In this case study, I’ll share the research and development process behind a new user management feature that helps our corporate clients oversee their internal teams, end clients, and third-party service providers.
- Conducted a data mapping exercise to inform the design of the role based permission model.
- Overcame unexpected technical constraint with a simple solution - context switcher.
- Incorporated design tokens into our component library to streamline our UI creation process.
The initial version of our platform offered users the option to open either a corporate or personal account. Personal account holders were onboarded as individual investors, while corporate account holders could choose to be either asset issuers or corporate investors during registration. But there were some gaps:
- Regardless of which account type users selected, the platform only catered to one account user. There was no way to invite other users to a corporate account (in a way that doesn’t involve sharing your login credentials, passing identity and AML verifications).
- There was only one role available: system admin, also known as the super user, who had access to all platform features.
User testing confirmed that this was a serious limitation for our highest-value clients, the corporate clients. They needed to be able to invite different types of users to the platform and assign them access rights based on their org structure.
Initial platform design supported only a single user.
STAKEHOLDER INSIGHT
“If we don't build user management functionality, our highest-value clients will become frustrated with the lack of flexibility to manage users who are engaged with the platform”
Our team set out to build a user management feature, but the scope of the project changed several times. The initial feature spec included:
- Inviting new users
- Creating user groups/departments
- Setting different permission levels (page, component, API levels)
- Switching contexts between personal and corporate accounts
With business and user requirements in hand, I set out to understand the access management domain. This involved identifying all the key nouns in the permission structure - often referred to as domain modeling, or object-oriented design. I collaborated with my team to break down key concepts - roles, departments, functions, and account types - into separate data tables, helping us map their relationships and ensure logical connections.
Access management: uncovering insights and best practices from industry leaders
STAKEHOLDER INTERVIEWS
I run a series of interviews with our tech and product teams to better understand challenges they are facing with the current RBAC architecture and grasp several technical concepts (e.g., "function"). Some key insights from this research were:
- “A number of business functions and user roles are unclear to me…”
- "We need to get the ontology right. We must describe what the major nouns are. Otherwise, we would never reach an alignment"
Defining attributes and metadata for each object in the permission model.
Permission model exploration: roles, groups, departments, functions,...have we covered everything?
At this stage, most of my deliverables were spreadsheet style documentations that helped team to align on the data structure and feature requirements. However, there was 1 problem we needed to address for our data model to scale.
After a quick audit of the existing system's functions, we identified key usability issues: there were overlaps between 15 out of 28 functions, and no documentation on what permissions they contain.
USABILITY TESTING
Overhauling functions was a big undertaking with a lot of technical complexity. However, it allowed me to consider how we could simplify the system for front-end users.
Here are examples of questions I asked to uncover usability issues:
- How do you see the difference between someone with "Ledger Viewer" and someone with "Ledger Admin" access?
- When onboarding a Compliance Officer, would you assign a function or a role? Why?
Key usability issues: overlaps between 15 out of 28 functions, and no documentation on what permissions they contain.
To find a simple solution, I worked with our architects and engineers to identify which functions could be replaced or complemented by others, and how we can present them to users so they can choose easily what they need for business. I also created a functions name mapping table, which helped us to categorise functions in a way that match our most common finance-related use cases.
Grouping functions based on the capabilities they offer to help our corporate clients easily select what they need for their business
These changes aimed to reduce the number of function options to select during onboarding, which in turn would decrease cognitive overload and streamline the onboarding journey. This was my assumption, and I needed to test it.
Drafting a concept to visualise how users select functions during onboarding
Another improvement that I did is renaming some actions to make them sound more familiar to admin users.
Renaming actions to better align with familiar terminology for admin users
To move the design forward, I also needed to make some key changes in the existing platform navigation. The new strategy would rely on 2 components:
- a dedicated admin sidebar for managing users, roles and other organisation settings
- a side drawer for quick access to object details.
Introducing user management feature was a great opportunity for me to improve current navigation that was structured around micro-services, not user workflows and mental models.
Sidebar and IA explorations
I scheduled 4 interviews with users from the client side who had requested the feature. Within a week I gained a ton of valuable insights, and by the end of the 2d week, the iterated design was ready for another round of testing.
😃 Most of the positive insights related to:
- UX around navigating between resources and org. settings
- set of initial roles (admin, entity admin, investor, issuer, fund admin)
- functions selection during onboarding.
