Creating, maintaining, validating an individual user’s access to different systems is cumbersome & unproductive.
Allow all users’ access and permissions to be maintained at higher role-levels.
User-centered Design Process
Process: Held 45 min- 2 hours semi-structured interviews with each of the different target personas within this space, ranging from 2-8 based on the size of the business
Customers Types Interviewed
– 7 direct customer interviews (5 onsite & 2 via phone)
– 2 business partner interviews
Discovering major themes
Today’s role mining process
Improved role mining process
While there were 7 personas for the project, there was one primary persona that we needed to support, Ram Laxman.
Primary Persona, Ram Laxman
Scenarios and Requirements
Based on the complexity of the project (and the desire to quickly engage my internal stakeholders), I created a visual scenario requirements document summary. Interactions with strong commonalities are marked with corresponding legend glyphs. Note, the user stories were also fully documented via traditional prioritized user stories as well.
Wireframes and Storyboards
*I used Axure to prototype EVERY interaction and flow. I have low and high fidelity versions of the prototype. This prototype served as interactive documentation for the entire tool that was used to guide development. As many members of the team were in India, I would create a video at the end of day walking through the prototype interactions, highlighting areas where the team should focus.
Home Page Evolution
While design validation was not done on this product, we I completed a design validation on a very similar project. I will share this to show the style of user validation I perform.
9 Usability Test Participants
- 2 Manager Participants (unfamiliar w/ Security)
- 7 “Techies” (Security Administrators, Architects, Security Consultants)
- 8 of 9 usability tests were video taped with audio (only
one opted out)
Participants went through up to six different tasks:
- User recertification: roles, access & accounts (in self-care UI)
- Separation of Duty approval (in self-care UI)
- Separation of Duty policy implementation (in console)
- Separation of Duty violation exemptions (in console)
- Group Management (in console)
- Role Hierarchy (in console)
Expectation versus Experience
Pre-task, participants were given the task description, then asked, “how easy or difficult” do you expect this task to be? Post-task, users were asked how easy or difficult the task was. Mapping the ease-of-use expectation against the experience helped prioritized areas of highest need (i.e. those with a high/easy expectation and a low/difficult experience).
Participants got excited about….
- Group management for services
- Separation of Duty from the role perspective
- User recertification at entitlements level
- Role hierarchy functionality
- In addition, throughout the usability tests, messages were helpful. When participants encountered errors, they were often able to read the messages to successfully complete the task.
Participants felt functionality was missing …
- Requesting access for others from self care UI. Several customers/biz partners brought up the point that managers
should be able to maintain (view, request, etc.) access for their own employees from the self care UI. Now many are jumping between the console & self-care UI which is undesirable.
- Separation of duty (SoD) violations. Some customers felt that viewing SoD violations was more of a compliance/operational activity and did not expect to see this within “Manage Separation of Duty Policy” tasks. Someone even recommended this be handled within the self-care UI.
Usability Test Results & Impact Scale
Usability Test Results: The usability test results briefly summarize areas where users had trouble or needed help to complete certain tasks.
- High: Prevents the user from successfully completing the task
- Moderate: Causes the user difficulty but task can be completed
- Low: Minor problems that do not significantly effect task completion
Task 1, Finding 1.
28 other issues were also found; the above is just an example of the reporting format.