An image from the Enkaji website
 
I designed an identity and access management feature to help scale security management across the platform. The solution introduced user groups, allowing multiple users to be connected to an identity provider with shared roles and permissions.
The user groups feature reduced administrative overhead while improving consistency and control, enabling teams to manage access at scale without sacrificing security or flexibility.
 

GOAL

Provide the ability for a customer to create and manage user groups. Allow admins to configure SSO solutions to onboard users to PubSub+ Cloud. Then use claim values from the customer's identity provider to assign roles.

How might we...

1

Scale our Identity and Access Management (IAM) to allow enterprise support for large teams?

2

Allow an organization to align their own identity provider roles (IdP) with those of PubSub+ Cloud?

RESULTS

👍 Achieved alignment with the stakeholder vision established during early workshops

👍 Enabled granular control for 8 global roles and 3 resource role-based access control permissions (RBAC)

👍 One major retail customer intends to use the feature to create 1,000 to 3,000 user groups, containing 10 users each

👍 Allowed us to create the foundation for future roles for 2 new resources in 3 upcoming projects

Why It Exists

As the platform scaled, managing user access at an individual level became increasingly complex and error-prone. Enhancement to the identity and access management model was needed to ensure security, consistency, and operational efficiency across larger teams and products.

User groups were introduced to allow multiple users to be connected to an identity provider with shared roles and permissions. This shifted access management from manual configuration to a reusable, policy-driven model.

 
 

Strategy

The user groups feature was designed as a foundational platform capability, aligning access control with enterprise security practices. The goal was to support scalable governance while integrating seamlessly with external identity providers.

 

Process and Design

Note: Because my work is mainly internal or unreleased, only public work can be disclosed.

The research phase
The requirements and original design
The high level mocks
The detailed mocks
The final design
The user impact
 

Outcome & Impact

In the end, user groups had a positive impact on our customers:

  • It simplified onboarding and offboarding

  • Reduced administrative overhead

  • Improved permission consistency

  • Enabled organizations to manage security at scale without slowing down workflows

  • Allowed integration to 3rd part identity providers

  • Put mechanisms in place to scale our global roles and resource role-based access control permissions

  • Allowed one major retail customer to create 1,000 to 3,000 user groups, with 10 users in each one