🤔 Actionable insights revolved around:
- making it easier to invite users using CSV uploads
- adding default roles and functions
- explaining the difference between role-based and function-based permissions.
Gathering insights on the user invitation flow
The results were promising, and I was ready to move the designs forward. However, as is common in startups, we soon encountered new technical constraints.
We discovered that invited users couldn't join existing accounts without first creating a personal account and completing an identity verification process. Without this, users wouldn't be recognised in our system. This was a limitation of our legacy system setup.
New constraint: invited users cannot join existing corporate accounts
We understood the importance of being flexible and adaptable in product development, so when challenges arise, we can respond quickly. As a temporary solution, I designed an account switcher and informed users about the steps to join a corporate account.
Adding the switch functionality to the Profile dropdown addressed our clients' needs for the initial release
Moving to high-fidelity design was quite a challenge. At the time of building the User management feature, our Design System was still in development:
- 100 + components built: mostly atoms and molecules with a multitude of variants created before the Figma properties feature was released
- No design tokens: our developers were still working with hard-coded values (HEX, pixels)
To address this challenge, the UI designer and I decided to integrate design tokens into our development process and establish clear design principles. First, we researched best practices for design token naming conventions and frameworks from industry leaders like GitHub, Material, Atlassian, and Microsoft.
Researching on the best design token naming conventions and patterns frameworks
At the end, we decided to adopt the Material framework & update it with our own guidelines to better support our goals. We chose Material for several reasons:
- it offered a concise set of tokens
- the token naming was straightforward and easy to understand
- our developers were already familiar with this framework
- Material framework provided pre-loaded interaction states and elevations, saving us time and effort.
With better CSS practices and a clear design direction, we're ready to create a smoother and more scalable UI experience.
Putting Design System into action
With design guidelines and tokens in place, assembling components and creating high-fidelity mockups became much faster. We conducted additional testing before releasing the final solution for the MVP to ensure the User management feature is both useful and user-friendly - particularly for managing external users and guiding internal team members invited through the verification process to join a corporate account.
We structured and re-grouped features around user workflows, aligning navigation with their goals for a more intuitive experience. The first-level navigation was designed for managing external users, companies, and other platform resources, while the secondary sidebar focuses on personal and organisational settings, including roles and user management.
A dark theme for primary and a light theme for secondary navigation created clear visual separation, while an action-oriented navigation menu items (with verbs) enhances clarity, helping users understand available tasks within each section.
Improved content grouping in the main navigation and a dedicated sidebar menu for personal and organisational settings
In the "Manage" section, admins can oversee people, companies, and their assigned functions. The user invitation process is now seamless, with clear distinctions between function-based permissions for external entities and role-based permissions for internal users.
Inviting external people to join a workspace
- To speed up invite process, we left functions selection optional, automatically assigning a default "no access" function if none are selected.
- Added a search bar for quick function lookup, eliminating the need for long scrolling.
- Added ability to select all permissions within a function or choose partial permissions.
- Clear feedback on the number of selected functions, with an option to deselect all.
Inviting internal users to the organisation
- CSV bulk upload allows admins to invite all users to the organisation and bulk assign roles with a single click.
- Expanding each role provides clear insights into permissions.
Invite internal team members
We introduced a side drawer to provide a quick preview of key information about users, companies, and other entities, eliminating the need to navigate to detail pages.
Side Drawer: quick preview of user information
A dedicated section for Role management allowed admins to review existing roles and permissions, and build custom roles as needed. Displaying avatars provided a quick visual reference for assigned users.
Dedicated section for managing roles and permissions
Multi-user support
Corporate accounts and user management were our 1st major milestones in our roadmap towards a more professional client base. Plus, it was the perfect opportunity for our team to set up a role-based permission model and enhance our function ontology, which had been a longstanding item on our backlog.
Intuitive IA and more consistent UI
We redesigned the side navigation to make it easier for users to find and interact with resources. Using design tokens and clear principles, we created consistent, clean UIs that benefit everyone. This is an ongoing process – our IA will continue to adapt to the product and user needs.
Resource constraints and prioritisation
Due to unexpected priorities and resource constraints, our team focused on shipping a minimal feature version (with account switcher) and redefined the scope for future iterations. This experience highlighted the importance of understanding current capabilities and constraints to avoid surprises later.
