Given a visitor on the signup page
  When they submit valid email and password
  Then a new user account is created
  And a new tenant workspace is provisioned
  And the user is redirected to the tenant dashboard

Scenario: Duplicate email rejected
  Given an existing user account with email alice@example.com
  When a signup is attempted with alice@example.com
  Then the system shows an email already used error
  And no new tenant is created

Scenario: Password policy enforced
  Given password policy requires minimum 10 characters
  When user submits a password with 8 characters
  Then validation error is displayed

Scenario: Tenant isolation baseline
  Given a newly created tenant
  When user requests list of employees
  Then response is empty (no cross-tenant leakage)

9. UX Notes / References

Simple 2-field form; success leads to short guided checklist (out-of-scope visual, placeholder).

10. Data / Domain Model Impact

Entities: User, Tenant (new). Relationship user->tenantOwner.

11. NFR Touchpoints

  • Security: hash passwords (Argon2/Bcrypt), email verification deferred.
  • Performance: Provisioning < 2s p95.
  • Observability: emit ActivationStarted/ActivationCompleted events.

12. Dependencies

Core architecture baseline (EP-CORE-ARCH).

13. Risks & Mitigations

Risk Impact Probability Mitigation
Tenant provisioning race conditions Data corruption Low Single transaction + unique constraints
Weak password defaults Security breach Medium Policy + library validation

14. Estimation Support

  1. Endpoint + validation
  2. Tenant create service
  3. Dashboard redirect
  4. Events instrumentation

15. Analytics / Success Metrics

Signup conversion rate; time from form submit to dashboard (<5s perceived).

16. Rollout / Release Strategy

Soft launch behind feature flag to internal test group, then public exposure.

17. Definition of Ready Checklist

  • Acceptance criteria finalized
  • Data model approved
  • Risk assessment reviewed
  • Performance budget agreed

18. Definition of Done Checklist

  • All scenarios pass automated tests
  • Activation events visible in analytics
  • Docs updated (user-guide + API)
  • Flag enabled for production

19. Open Questions

  1. Require email verification at MVP or later?
  2. Capture company name separate from tenant display name?

Version: 1.0