PER-005: David Murphy — Organization Administrator

Andi Lamprecht ·2026-05-11· 13 min read· Draft

Draft UERQ-PLANS-59 Operator Application

“I need to ensure our company’s flight operations are strictly isolated from others, and that I have total control over who represents our organization in the eyes of the Authority.”

1. Identity

2. Professional Context

Responsibilities

• Creates and maintains the organization’s digital identity on the ATOMx platform: legal name, organization type, entitlements, and billing configuration.
• Manages the organization’s identity realm: determines whether users authenticate via local accounts, corporate SSO (Azure AD), or SCIM-based provisioning.
• Invites users into the organization, assigns roles (Pilot/Operator, Fleet Manager, Organization Viewer, Billing Administrator), and removes departing employees.
• Controls which entitlements the organization applies for (Operator, Authority, OEM) and ensures the organization’s credentials and verification status remain current.
• Defines and enforces the organization’s authentication policy: MFA requirements, session timeout, concurrent session limits, and step-up authentication for high-risk functions.

Team & Reporting

• Reports to the VP of Operations.
• Works alongside the IT Security Manager (who manages the corporate Azure AD tenant) and the Fleet Operations Manager (who manages day-to-day flight operations).
• Coordinates with a Legal/Compliance Officer on regulatory data retention and audit requirements.
• Does not manage pilots or field personnel directly — his users are the people who manage those users.

Operational Environment

• Primary: Corporate office with dual-monitor workstation. Standard enterprise IT infrastructure with Azure AD, Okta, or equivalent corporate identity provider.
• Secondary: Occasional remote access from home via VPN for urgent user provisioning or access revocation (e.g., when an employee is terminated and must be removed from the platform immediately).
• Does not use mobile devices for ATOMx administration.

Technical Proficiency

• Highly proficient with enterprise identity platforms: Azure Active Directory, Okta, SAML/OIDC federation concepts, and SCIM provisioning.
• Understands claims mapping, group-to-role mapping, and SSO configuration at a practitioner level. Not a software developer; cannot write custom integrations or troubleshoot API-level federation errors without vendor support documentation.
• Comfortable with web-based admin consoles, directory management tools, and compliance dashboards. Uses Jira, Confluence, and Microsoft 365 daily.
• Familiar with FedRAMP access control requirements from prior government contracting work.

Decision Authority

• Can independently create the organization on ATOMx, configure its identity integration model, and manage all user lifecycle operations (invite, role assignment, removal, deactivation).
• Can select and configure the organization’s authentication method: local accounts, federated SSO (OIDC/SAML), SCIM provisioning, or JIT provisioning. [UERQ-SYS-1996] Can claim the organization’s email domain to route new registrations. [UERQ-SYS-1978]
• Can configure organization-level policies: session timeout, concurrent session limits, MFA requirements, registration fee settings, and audit log retention.
• Must escalate to VP of Operations for: requesting new entitlements (Authority, OEM), authorizing organization consolidation (merging duplicate organizations), and approving changes that affect active flight authorization capability.
• Cannot modify platform-level configurations, tenant infrastructure settings, or another organization’s data.

Regulatory Context

• Organization operates under Part 107 with BVLOS waiver applications pending.
• Subject to client-mandated NDAA compliance and FedRAMP-aligned access control requirements (NIST SP 800-53 AC-2, AC-3, IA-2, IA-5). Must maintain auditable records of all user provisioning, role changes, and access revocations for regulatory review.
• Company security policy requires federated SSO for all enterprise platforms — local password-based accounts are acceptable only as an interim measure during initial onboarding.

3. Goals

Life Goals

• Establish the company as a model for secure, well-governed drone operations that authorities trust implicitly.
• Advance to a CISO or VP of IT role as the company scales.
• Be recognized internally as the person who eliminated “identity friction” — the gap between corporate identity and platform-specific credentials.

Experience Goals

• Feel confident that no one outside his organization can see, access, or modify his organization’s data — strict tenant isolation is not just a claim but a verifiable architectural guarantee. [UERQ-SYS-1919, UERQ-SYS-1511]
• Feel in control of who represents his organization on the platform: every user is invited, every role is intentional, and no one can self-claim membership without his approval. [UERQ-SYS-1988]
• Not feel like he is maintaining two identity systems: the corporate IdP and a separate ATOMx password. The login experience for his users should be seamless corporate SSO.
• Trust that when he removes a user from the organization, that user’s access is terminated completely and immediately — no orphaned sessions, no lingering permissions.

End Goals

• Complete initial organization setup (registration, identity integration, first user invitations) within one business day.
• Transition the organization from local accounts to federated SSO (Azure AD via OIDC) without interrupting any active flight authorizations or forcing pilots to re-register.
• Configure SCIM provisioning so that user onboarding and offboarding in Azure AD automatically creates and deactivates ATOMx identities within the organization’s realm. [UERQ-SYS-1982]
• Verify at any time that the organization’s data isolation is intact: no cross-organization data leakage, no shared identity linkage. [UERQ-SYS-1986]
• Generate an audit report of all user provisioning, role changes, and access events within the organization for quarterly compliance review. [UERQ-SYS-1968, UERQ-SYS-1994]

4. Frustrations & Pain Points

Current Pain Points

• “Identity Friction” — pilots and field staff must manage a platform-specific username and password in addition to their corporate login. This creates password fatigue, support tickets for forgotten credentials, and a security gap where departed employees retain platform access until someone remembers to revoke it manually.
• No visibility into whether the platform’s tenant isolation actually separates his organization’s data from others, or whether it’s just application-layer filtering that could be bypassed.
• Entitlement management is opaque: after applying for Operator entitlement, there is no self-service way to check application status, understand what capabilities the entitlement unlocks, or see which roles become available.
• User provisioning is manual and does not sync with corporate directory: every new hire requires a separate ATOMx invitation, and every departure requires a separate ATOMx deactivation. These fall out of sync.
• No way to test an SSO configuration change (e.g., switching from local accounts to Azure AD) in a staging or preview mode before it affects production users.

