Building an access request system to enhance security

Design and implementation of a multi-user solution for requesting access to infrastructure resources

Project Overview

man looking through unlimited computer files

Existing State

StrongDM currently allows administrators to grant standing and temporary access to resources based on a user's assigned roles within StrongDM.

two bouncers as security

The Challenge

To build a more secure system that supports the Zero Standing Privileges model, where users must request access to resources they need for their tasks

group working together

Highlighted Skills

Sketching, feature prioritization, user flows, mockups with design system components, prototypes, hosting design critiques, visual and interaction testing

Early Reception

Image alt tag

We're in Beta Testing!

Currently, an early version of the Access Workflows feature is being tested with some existing Clients, and the feedback has been overwhelmingly positive! Client feedback is driving the next few phases of the project.

StrongDM booth at the Gartner IAM Conference, March 2023

Featured at Gartner IAM Conference

Access Workflows was promoted at the Garner IAM Conference in March 2023 where it was praised for being an exemplar of the Zero Standing Privileges model. Read the company blog post about Access Workflows by clicking here!

Building an access request system to enhance security
Working the Project
Calendar with deadlines


Phase 1 would be designed, developed, and shipped over three months with user feedback guiding subsequent phases.

Team of workers

Our Team

A Product Designer (me), a Product Manager, an Engineering Manager, five Engineers, and a Technical Writer

Person thinking about different topics

UX Strategy

Create cohesive, easy-to-learn experiences for all users involved, especially for users new the the web app

We identified three key users who would participate in Access Workflows.

Our team gathered information by interviewing customers and prospects to develop personas for each user that would likely be involved in our solution.

Image alt tag

The DevOps Engineer

Image alt tag

The Engineer

Image alt tag

The Engineering Manager

Building an access request system to enhance security

Feature Prioritization Matrix

For persona-driven prioritization, we used an Impact vs. Effort Matrix to guide feature selection.

Because each persona had different goals and needs, it was important that we prioritize solution features on an Impact vs. Effort matrix. We would include all features from the green quadrant (high impact/low effort) in Phase 1.

Later on, in the closed beta testing, we would ask about the ideas in the blue quadrant (high impact/high effort) to which features users wanted prioritized before we invested development resources.

I translated features into a flowchart that showed how users will navigate through the feature to achieve their specific goals.

With a clear understanding of user personas and prioritized features, the I began laying out initial concepts for user flows. I gathered feedback from the Product Manager and Engineering Manager to elevate the fidelity by adding more precise details.

Image alt tag

Initial Concept Flows

Image alt tag

Sketched Flows with Feedback

Building an access request system to enhance security

Phase 1 User Flows

Iterating early and often was key.

During this phase, I worked closely with the Product Manager and Engineering Manager. I would design a bit and share what I was working on. This process ensured that design issues were identified and addressed early, thus minimizing the need for major revisions during development. This ultimately saved the team (and company) time and resources.

Image alt tag


No ideas were bad ideas. I enjoy sketching on the iPad to generate ideas.

Image alt tag


I used the WireFramer library to create quick and consistent looking wireframes.

Image alt tag


Using the StrongDM design system components brings the design to life.

I hosted design critiques to gather feedback.

Bringing in members from the product design team and project team members was very helpful as ideas began to solidify. Balancing persona needs and business goals can be tricky, but the team's feedback along the way ensured the highest quality solution.

Building an access request system to enhance security
Building an access request system to enhance security

Phase 1 Workflow Details Page (scrollable)

I finalized the mockups and built prototypes for each user's experience.

By doing this, we were able to run a few usability tests (task scenarios) with internal staff that was not on our team. While this was not the ideal external validation UXers hope for, it was at least some sort of testing for now and an provides opportunity to improve next time.

Completed mockups were delivered to our team engineers via Jira with the user story, acceptance criteria, and any additional notes as needed.

Building an access request system to enhance security

Our team was located across the country so an asynchronous conversation was the best way for everyone to participate.

During the coding stage, I supported our engineers as they built our solution.

Even after designs are “finished”, building may not work out as we expected. As designers, we must stay flexible and adjust as needed.

While coding, the engineers asked about a situation that none of us had thought through yet: What should happen if a resource is unassigned from a Workflow while it has a pending Access Request?

The most secure practice would be to stop the request immediately. And, if we stop a request that was inflight, we need to alert the Setup Admin that their change will impact others, like Requesters.

Before shipping, I completed visual and interaction testing on the finished product.

Once a user’s flow was built, I wrote tests and checked the live product to confirm the likeness to the design and experience. If issues or concerns arose, I conferred with the appropriate parties and monitored until resolution. Examples are shown below:

Example of visual and interaction testing document

Snippet from testing documentation

Now, we're testing and collecting feedback on our MVP with a small group of existing users.

The team has begun conducting usability testing and gathering feedback that we can use to continue shaping this solution. Below is a few examples of some customer feedback on the Workflow Setup experience.

Building an access request system to enhance security
Building an access request system to enhance security

Phase 2 prototype used for validating new features with users

We are incorporating customer feedback to make an even stronger solution.

Several customers expressed that they needed ideas similar to those that our team had tabled during the feature prioritization activity as we considered them high effort/high value. For Phase 2, the team brought three of these to like - adding new workflows, customizing name & description, and allowing for automatic approval of access requests.

Building an access request system to enhance security

Feedback so far...

Early feedback has been very positive! The clients participating in the beta group have plenty of ideas. The team is excited to explore options that will enhance Access Workflows.

Next steps

Validating the proposed Phase 2 features via Figma prototype is on deck. Because these additions will take a lot of time development and resources, we'll need to make sure that the designed changes meet the needs of the users.

Want to see more?
Explore my portfolio & learn more about my creative process