© 2019 SUVARCHALA GUDUGUNTA

Privileged Access Management

Enterprise Cloud Security

Overview

Privilege Access is designed to handle the rudimentary use case of privileged access management, which lies in granting access to privileged user accounts via a shared account, password or applications password and secrets vault, as well as securing remote access. Centrify Privileged Access Service allows for all the above as well as secure administrative access via jump box, workflow-driven access requests and approvals as well as multi-factor-authentication (MFA) at the vault. 

The Challenge

Redesign experience around privileged access to the hybrid enterprise with just-in-time and just enough privilege, identity assurance and advanced monitoring. Currently, it only caters to administrators and not the users of this service. Redesign so as to shift focus from management to actual day-to-day usage. 

 

Research

The main goal of the research was to understand the goals of the user so we could design a better solution for them. Minimize the attack surface and control privileged access to the hybrid enterprise with just-in-time and just enough privilege, identity assurance and advanced monitoring and reporting.

Stakeholder Interviews

Why do we need to redesign? Who are the users? What are the current problems faced by users? What are we trying to achieve? Who is benefitting from this?

Task Analysis

Taking a step back we observed what were the main tasks in a day for an admin and for the user. We realised that we were mainly catering to the admin and not really looking at this from the user's perspective.

Research Insights 

  • Primary task is hidden in a right click which is not discoverable.

  • Workspace is not of much use, does not add value to the feature.

  • Ease of performing tasks is required.

  • Differentiation between contextual Activity vs Global activity is required.

  • Action center/ Command center to perform daily tasks without having to drill down everyday.​

Persona Study

This feature had four user personas. Of the four three are end-users and one is the administrator. The feature is currently designed around the goals of the admin. In recent talks with the customers there is a need for the feature to be more focussed on usecases for privilege service user. 

Defining the Goal

"Focus on usage of the Priviledge access management feature as opposed to administrator tasks."

Ideation

After collecting all the information about the portal we finally put our ideas onto paper.

  • Bring primary task to forefront

  • Pull out the global items from individual pages and put it on a global space.

  • Visually show a strong connection between system and account.

  • Pivot by System instead of account.

  • Quick access to favorites and recently accessed.

Defining Functionalities 

The key features defining the redesign initiative

Login to a system with minimum number of clicks.

Pivot by system instead of account. 

Quick access to favorites and recently used.

Mockups