User-Centered Design Example


Creating, maintaining, validating an individual user’s access to different systems is cumbersome & unproductive.


Allow all users’ access and permissions to be maintained at higher role-levels.

User-centered Design Process

User Research

Process: Held 45 min- 2 hours semi-structured interviews with each of the different target personas within this space, ranging from 2-8 based on the size of the business

Customers Types Interviewed
– 7 direct customer interviews (5 onsite & 2 via phone)
– 2 business partner interviews

Discovering major themes



Example axial coding used to help identify high level issues/concepts as revealed in the semi-structured interviews.
Example axial coding used to help identify high level issues/concepts as revealed in the semi-structured interviews.

Today’s role mining process

Exemplar scenario illustrating the disjoint process between the Compliance Manager, Service Line and the rest of the role management (traditional IT) team within the role management process.

Improved role mining process

Ideal scenario where the coompliance manager, service
Ideal scenario with better integration between the business and IT lines.



While there were 7 personas for the project, there was one primary persona that we needed to support, Ram Laxman.


Primary Persona, Ram Laxman


Scenarios and Requirements

Based on the complexity of the project (and the desire to quickly engage my internal stakeholders), I created a visual scenario requirements document summary. Interactions with strong commonalities are marked with corresponding legend glyphs. Note, the user stories were also fully documented via traditional prioritized user stories as well.


Wireframes and Storyboards

*I used Axure to prototype EVERY interaction and flow. I have low and high fidelity versions of the prototype. This prototype served as interactive documentation for the entire tool that was used to guide development. As many members of the team were in India, I would create a video at the end of day walking through the prototype interactions, highlighting areas where the team should focus.

Home Page Evolution

Design Validation

While design validation was not done on this product, we I completed a design validation on a very similar project. I will share this to show the style of user validation I perform.

9 Usability Test Participants

  • 2 Manager Participants (unfamiliar w/ Security)
  • 7 “Techies” (Security Administrators, Architects, Security Consultants)
  • 8 of 9 usability tests were video taped with audio (only
    one opted out)
Techsmith Morae was used to capture the video and screen. Analysis capabilities within the tool were also used.
Techsmith Morae was used to capture the video and screen. Analysis capabilities within the tool were also used.


Participants went through up to six different tasks:

  • User recertification: roles, access & accounts (in self-care UI)
  • Separation of Duty approval (in self-care UI)
  • Separation of Duty policy implementation (in console)
  • Separation of Duty violation exemptions (in console)
  • Group Management (in console)
  • Role Hierarchy (in console)

Expectation versus Experience

Pre-task, participants were given the task description, then asked, “how easy or difficult” do you expect this task to be? Post-task, users were asked how easy or difficult the task was. Mapping the ease-of-use expectation against the experience helped prioritized areas of highest need (i.e. those with a high/easy expectation and a low/difficult experience).



Participants got excited about….

  • Group management for services
  • Separation of Duty from the role perspective
  • User recertification at entitlements level
  • Role hierarchy functionality
  • In addition, throughout the usability tests, messages were helpful. When participants encountered errors, they were often able to read the messages to successfully complete the task.

Participants felt functionality was missing …

  • Requesting access for others from self care UI. Several customers/biz partners brought up the point that managers
    should be able to maintain (view, request, etc.) access for their own employees from the self care UI. Now many are jumping between the console & self-care UI which is undesirable.
  • Separation of duty (SoD) violations. Some customers felt that viewing SoD violations was more of a compliance/operational activity and did not expect to see this within “Manage Separation of Duty Policy” tasks. Someone even recommended this be handled within the self-care UI.

Usability Test Results & Impact Scale

Usability Test Results: The usability test results briefly summarize areas where users had trouble or needed help to complete certain tasks.

Impact Scale:

  • High: Prevents the user from successfully completing the task
  • Moderate: Causes the user difficulty but task can be completed
  • Low: Minor problems that do not significantly effect task completion

Task 1, Finding 1.



28 other issues were also found; the above is just an example of the reporting format.