The Single Experience: After the Dual-Pane Window
Subtitle: How single sign on and a single workflow make many systems feel like one.
TL;DR
The glass does not need to be single. The session does. Use single sign on and a unified workflow to blend the feel of one product while data and control stay in the systems that own them. Keep the dual-pane model for governance. Give users a single experience for flow.
Context
In the last piece I argued that a single pane of glass is a myth. The most honest model is a dual-pane window. One pane for operators who need depth. One pane for leaders who need clarity. That view stands. https://redshirtbrigade.substack.com/p/the-dual-pane-window-why-the-single?r=ffd2q&utm_medium=ios&triedRedirect=true
This follow-on offers a counterpoint that works inside the same constraints. If the pane cannot be single, the session can be. If the database cannot be unified, the user journey can be.
What users really ask for
Users do not ask for one database.
Users ask to stop logging in six times.
Users ask to move from alert to asset to approval without losing context.
Give them that.
Principle
Treat “single pane” as single sign on and single workflow, not a monolithic console.
Single identity: One IdP that speaks OIDC and SAML.
Single session: Token exchange and silent refresh across apps.
Single workflow: Deep links, shared context, and a common task inbox.
Separate planes: Data and control remain in the owning systems.
Zero Trust remains intact because verification happens at each sensitive step. IAM and RBAC remain intact because tokens are scoped per app and privileges are least by default.
Reference pattern
Identity at the core OIDC for new apps. SAML for legacy. SCIM for lifecycle. Step-up for risky actions.
Session orchestration Exchange the primary session for app-specific tokens. Refresh in the background. Propagate device and risk signals.
Role and policy resolution RBAC for coarse roles. ABAC or policy-based access for context such as device posture, geo, and data class. Deny by default.
Composable experience layer Micro-frontends or embeddable widgets render inside a simple shell. A deep-link registry opens any app at the exact record with context intact. A unified task inbox lists approvals and alerts from many systems. A global search returns ranked links rather than copied data.
Event and audit fabric A lightweight bus forwards minimal events for notifications and posture. Full audit stays in source systems. The shell shows pointers and receipts.
Guardrails Strategic views are read-only. Write paths live only inside the owning app widget. Per-action consent banners appear on cross-system data use.
A day in the life
A support lead sees a predictive failure in the inbox. One click opens the device record in the asset system within the shell. One more click shows warranty status in the vendor portal. The lead requests a replacement and meets a step-up prompt. After passing, the vendor system executes and posts a receipt.
An executive opens the same case from a KPI view, sees status and trend, and moves on without touching controls. The experience feels singular. The control model remains plural.
Risks and boundaries
Legacy authentication: Use a gateway for header-based auth while you plan deprecation.
Scope creep: Keep business logic in systems of record. Let the shell handle navigation, session, and presentation.
Performance: Cache claims and tokens with short lifetimes. Preload the next view on hover. Keep widgets light.
What to measure
Time to complete cross-system tasks.
Prompts per session and step-up success rate.
Deep-link usage vs swivel-chair hops.
Reduction in over-privileged grants.
Mean time to acknowledge and resolve tasks in the unified inbox.
In reflection:
Keep the dual-pane split for truth and accountability. Use single sign on and a single workflow to give people the coherent flow they want. Buyers already know when they are being sold the impossible and they call it in their heads. Offer something practical that earns belief. Not a single pane. A single experience that respects how real systems and real people operate.