Test Plan: Admin User Invitation and Management¶
| Version | Date | Author | Change Description |
|---|---|---|---|
| 1.0 | 2025-09-11 | Senior QA Lead | Initial Draft for direct admin user creation with passwords. |
| 2.0 | 2025-09-11 | Senior QA Lead | Complete rewrite for Google SSO; replaced creation with invitation workflow. |
1.0 Introduction¶
This document details the testing strategy for Feature 06: Admin User Invitation and Management. With the integration of Google SSO, administrators no longer create users directly. Instead, this feature allows them to "invite" a user by their corporate email address, pre-assigning roles and groups. The user's account is fully provisioned only when they complete their first login via Google.
This plan is based on the v2.0 requirements defined in:
- docs/features/06-admin-user-creation/index.md (BRD)
- docs/features/06-admin-user-creation/use_case.md (Use Cases)
2.0 Scope¶
2.1 In Scope¶
- Accessing the "Invite User" interface by an authorized administrator.
- Inviting a user by providing a valid corporate email address.
- Pre-assigning roles and groups to the invited user.
- Verifying that a new user record is created with the status "Invited".
- Validating the end-to-end flow: an invited user logs in for the first time, and their account status is updated to "Active" with the correct, pre-assigned permissions.
- Error handling for inviting an already-existing user or using an invalid email format.
2.2 Out of Scope¶
- The SSO login flow itself (covered in the test plan for Feature 01).
- Administrators setting or managing user passwords (obsolete functionality).
- The process of creating roles and groups (covered in their respective test plans).
3.0 Test Strategy & Approach¶
- End-to-End Functional Testing: The primary approach will be to test the full lifecycle: from an admin sending an invite to the invited user successfully logging in and accessing the system with the correct permissions.
- API Testing: Direct gRPC calls to the
AuthService.InviteUserendpoint will be made to verify backend logic and validation. - UI/UX Testing: The "Invite User" form and feedback messages will be checked for clarity and usability.
- Test Environments: QA, Staging.
- Test Data:
admin_user@our-company.com: An administrator with theadmin:user:invitepermission.invited_user@our-company.com: A valid corporate Google account that does not yet exist in our system, to be used for the main success scenario.existing_user@our-company.com: A user who already has an "Active" account in our system.
4.0 Test Environment Requirements¶
- Backend & Gateway: The
AuthServiceandAPI Gatewaymust be deployed with theInviteUserfunctionality fully implemented. - Frontend Application: The web console must have the "Invite User" UI.
- Supported Browsers: Google Chrome, Mozilla Firefox, Microsoft Edge (latest stable versions).
- Database: The test database must be accessible to verify the status changes of user records.
5.0 Test Cases¶
5.1 User Invitation Flow¶
| Test Case ID | User Story | Description | Steps | Expected Result |
|---|---|---|---|---|
| TC-INVITE-001 | US-12 | Happy Path: Invite a new user and verify their first login. | Part 1 (Admin): 1. Log in as admin_user@our-company.com. 2. Navigate to User Management and click "Invite User". 3. Enter invited_user@our-company.com. 4. Assign a specific role (e.g., "Editor"). 5. Click "Send Invite". Part 2 (Invited User): 6. As the invited user, navigate to the application and click "Sign in with Google". 7. Authenticate as invited_user@our-company.com. |
After Part 1: A success message is shown. A new user record for invited_user is created in the database with status: "Invited". The correct role is associated with this user. After Part 2: The user is successfully logged in and redirected to the dashboard. Their user status in the database is updated to "Active". They have the "Editor" role and its associated permissions. |
| TC-INVITE-002 | US-12 | Negative: Attempt to invite a user who already exists. | 1. Log in as admin_user@our-company.com. 2. Open the "Invite User" form. 3. Enter the email of an existing user, existing_user@our-company.com. 4. Click "Send Invite". |
The system displays a clear error message, such as "A user with this email address already exists." No new invitation is sent or record created. |
| TC-INVITE-003 | US-12 | Negative: Attempt to invite a user with an invalid email format. | 1. Log in as admin_user@our-company.com. 2. Open the "Invite User" form. 3. Enter "invalid-email". 4. Click "Send Invite". |
The form displays a client-side validation error message, such as "Please enter a valid email address." The request is not sent to the server. |
6.0 UAT Scenarios¶
| Scenario ID | User Story | Scenario Description | Acceptance Criteria |
|---|---|---|---|
| UAT-INVITE-01 | US-12 | An admin needs to grant a new employee access to the application with specific rights. | As an admin, I can enter the new employee's corporate email address and assign them the "Editor" role before they've ever logged in. |
| UAT-INVITE-02 | US-12 | A new employee who has been invited needs to access the system for the first time. | After my manager invites me, I can go to the application, click "Sign in with Google", and I'm logged in successfully. I can immediately start using the tools available to the "Editor" role without any extra setup. |
7.0 Entry & Exit Criteria¶
7.1 Entry Criteria¶
- All development for the "Invite User" feature is complete and deployed to the QA environment.
- The Google SSO integration (Feature 01) is stable and functional.
- All related unit tests are passing.
7.2 Exit Criteria¶
- All test cases in this plan have been executed.
- 100% of Critical and High severity defects are closed.
- UAT has been successfully completed and signed off by stakeholders.