MFA Reset Helper: Streamlining Self-Service Authentication Reset for RSC Users
Holder
This is one of the two projects I worked on as a Product Design Intern at Rubrik, a cybersecurity company serving 5,500+ leading organizations.
My Role
UX Designer (collaborating with 1 Product Manager, 2 Software Engineers, 1 UX Researcher, 1 UX Writer and the Visual Design Team)
Timeline
5 weeks during 2023 summer internship
Tools
Figma, FigJam
Results
1. Delivered end-to-end UX design of a Multi-Factor Authentication reset system that improves both efficiency and security in critical user journeys and edge cases.
2. Presented designs to stakeholders and the broader product team, collected feedback, and iterated design from cross-functional insights.
Problem
Long customer waiting time for manual MFA reset
Rubrik Security Cloud (RSC) is the key product of Rubrik. RSC incorporates Multi-Factor Authentication (MFA), requiring all users to verify their identity using an authenticator app, biometric verification, or security keys. However, if users lose access to their authenticator app or encounter issues with MFA, they must reset MFA settings through their admins. This process can be challenging as users often don't know who their admins are, causing too much traffic towards Rubrik Support. The product manager proposed an automated reset solution for MFA, to free up support’s bandwidth and reduce waiting time of user.
Goals
Improve efficiency and ease of use for MFA reset, for all RSC users - still in a secure way.
Business Goal: Enhance customer satisfaction, and reduce customer support queries for login and authentication.
User Goal: Enable local users to easily reset their MFA and provide admin users with the portal to monitor this process effectively.
Design Goal: Create a feature that guides users and admins through the MFA reset process in a secure and efficient manner.
Solution
Local Users: Simplify MFA troubleshooting on your own
If a local user is unable to complete their MFA verification, they can securely reset MFA using recovery code, or swiftly resolve MFA issues by alerting their admins and initiating troubleshooting with just two clicks.
Admin Users: Track MFA self-reset activities
The admin can monitor the MFA self-reset activities of all local users in their organization, and modify MFA reset settings for either all users or specific individuals.
Admin Users: Efficiently manage MFA requests from local users
When a local user requires assistance with MFA troubleshooting, the admin will be notified via both email and an in-app alert. The admin is able to promptly address and resolve the MFA problem manually.
Results
6/6 Independent MFA reset in testing; Task time reduced by 91% for local users, 70% for admin users
The MFA Reset Helper offers a standardized and simplified method for all RSC users to reset their MFA. It enhances the handling efficiency of unusual MFA scenarios and assists users through the FTUX. This project is now scheduled for imminent launch.
What journey led us to the design solutions?
Context
The existing MFA troubleshooting version is not effectively assisting users
Local users are currently directed to contact their RSC admins for help, with no other options available. This guidance often causes confusion since, as indicated by customer call data, users typically aren't sure who their admins are. Even though MFA resets don't occur frequently, each assistance request call to the support team takes over two hours to resolve. Furthermore, the support team isn't the designated point of contact for MFA reset issues. To resolve this, the product team has proposed a self-service reset feature. This would enable both local and admin users to handle MFA resets independently without external help.
Challenge
🤯 How can we enable users to efficiently complete tasks across various scenarios using the MFA Reset Helper?
The MFA Reset Helper is set to be accessible to all RSC users globally, encompassing a diverse range of use cases. Addressing as many of these cases as possible during the design phase is both challenging and crucial. In order to grasp the domain context and technical considerations thoroughly, I collaborated closely with the product manager and engineers to identify the primary use cases. For each of these, I developed flow charts to effectively convey user flows to the PM and engineers, ensuring a mutual understanding before progressing to more detailed designs.
Take use case #1 as an example. At first glance, the steps for the user seem straightforward. However, when we brainstorm on the situation from an end-to-end perspective, it becomes clear that the real-world scenarios faced by the user might be more intricate than the ideal 'happy path.' Here is the process of how we align on product requirements in our team.
Step 1: Confirm the happy path
Step 2: Address as many use cases as possible before jumping to details
Results:
Prototype: 2 Questions
Question 1🧐: How do we design the FTUX to help admin users adopt this new feature?
Once I created prototypes for each user flow identified during our exploration phase, I started to design the first-time user experience. Local users will be notified about the activation of MFA Reset Helper upon their next successful login and authentication, very straightforward. For admin users, however, we need to design an intuitive and efficient feature discovery process, while ensuring it doesn’t become overly intrusive.
Idea 1: One-Time Login Message
Pros: It captures the attention of admin users, informing them about the new MFA Reset Helper and where to enable it upon its release.
Cons: This approach could block admin users from their tasks, and they may forget the one-time notification after clicking "got it."
Idea 2: Update Message in the MFA Settings Page
Pros: Admin users will see this update message upon visiting the MFA settings page, where they can efficiently initiate the feature for all users.
Cons: Some might hesitate to "enable for all" due to security concerns, unaware they can enable it for specific users too.
Idea 3: Update & Education Message in User Settings Page
Pros: Admin users are already familiar with this Users page where they know how to handle MFA tasks for local users.
Cons: This message could interrupt other tasks on the same page, and it's unclear if enabling for specific users or all is the primary use case.
Question 2🤔: How do we optimize efficiency at the interaction level?
Beyond boosting efficiency in the overall user journey, we also try to improve it at the interaction level. For example, when the admin user receives an MFA reset request from a local user, we're exploring how to design their first in-app screen to facilitate efficient task completion with minimal learning effort.
Idea A: Pin & Select the User Requesting Reset
Pros: Upon clicking the request, the admin directly views its table row, allowing for efficient task execution for the specific user.
Cons: When there are multiple unresolved requests, it may take additional time for the admin to locate and address all of them.
Idea B: Automatic Filtering of All Pending Requests
Pros: Clicking on a request in the inbox automatically filters all pending requests, making batch action more efficient for the admin. It also reduces the likelihood of overlooking requests.
Cons: Implementing this version may require more development time compared with idea A.
Validate & Iterate
Combining Idea 1 & 2 for the FTUX design
I facilitated 6 concept validations with the team, and also gathered feedback from admin users. We decided to iterate on the prototypes based on both Idea 1 and Idea 2. Here is the new version combining both ideas.
Implementing Idea B to optimize interaction efficiency
Based on team feedback, Idea B was favored for its efficiency and intuitiveness. Admins showed greater confidence in task completion with this version. It also aids in monitoring subsequent tasks (e.g. reset URL has expired). Consequently, we chose Idea B and refined the design further based on this feedback.
Takeaways
Shifting between different domain contexts to design core features
The technical context, industry terms and the complicated use cases were challenging, but I learned to have fun embracing all the unfamiliarity and inject my design experience and knowledge into the workflow.
Staying open to different scenarios, and include use cases iteratively
It is almost impossible for designers to figure out all the use cases at once. The strategy I learned is to involve the stakeholders as early as possible, and proactively ask help from the broader team to get cross-functional insights. With each iteration, designers are able to think broader and more end-to-end.
Getting help from others more efficiently
In our bi-weekly design critiques, I learned to share my designs and get the feedback I need in a more efficient way. I found that designers who provide enough contexts to the team and clarify what feedback they need, can always get the most out of design critiques. I also became more comfortable giving feedback to other designers and support them with my insights.
