Interested in working with me?

Want to chat with me?

Masthead image of KeelHub the case study showing a screen from the prodoct

Case Study

KeelHub

KeelHub was designed to help a nonprofit organization efficiently manage its operations for over 400 employees. The platform needed to handle sensitive information, streamline workflows, and maintain trust among a diverse, global workforce. This case study focuses on how secure authentication and access management were incorporated to meet these needs.

Roles

UX Designer

Team

  • 5 UX Designers
  • 1 Product Manager
  • 1 Project Manager
  • 5 Engineers

Skills

  • Human interface design
  • Interaction design
  • Design systems
  • Research
  • Product strategy
  • Art direction

Timeline

August 2024 - October 2024

The Problem

Over 400 nonprofit employees are at risk of cyberattacks due to inadequate user authentication and access management.

In the custom-built Workforce Management Platform for a nonprofit, I identified a critical deficiency in an already approved set of designs. Weak security measures in user authentication and access management put sensitive personal data at risk, potentially leading to financial loss for users and reputational damage for the organization.

Results

The estimated results demonstrate the expected effectiveness of the new and redesigned features:

90%

Drop in unauthorized access attempts.

100%

Elimination of admin-related incidents.

85%

Reduction in phishing incidents.

80%

Decrease in user error rates

Navigation

To accommodate the new RBAC features, additions were added to the platform's navigation introducing dedicated spaces for user management, role management, and invites.

Image of the old navigation in KeelHub

Before

The navigation had no secure areas for admin and other role based access and no centralized way to view all users.

Image of the new navigation in KeelHub

After

The additions to the navigation offered secure areas to users with permissions to view all users, alter permissions and send invites.

Previous Designs

Previous designs were already approved, but there were major security concerns.

The previous designs met functional requirements but lacked esstential security measures. Leaving these unaddressed would make defining roles difficult, increase user errors, and leave the users open to attacks.

Image of two screens from the previous designs for login

The Process

My process was grounded in white paper research, informational interviews, valuable feedback from stakeholders, and collaborative rapid iteration.

Research

I focused on understanding the technologies that could enhance security and usability. This involved:

  • Exploring technical solutions like two-factor authentication and role-based access control.
  • Reviewing cybersecurity guidelines to ensure compliance with industry standards.
  • Consulting with developers to evaluate feasibility and implementation strategies.

Design Iteration

I collaborated closely with engineers and subject matter experts to learn about scalable security measures. From my learnings visuals like flow diagrams were presented to stakeholders to streamline approvals and ensure technical feasibility.

Implementation

The security features were integrated iteratively, with ongoing reviews to ensure alignment with organizational priorities and constraints. Feedback from the internal team was used to refine flows and reduce complexity for users.

Rapid Delivery

Due to time constraints, the designs were finalized without direct user testing. Instead, I relied on established design principles, developer insights, and stakeholder feedback to inform decisions and anticipate user challenges.

The Challenges

There were a number of challenges that affected the design outcomes of the authentication and RBAC designs. Some of the most influential ones were:

Diverse User Base

Users span numerous countries and technical skill levels, requiring a frictionless login and setup experience.

Zero Budget for Messaging or Email Services

Without funds for third-party messaging services, we had to rely on users to install and manage their own security tools.

Stringent Privacy Standards

Ensuring compliance with local and international privacy regulations while protecting sensitive information was critical.

Limited Timeframe

The accelerated timeline for this project left no room for usability testing or iterative feedback from end-users before launch.

Final Designs

Using user flows imagined from gathered information from informal interviews with SMEs, I went from 0 to 100 using a developed design system.

Two-Factor Authentication (2FA)

Step by step instructions for guidance and support for user confidence

Custom illustrations replace generic assets, elevating first impressions and brand consistency.

Flexible options accommodate users with varying technical expertise through links to trusted platforms

Role Based Access Control (RBAC)

Quick actions make it easy to connect system admins with information quickly

1 of 4
/
Image of User management tables with a email being copied from the table
Image of the Roles page where users can navigate to different access roles like 'admin' and make new ones
View of table of invites to the application

Invitation-only User Management

Structured onboarding ensures roles are assigned before access is granted, reducing confusion.

Straightforward process flows simplify admin tasks for inviting and managing users.

Guidance for administrators to efficiently assign roles and maintain organizational hierarchy.

Conclusion + Lessons Learned

The critical role of design in protecting user data, fostering trust, and overall improving a product both technically and aesthetically.

By introducing scalable security measures and working within significant constraints, I delivered an impactful solution that addressed the organization’s immediate needs while laying the groundwork for future enhancements and protecting users.

Here is What I learned

  • Collaborate with Developers Early

    Partnering with developers early taught me the importance of aligning technical feasibility with design goals, which strengthened both the designs and stakeholder buy-in. Through this collaboration, I deepened my understanding of cybersecurity principles and how they directly impact user safety.

  • Be Adaptable to Shifting Requirements

    Working on an MVP with ever-changing requirements taught me how to effectively prioritize features while aligning with stakeholder goals. I gained valuable experience in adapting to shifting needs by collaborating closely with cross-functional teams and refining my communication and decision-making skills.

  • Be User-Centric without User Input

    Through this project, I learned how to identify and address the diverse needs of users by collaborating closely with my design team. This experience deepened my ability to prioritize user-centric thinking and develop solutions that are intuitive and impactful, even when direct user feedback wasn’t available.

And what whould I do differently?

If I had more time, I would have pushed for usability testing to validate security measures from a user perspective. While the project successfully balanced security and usability, that additional step would further strengthen user trust and ensure a smoother adoption.

Take a look at some other work?