Workarounds

• Maintains a spreadsheet mapping employee names to ATOMx user accounts because there is no directory sync.
• Relies on a manual “offboarding checklist” that includes “revoke ATOMx access” as a line item — but this depends on HR notifying IT promptly.
• Has created a shared service account for initial testing because he cannot test the login flow as a different user without a second identity.
• Sends calendar reminders to himself to check credential expirations and attribute renewal deadlines because the platform’s notification system does not alert organization administrators proactively.

Unmet Needs

• Seamless federation: the ability to configure OIDC or SAML SSO so that his users authenticate with corporate credentials and never see a ATOMx-specific login page. [UERQ-SYS-1954, UERQ-SYS-1955]
• Automated lifecycle sync: SCIM or JIT provisioning that creates, updates, and deactivates ATOMx identities automatically when Azure AD directory changes occur. [UERQ-SYS-1982, UERQ-SYS-1957]
• Domain claiming: the ability to claim his organization’s email domain so that any employee who registers independently is routed into his organization’s realm rather than creating a separate, unmanaged organization. [UERQ-SYS-1978]
• Organization consolidation: if employees have already self-registered before David set up the corporate organization, he needs to merge those orphaned single-user organizations into the corporate org without losing their authorization history. [UERQ-SYS-1979]
• An organization admin dashboard showing: active users, role distribution, authentication method, last login, credential expiration dates, and audit log access.

5. Safety & Operational Context

Safety-Critical Decisions

• Configuring the organization’s authentication policy. An incorrectly configured SSO federation could lock out all pilots from the platform, preventing them from confirming authorization status or receiving rescind notifications during active flights. [UERQ-SYS-1692, UERQ-SYS-1996]
• Removing a user from the organization. If a user with active flight authorizations is removed, their session must be terminated and the FAS must be aware that the operator’s organizational affiliation has changed. Improper deprovisioning could leave an unauthorized person with an active flight authorization. [UERQ-SYS-1937, UERQ-SYS-1917(c)]
• Assigning roles. Granting a user the Authorizer or Rule Administrator role (if the organization holds the Authority entitlement) gives that user safety-critical decision authority. An incorrect role assignment could allow an unqualified person to approve or deny flight authorizations. [UERQ-SYS-1918]
• Transitioning authentication methods. Moving from local accounts to federated SSO during active operations. If the transition invalidates existing sessions or credentials, pilots in the field may lose access to their authorization status. [UERQ-SYS-1996]

Time Pressure

Information Needs During Stress

Failure Tolerance

• Corporate IdP outage: If Azure AD is unavailable, David’s users cannot authenticate via SSO. The system should either maintain existing authenticated sessions (no forced re-auth during active flights) or support an emergency fallback authentication method. David needs clear status indication: “Federation unavailable — existing sessions preserved.” [UERQ-SYS-1692]
• SCIM sync failure: If the SCIM provisioning pipeline fails, user creates and deactivations in Azure AD are not reflected in ATOMx. David needs an alert and a manual reconciliation interface. Departed employees may retain active ATOMx accounts during the sync gap.
• Organization state transition error: If the organization enters Suspended state unexpectedly [UERQ-SYS-1998(c)], all user sessions are terminated and new authentication is denied. David needs immediate notification and a clear escalation path to restore Active state.

Consequence of Error

Training & Certification

• No FAA pilot certificate required (David is not an operator).
• Enterprise identity management certification (e.g., Microsoft Identity and Access Administrator, Okta Certified Professional) or equivalent experience.
• Company requires completion of ATOMx Organization Administrator onboarding before production configuration changes.
• Expects detailed documentation for SSO federation setup, SCIM integration, and claims mapping — not a wizard-only experience that hides the underlying configuration.
• Familiar with NIST 800-53 access control framework, FedRAMP identity requirements, and SAML/OIDC protocol mechanics.

6. Key Scenarios

Scenarios are documented as individual pages under the Key Scenarios section.

7. System Interaction Profile

Session Pattern

Data Volume

• Manages 15–60 user accounts within the organization.
• Typical role distribution: 1–2 Organization Administrators, 1–2 Fleet Managers, 1 Billing Administrator, 10–50 Pilots/Operators, 2–5 Organization Viewers.
• Needs access to the organization’s full audit history (up to 7 years) for compliance reporting.
• User management operations: 1–5 per week during steady state; 10–20 during onboarding waves.

Notification Needs

Collaboration Needs

• Coordinates with the Fleet Manager on user access needs: which pilots need Pilot/Operator role, which need elevated permissions.
• Coordinates with the IT Security Manager on Azure AD group-to-role mapping and SCIM provisioning configuration.
• Does NOT interact with authorities, other organizations, or the platform administration team through the ATOMx interface — those interactions happen through support channels.
• May need to coordinate with the Billing Administrator (or hold that role himself) on subscription and payment configuration.

8. Traceability

9. Revision History