Identity Governance and administration

I designed an Identity Governance and Administration platform to manage and secure identities within an organization. This was a 0-to-1 platform; we formed a new pillar, acquired a company, and had a very successful launch.

Role
Role

• Design lead
 • Hired and built the team

• Design lead
 • Hired and built the team
Timeline
Timeline

• Initial proposal - 2 months • Proof of concept - 3 months • Beta - 2 months

• Initial proposal - 2 months • Proof of concept - 3 months • Beta - 2 months
Team
Team

• Product design lead (me) • PM Director • Eng team (8) • Researcher

• Product design lead (me) • PM Director • Eng team (8) • Researcher

Problem

Users

  • Manual process that takes multiple weeks

  • IGA tools are expensive and hard to implement

Business

  • Customer churn to other IAM + IGA tools

  • 6.45B TAM

Team

  • No team

  • Okta’s monolith constraints

  • No ITSM

Solution

Unified platform that integrates identity and access management with governance capabilities. Enhancing the overall security posture of our customers.

20%

Beta conversion rate
Beta conversion rate

Days to 10 minutes

Time saved
Time saved

New platform and pillar

Team
Team

Research

We conducted a generative research study to broadly understand the identity governance space, interviewing 10 customers, 5 potential customers, and Okta internal app owners. I also researched competitors' tools and user experiences. I created user journeys to map current interactions with Okta, revealing a disconnected and manual process. Additionally, I examined Okta's system model to identify where resource assignments occur and potential conflicts.

Goals

  • Understand pain points

  • Understand current workflow

  • Most important IGA product

  • Personas involved and JTBD

Synthesis

Automation involved (Traditional IGA solutions)

  • Costly

  • Complex and designed for on-prem

  • Deploying takes months to implement.

Automation not involved

  • Manual

  • Tickets or emails

  • Long fragmented process

Products:

From all the products we could build to address identity governance and administration,
our research identified the most immediate needs and common uses of governance by companies as:

  • Self-serve access requests

  • Access certification

  • Advanced lifecycle management


Research

We conducted a generative research study to broadly understand the identity governance space, interviewing 10 customers, 5 potential customers, and Okta internal app owners. I also researched competitors' tools and user experiences. I created user journeys to map current interactions with Okta, revealing a disconnected and manual process. Additionally, I examined Okta's system model to identify where resource assignments occur and potential conflicts.

Goals

  • Understand pain points

  • Understand current workflow

  • Most important IGA product

  • Personas involved and JTBD

Synthesis

Automation involved (Traditional IGA solutions)

  • Costly

  • Complex and designed for on-prem

  • Deploying takes months to implement.

Automation not involved

  • Manual

  • Tickets or emails

  • Long fragmented process

Products:

From all the products we could build to address identity governance and administration,
our research identified the most immediate needs and common uses of governance by companies as:

  • Self-serve access requests

  • Access certification

  • Advanced lifecycle management


a cell phone on a bench
a cell phone on a bench
a cell phone on a bench
a cell phone on a ledge
a cell phone on a ledge
a cell phone on a ledge

Initial POC

For Self-serve access requests, we recognized a substantial gap in achieving end-to-end functionality due to the absence of an IT Service Management layer necessary for tracking multi-level approvals. Based on the timeline and constraints, We identified access certification as an area with significant potential and it was feasible, which led us to focus our initial efforts there.

What's Access Certification

When an employee joins a company, the employee gets applications assigned or the employee can request access to applications. Some applications require a regular review validating the right employees have access to right applications. Enhancing the security and compliance of the company. The review for Figma might be different from the review for JIRA and they both might have different app owners who need to review the access. Access Certification helps organizations reduce risks, meet regulatory requirements, and maintain operational efficiency by adhering to principles like least privilege.

Personas and JTBD

Using all the research, we developed personas and identified the jobs to be done.

IT Admins:

  • need to create and launch access certification campaigns

  • Manage campaigns

  • Review and update access rights

  • Review remediation was done correctly

  • Close campaigns

Reviewer:

  • Get notified when they need to review a new campaign

  • Review the access for each user

  • Reassign review item to other reviewer

End user:

Indirectly affected by this entire process. They either retain or lose access to the resource.


Information architecture

We worked on two models for the information architecture:

  • Model A: Access certification policy resides under the resource.

  • Model B: Access certification is part of a new Identity Governance and Administration (IGA) platform.

After presenting to the executive team, we decided that the platform model would be more scalable. This approach supports multiple IGA products, enhances scalability for other Okta products, and could potentially be sold as a standalone product.

Product concept test

With Product Marketing and Research, we established a design partner program to test early concepts and usability. During the pandemic, I collaborated remotely with my PM and Engineering architect using Miro for low-fidelity wireframes, which we presented to beta partners for quick feedback.

Initial designs

For the initial designs, we follow all the existing patterns and Design system. Tables, modals.

As an admin, I want to create an Access Certification campaign for Figma so that we can remove all the non-designers and save money on all the extra seats we are paying.

As a reviewer, I want to review an Access Certification campaign for Figma to ensure that the appropriate individuals have the correct access, thereby enhancing the company's security and optimizing costs by reducing unnecessary seat allocations.

Usability testing

Users appreciated the integration and ease of use within Okta, finding the experience straightforward and efficient, with an average campaign creation time of 10 minutes. However, the policy creation process was cumbersome, requiring frequent scrolling to review inputs, which indicated potential user frustration despite it not being explicitly mentioned.


Redesigning the policy creation pattern

The problem is that our current design system and pattern library only give us two options:
A modal or a really complicated workflow builder.
I decided to propose a new paradigm for policy creation.

Acquiring a company

In addition to all the design work being done for Access Certification, I was assisting the executive team with the acquisition of a new company, AtSpoke. This acquisition helped us bring advanced lifecycle management and self-serve access requests to market.

Results

Users

  • All-in one Identity Governance platform

  • Creating and access certification campaign went from weeks to 10 min to create

  • Delightful experience

Business

  • BETA in Q1 with 50 customers - 20% conversion rate

  • LEA IN Q2 — 50 Paying customers, 16% New business, 84% Upsell

Team

  • New EPD pillar

  • First micro-service

  • First platform using Odyssey (New design system)

  • AtSpoke acquisition

Other projects

Universal Directory

Designed a scalable navigation system for the Apollo platform. Launched in two months, increasing satisfaction by 10% and retention.

Platform Experience

The Apollo platform experience re-architecture was a design-driven initiative that began during my first week at Apollo. I noticed several issues with the navigation and overall user experience. Within two months, I designed and helped launch a new navigation system and architecture that scales with Apollo's ever-growing product offerings. This resulted in a 10% increase in customer satisfaction and improved retention.