Loopio’s Roles & Permissions

As Loopio expanded its presence into the enterprise space, a critical issue emerged – the challenges faced by large enterprises when managing roles within their organizations. While our existing permissions structure served smaller customers well, it became evident that it no longer met the complex needs of enterprises.

The growing number of enterprise clients highlighted significant pain points that required immediate attention. Recognizing the urgency of the situation, Loopio embarked on a project aimed at resolving these challenges so future enterprise customers did not have the same experiences.

The project's primary objective was to enhance the permissions structure to cater to the unique requirements and complexities of large enterprises. By acknowledging and addressing these pain points proactively, Loopio aimed to ensure that its solutions continued to align with the evolving needs of its enterprise clientele, providing them with a seamless and efficient experience.

Company: Loopio Role: Product Design Manager* Project Length: 9 months (ongoing)

* My role as Product Design Manager on this initiative was to work closely with the tripod team to create a short, medium and long-term strategy, ran multiple workshops with the mission team to make sure everyone understood the problem space and brainstorm on solutions, coordinated multiple streams of work and mentor two designers as they work through the problem space. I also socialized to the company how we were tackling this piece of work, elicited feedback on prioritization from cross-functional teams, raised high-priority feedback to Senior leadership on important focus areas that were crucial to the business, but out of scope for this piece of work.

Objective

To address the pain points faced by enterprise customers in managing roles across multiple organizations within their business and provide finer-grained control over permissions. The project aims to enhance the user experience and empower customers to efficiently manage permissions.

Discovery & Research

In January, we embarked on a project to alleviate the challenges faced by enterprise customers in managing permissions. Our research efforts included:

1. Customer Interviews: We engaged in extensive conversations with enterprise customers to understand their permission-related challenges. These discussions provided firsthand insights into their struggles and aspirations.

2. Data Analysis: We examined data on the average number of roles created by customers and synthesized feedback from our Customer Experience (CX) team and UserVoice to identify common pain points.

3. Workshop: Many workshops to map out all the resources in Loopio, the actions key personas take, breaking down quality of life enhancements into user stories, consequence mapping, etc. Due to the complexity of the work, it was important that the tripod worked on this collaboratives to make sure nothing was missed, and to make sure this was vetted by cross-functional partners.

Streamlined Approach

Following early discovery, we identified two distinct streams of work:

• Quality of Life Improvements and Quick Wins: Immediate enhancements aimed at addressing existing pain points and improving the user experience. This phase sought to resolve challenges that customers were facing today.

• Longer-Term Transformation: A more extensive overhaul aimed at transitioning the system from a role-based access model to an attribute-based access model. This ambitious change was identified as essential but scheduled after addressing immediate needs.

Quality of Life Improvements

Three significant quality of life improvements were introduced:

• Enhancements to Managing Active Users: We streamlined the process of managing active users, making it more intuitive and efficient.

• SCIM Integration: Integration with System for Cross-domain Identity Management (SCIM) to simplify user provisioning and management.

• Confidential Projects: Improved controls and visibility for managing confidential projects, addressing security and access concerns.

Transitioning to Attribute-Based Access

The longer-term transformation involves shifting from a role-based access model to an attribute-based access model. This significant change offers several advantages:

1. Fine-Grained Control: Attribute-based access provides finer granularity, allowing organizations to define access rights based on specific attributes or characteristics. This enables more precise control over who can access what within the system.

2. Adaptability: Unlike the rigid role-based model, attribute-based access is highly adaptable. Organizations can define their own attributes and rules, making it easier to tailor permissions to their unique requirements.

3. Contextual Access: With attribute-based access, permissions can be context-aware. Access rights can vary depending on the context or conditions, providing greater flexibility and security.

4. Simplified Management: The transition simplifies permissions management by reducing the need to create numerous roles. Instead, organizations can focus on defining attributes and rules that align with their business needs.

Current Development Focus

The present development phase centers on implementing a proof of concept (POC) for General Admin permissions. This area was prioritized as it presented the most significant challenges for users. The goal is to release value into customers' hands sooner before extending the attribute-based access model to other areas of the platform.

Conclusion

• Various Quality of Life Improvements have made a huge positive impact on customers, with many of them telling us how much time this saved for them.

• SCIM is seeing slower adoption which seems to be a result of needing to do various Security and Privacy checks by customers. We are still monitoring the impact once those hurdles have been resolved.

• Confidential Projects recently went out to beta and we’re still measuring the impact of the enhancements.