Case Study
Crafting access automation workflows that work
Client
Veza
Role
Design Lead
Contribution
IA, UX, Design System, Data Visualization
Providing enterprise customers with the tools to manage their own access provisioning workflows from within the SaaS platform was a top priority in my first 6 months at Veza.
Veza allows enterprise customers to see who in their organization has access to what, and why
The Product
As an Identity security SaaS platform, Veza provides least privilege access and reduces identity-based threats
Running as a stealth startup for 2 years, the small team at Veza strived to create something to answer the question, "Who can take what action on what data?" As the company grew, so did its enterprise customers, which includes Intuit, Sallie Mae, Blackstone, and AMD.
When I joined the company, at around 150 employees, many of the features were in the midst of a redesign as much of the platform had been engineering led. As a design team of 4, we were tasked with unifying the product's design and user experience, with each of us assigned to one of the major features. My contribution would be within the Lifecycle Management team, where access automation was the key to saving our customers time and money while reducing risk.
The Problem
With a limited, cluttered interface, Veza's Lifecycle Management features were neither powerful nor useful to customers
Confusing navigation links, one-off UX concepts, poorly labeled buttons, lack of context? The early iteration of Lifecycle Management features had all of this and more. On top of that, the handful of customers that were actually using this product still relied on Veza's customer support team to actually implement access automation due to important functionality that was only available through JSON files and the command line.
So how do you provide customers with the convenience of automation without forcing them to learn an API or waiting on customer support? We had to empower them with features that allowed them to create, manage, and test Lifecycle Management workflows that were customized to their company's hierarchy and software stack.
Research
A fresh set of eyes and a background in code gave way to a visual and technical teardown of the current features
My first week at Veza involved the usual gathering of knowledge, meeting with team members, and generally acting as a sponge in a new organization. This was a very technical platform involving many different products, and my goal was to understand as much of it as possible, as quickly as possible.
Tearing it all down
Simply using the software and trying to wrap my head around it was not enough, so I started a Teardown page in Figma and began capturing screenshots and workflows as I dove in with a fresh set of eyes. Leaving comments as I went, asking questions and pointing out areas of confusion, and documented all of the existing Lifecycle Management features in this way. Not only did this process help me familiarize myself with how customers were using these features, it also allowed me to share with the rest of the design team to kickstart conversations on where the overlap was with other parts of the Veza platform.
Documentation to the rescue
Considering the half-baked nature of the current feature set, I had to dig deeper to truly understand the capabilities of our Lifecycle Management product offering. Luckily the organization was invested in proper documentation, so I was able to spend several days reviewing the technical specifications. As I asked more detailed questions, I was able to get access to configuration JSON files that helped me better understand the data structure and input/output of behind the scenes API calls.
Lack of user research
Unfortunately for all of us, there wasn't much in the way of analytics or usability testing from customer interactions with the platform. The design team continued to push for both during my time at Veza, and to my knowledge there was a plan to implement app analytics shortly before my departure. Despite all of this, I was able to convince folks to allow me to listen in to a handful of customer calls in order to hear their perspective on what was working, where their needs weren't being met, and how their organization used the product.
Information Architecture
Refactoring, renaming, and rethinking the user experience for humans automating humans
With a heavy engineering influence, the existing interface for Veza's Lifecycle Management features was based more on database models than security admin mental models. Other parts of the platform suffered from inconsistent, confusing hierarchy and naming schemes, so this was a collaboration effort led by the design team to change all of that.
There's an order to things
Setting up Lifecycle Management within Veza was a process that required a certain flow, which includes connecting integrations, creating access profiles, adding entitlements, and then building out policy workflows. Without completing the previous configuration, customers can't continue on to the next step. My goal here was to not only provide a less painful experience within each step, but to also connect all of these steps into a seamless process as a whole.
As it turns out, naming things is almost as difficult as securing them
Get to the point
A major requirement to accomplish this refactoring included updating the IA for not only Lifecycle Management, but also throughout the rest of the products at Veza. We led internal discussions about the benefits of this change across the entire platform and eventually got buy-in from stakeholders to move forward. The design team then got to work on how best to align our navigation structures, naming conventions, and UI hierarchy.
Iterations of our global and local navigation as we built out our design system
Welcoming first-timers
Lastly, as we rolled out changes to global and product navigation structures, I worked with the Engineering team to implement our existing Quick Start feature within the Lifecycle Management product to help new and existing customers easily walk through the process of setting up automation within Veza.
Explorations
A more flexible system that Provides provisioning power and peace of mind to Veza's customers
My goal, aside from restructuring the navigation and bringing a fresh look to the UI, was to approach this redesign with familiar constructs and only-when-you-need-them details. With each exploration I would strive to reduce complexity in the design without compromising functionality.
Provisioning policies aren't pretty
Reviewing JSON files of policies, workflows, and attribute mapping was incredibly helpful though not very inspirational. So how was I supposed to turn that into something customers could interact with and understand at a glance? Each step in a policy workflow could have hundreds of different customizations, which presented a problem on its own.
