Harmonizing access control across the Maximo Application Suite

Role: Owned the research, design thinking workshops, and UX design initiatives

Team: 6 distinguished engineers, 1 architect, and 6 product managers

Outcomes: Vision brief, user storyline, 3 user management model proposals, final north star vision, experienced based roadmap

Timeline: September 2021 - November 2021

Project goals

How might we create a harmonized experience of managing users and their resource level access across all applications in the Maximo Application Suite?

How might we align six different cross-functional product teams on the user management experience vision?

Context

The Maximo Application Suite (MAS) helps organizations manage assets and predict maintenance issues—like Adobe Creative Cloud, but for operations instead of design. Different user roles require different access levels, e.g. a field technician vs. an IT admin. Access control defines which apps, actions, and resources each role can use. Since MAS only offered basic user creation, we designed a new access control model to give clients the flexibility and security they need.

Understanding the user and problem

Who are we designing for?

Kelly, the user management administrator responsible for creating users and setting user access permissions to applications.

Roles and responsibilities:

Kelly ensures users are granted the proper levels of access control for security purposes. She wants to onboard her employees in a timely, effective, scalable way so they can quickly get to work.

Kelly’s pains

Requires a lot of back and forth navigation across different access management systems to define and grant access to multiple applications.
Each application treats its access control management differently, with thousands of users, user roles, and permissions.
No holistic view to quickly pinpoint access.

So how might we…

modernize the MAS user management model, focusing on scalability, centralization, alignment with customers' organizational structures, and development cost so that:

the amount of time and resources spent managing users decreases.
an admin can grant granular access permissions without navigating between applications.

Research

1. Customer interviews

I completed sixteen moderated, observational interviews with user management administrators (the Kelly’s) to evaluate customer expectations for user management and validate my pain point assumptions. The interview findings were evidence as to why it would be advantageous for our team to invest in a user management redesign, as well as what we should prioritize in our solution.

Key findings:

Customers spend significant resources (time & employees) on setting up security groups and users.
Admins utilize spreadsheets and independent tooling to automatically assign security permissions based on user roles.
Admins prioritize visiblity into usage data and remaining in conpliance.

2. Comparative analysis

I looked at existing systems within IBM to see how they handle access and identify common UX patterns. I also explored industry best practices through a competitive audit.

Insights adopted based on research:

Information hierarchy broken into sections with progressive disclosure patterns.
Use of progress bar and wizards to guide user through actions.
Bulk management and division through roles, groups, and teams.

3. Internal stakeholder interviews

I learned from my design lead that user management was a sensitive topic, so I set up one-on-one stakeholder interviews to gather candid perspectives. I shared synthesized insights before the workshop to surface risks and ease concerns.

Workshopping

Over the next two months, I led twelve workshops with designers, developers, and PMs to align on the user stories we wanted to support. I then designed low fidelity flows and prototypes to support those experiences, reviewed the design proposals with the team, iterated based on feedback, and finalized our north star proposal.

Defining user stories. Examples:

Scenario 1: New customer testing the waters - onboard a basic users.
Scenario 2: Small customer expanding, adding, and removing many users manually.
Scenario 3: Mature single app customer restricting access with customized resource based access control.
Scenario 4: Actively monitor and track usage data.

Screen Shot 2022-07-17 at 4.37.10 PM.png

Screen Shot 2022-07-17 at 4.37.17 PM.png

Designing the concepts

I then built low fidelity flows and prototypes for the user stories. Example of a user creation story —>

Screen Shot 2022-07-17 at 4.37.33 PM.png

Final concepts

Screen Shot 2022-08-13 at 6.47.20 PM.png

Screen Shot 2022-08-13 at 6.47.37 PM.png

Screen Shot 2022-08-13 at 6.51.26 PM.png

Screen Shot 2022-08-13 at 6.47.48 PM.png

Screen Shot 2022-08-13 at 6.47.57 PM.png

Impact

This visioning work aligned the team on a north star vision, clarified scope, and secured access control on the Q4 roadmap. It also broke down silos across MAS teams, fostering collaboration around centralized solutions. Next, we’ll validate designs with customers and A/B test against the old model to ensure they meet expectations and improve task efficiency.

Takeaways

Leading a workshop with twelve PMs and engineers was quite the experience! As I hadn’t yet worked with all of those stakeholders, the initial interviews were great in helping me build trust and confidence across the team. Additional stakeholders ended up joining the workshop, and there came a point where I needed to breakdown the participant roles as there were multiple scheduling conflicts. I created a RACI (stakeholder responsibility matrix) for alignment on participant expectations, which progressed key decisions.

I quickly noticed that participates unfamiliar with design thinking approaches were less likely to contribute if no prompts or examples were available. I decided to bring in examples for each user story to kick-off brainstorming workshops, increasing engagement throughout the exercises.