The Challenge: The "Registration Wall"

The candidate experience on SchoolSpring was fundamentally broken at the identity layer. A teacher looking to apply across multiple school districts — a common scenario in the K-12 hiring market — faced a frustrating and unnecessary barrier: they were forced to create a separate account for every district, upload their resume multiple times, and manage a growing pile of credentials they'd inevitably forget.

• The Problem: This "Identity Fragmentation" created severe friction at the top of the hiring funnel. Every redundant registration step was a drop-off risk — and the data confirmed it. Candidates who hit the registration wall when applying to a second or third district abandoned at a disproportionately high rate. The platform was losing its most motivated, high-intent users at precisely the wrong moment.

• The Goal: Create a "Universal Candidate Profile" — a single identity that a user registers once and carries across the entire PowerSchool ecosystem. Apply to any district, with any ATS, without ever being asked to start from scratch.

Understanding the Problem Depth

Before architecting the solution, I needed to understand the full scope of the identity problem — both the technical debt and the user impact.

• The Scale of Fragmentation: With 1M+ candidate records spread across district-specific silos, the data landscape was complex. Many candidates had 3–5 separate accounts representing different versions of themselves — different resumes, different contact details, different application histories. Any solution had to reconcile this fragmentation without data loss.

• The Support Signal: "Password reset" was the single highest-volume support ticket category for candidates. This wasn't just a UX inconvenience — it was a direct signal that multi-account management was actively breaking the user experience and consuming significant support resources.

• The Compliance Constraint: K-12 education data is governed by strict privacy regulations (FERPA, state-level equivalents). Any centralized identity solution had to meet a higher compliance bar than a typical consumer product — making the architectural choices non-trivial.

The Action: Transitioning to Centralized Authentication

I led the strategic migration from localized, district-specific logins to a centralized Single Sign-On (SSO) architecture using Auth0 and the OpenID Connect (OIDC) protocol.

• Identity Strategy: I defined the requirements for a centralized User Store — the canonical source of truth for candidate identity. The architecture ensured that a candidate's documents (resume, transcripts, certifications) could be surfaced by any district ATS once the user authenticated, eliminating the need to re-upload on every application.

• Security & Compliance: I collaborated closely with engineering and legal teams to validate that the Auth0 implementation met educational data privacy standards. This included mapping the OIDC token flow against FERPA requirements, implementing scoped data access so districts only received the candidate data they were authorized to see, and building in MFA (Multi-Factor Authentication) as a default-on security layer.

• Legacy Data Migration: The most operationally complex piece. I defined the product logic for "merging" existing fragmented accounts into the new unified identity — a deduplication and reconciliation process that had to preserve every historical application, reference letter, and credential without surfacing the seams to the user. Zero data loss was a hard requirement.

• UX Redesign: I oversaw the complete redesign of the login and sign-up interface. The new experience prioritized social logins (Google, Microsoft) to minimize password creation friction, offered a streamlined MFA enrollment flow, and presented a clean "Universal Profile" setup that a new user could complete in under 60 seconds — turning a previously painful onboarding into a competitive advantage.

The Impact: From Silos to a Platform

The SSO migration transformed candidate identity from a source of friction into a platform-level capability — directly improving engagement metrics, reducing operational overhead, and positioning SchoolSpring as a genuinely cross-district hiring destination.

• 40% Increase in Applications Per Candidate: By eliminating the registration barrier between districts, we saw a significant and immediate lift in candidates applying to multiple roles per session. The Universal Profile removed the single biggest reason high-intent candidates stopped at one application.

• 50% Reduction in Password Reset Tickets: Centralized identity solved the #1 candidate support issue outright. Fewer accounts meant fewer forgotten passwords, fewer locked accounts, and fewer support escalations — freeing the team to focus on higher-value problems.

• 60-Second Universal Profile Setup: New users could create a fully populated profile — with resume, certifications, and preferences — in under a minute. This dramatically improved top-of-funnel velocity and set a new internal benchmark for onboarding efficiency.