Experimenting with familiar interfaces
After a bit of competitive analysis and testing similar interfaces, I explored the idea of an infinite canvas as a way to display all the different nodes of a policy workflow. While this was interesting and could've been the right direction, the canvas design was quickly becoming overwhelming while the Engineering team had concerns about implementation.
The details of each workflow node were complicating the canvas view
Tree view to the rescue
With a more familiar and easy-to-implement structure, my later design explorations brought in a collapsable tree view as a way to quickly get an idea of how a policy workflow, with its nested actions and conditions, would actually work. Paired with a new Sidebar component that eventually made it into our design system, I was able to fit in everything our customers needed to build a provisioning policy without an overly complex set of instructions.
Pivot Point
The data model and the Documentation Don't always tell the whole story
While focusing on the workflow for creating Profiles that provide access within a Policy, my instinct was to simplify the interface as to not overwhelm users with too much information. Unfortunately, even after reading through technical documentation and reviewing the JSON files that lay out the data framework, I got it wrong.
Profiles provide a distinct set of access entitlements within the Veza environment, and my initial solution was to provide that complexity while also hiding settings based on other settings, revealing them to the user as needed. This created some very complicated user flows for some of the paths that turned out to be fairly rare occurances.
After many iterations and reviews with the rest of the team, I landed on a much simpler solution that featured a highlighted toggle that sent users down 1 of 2 paths during Profile creation. Not only did I simplify the approach, but I also left room for more features and paths at a later time, once we were able to see how our customers were using Profiles and whether we needed to include more customization to meet their needs.
Design Reviews
Weekly Design Roundups gave our team a safe space for sharing ideas and securing feedback
Instead of "office hours", our design team setup a Weekly Design Roundup open to anyone at the company where we each shared a snippet of what we were working on or a challenge we needed some help with. Marketing, Engineering, Product, and even C-suite team members would attend, giving us big picture feedback along with critique on the details.
Presenting design work every week using a shared FigJam file
Outcome
A more flexible system that Provides provisioning power and peace of mind to Veza's customers
With the launch of Veza's latest iteration of Lifecycle Management features, our customers were able to do so much more when it comes to automation of identity access within the platform.
By connecting their HR system and cloud applications, customers were able to use our tools to create workflows that would provision new employees, adjust access to those changing jobs, and remove access from anyone leaving the company.
With the previous iteration of Lifecycle Management features, only a handful of customers were actually paying for and using the functionality. That number tripled shortly after the launch of the full suite of automation tools, which increased Veza's revenue by adding a new pricing plan that included these features.
By giving customers the ability to manage their own automation workflows, Customer Success Engineers were able to focus on helping them take full advantage of all parts of the Veza platform rather than tediously customizing their policy workflows.
Retrospective
Veza's innovative Lifecycle Management features offer something completely new for the security conscious
Despite limited resources and an ever growing set of feature requests, our team managed to launch a product that leads the way in access security automation. There's nothing quite like it on the market today, and Veza got there first.
Boiling down the complexities
In less than 6 months we managed to take what once required several hours for an experienced Veza engineer to setup and made it easy for a customer do themselves in the same time or less. Factor in the need to account for third party Saas, storage, and HR systems, not to mention highly customized employee access requirements, and you could say that we accomplished the impossible.
Prioritizing needs over wants
At times our team was inundated with feature requests from customers, stakeholder necessities, and even engineering suggestions from upper management. We didn't always find a good balance between adding things to the backlog and solving problems right now. A heavier Project Management hand would've benefitted everyone involved, helping us prioritize the necessities, documenting the later stage requests, and making sure we delivered a proper MVP.
To ask the right question is already half the solution of a problem
Capturing and sharing technical knowledge
Given our excellent technical documentation on Veza features, engineering efforts, data structures, and API calls, it was surprising to everyone when undocumented technical details came to light after reviewing user flows with our team leader. After some misled design efforts required an abrupt pivot, we met as a team in-person for a few days to hash out those technical details and made sure we were all on the same page. Looking back, this should've been part of the onboarding process for new team members and the start of any project.
The evolution of Veza's Lifecycle Management Experience
TLDR;
In less than 6 months Customers went from asking for complex Security automation to building it themselves
As design lead for Veza's Lifecycle Management product features, I was able to:
Research other solutions for crafting intricate workflows in a software setting and apply those learnings to an interface that was intuitive in an access security context
Architect a simplified approach to navigation and workflows that gave users a natural progression for provisioning from start to finish
Collaborate with the rest of the design team on cross-functional features within the application and contributed 20+ new components to our MIGHTY design system
Streamline customer onboarding for our automation features and allow Customer Service Engineers to focus on walkthroughs rather than tedious manual setup
Increase by 3x the number of customers using Lifecycle Management features which allowed the company to create a new pricing plan to account for these automation features
Document complex data structures visually so that other members of the Product and Engineering teams were able to quickly understand what was possible from the backend