FORMSTACK — JULY 2023

Account access control

A security enhancement feature for a SaaS company, designed to mitigate potential threats and meet the specific requirements of enterprise customers.

TL;TR

Mitigating security risks

Formstack is an online platform that helps customers create and manage digital forms, surveys, documents, and workflows without requiring technical expertise.

In August 2023, the company released a feature update to their troubleshooting process. Customers are now required to provide consent before authorized personnel can access their accounts to resolve support requests. This update protects the customer and business from possible privacy and security threats.

As the Design Lead, I worked closely with the Product Manager and Engineer Lead to carefully craft and test an updated interface and user flow to guarantee minimal disruptions to operations and scope.

MY ROLE

Product Design Lead

TEAM

Product Manager

Product Marketing Manager

Engineer Leads

Security & Legal teams

TOOLS

Figma

Loom

Jira

Slack

TIMELINE

2 sprints = 4 weeks

Customers are now required to provide consent by going to their Profile and turning on Account Access Control in order to grant the Support team temporary access to their account for troubleshooting purposes.

THE SETUP

Enterprise-readiness

Formstack embarked on a multi-year strategy to enhance their product offerings for enterprise readiness with the primary focus being to create new security and compliance features.

Healthcare and Education make up a significant number of the existing enterprise accounts, by improving their experience would lead to growth in sales and retention.

“We need to protect the privacy and security of sensitive information within our company account and ensure compliance with healthcare regulations.”

- Healthcare customer

THE PROBLEM

Customers requested proof of account access control in order to adhere to a new requirement.

Healthcare and Education companies have stringent compliance requirements that they must adhere to in order to maintain their software privileges.

After consulting with customers and internal stakeholders, we discovered that the existing troubleshooting method used by the Support team would not meet the new standard. Removing access would extend resolution time and disrupt ongoing feature launches.

”When a support ticket enters the queue, Support accesses the customer’s account through the control panel to inspect and resolve the issue.”

- Formstack Support team member

THE SOLUTION

Customer-approved access

Strengthening security measures protects both the business and customers from potential threats.

Our goal was to introduce a quick and practical solution to meet the new requirements, followed by post-launch monitoring and iterations.

Most viable solutions:

  • Grant customers greater control over access permissions and log reports.

  • Limit employee access to customer accounts to maintain confidentiality and fulfill legal obligations.

An attacker who gains access to a Formstack admin account could access more information than they should. 

my partnership

Designing with stakeholders

In collaboration with my Product Manager, I worked closely with colleagues from Support, Legal, Security, and Engineering to proactively identify possible workflow disruptions.

To foster alignment and provide clarity around the business goal, address concerns, and identify potential solutions — I facilitated three design discovery sessions with over 30 participants.

As an international, fully remote team, we prioritized time management and utilized virtual meetings for discovery discussions. 

THE PIVOTS

How might we give customers more control over account access with the least amount of impact on day-to-day operations?

At first, we believed this issue could be easily resolved by limiting internal access. However, our design discovery conversations revealed that revoking access would significantly affect the Support team and prolong resolution times.

Given our ongoing feature launches, I need to be resourceful and think of quick, manageable solutions without expanding the project's scope.

Could we keep the ability to gain account access, contingent on obtaining the customer’s consent?

Upon reviewing our existing use cases and troubleshooting procedures, I researched how other companies such as Figma, Salesforce, Atlassian, handle similar scenarios:

  • Which roles have the ability to grant access privileges?

  • How is communication and authentication managed?

  • What is the typical duration of an troubleshooting case?

  • What methods are used to document account access by internal teams?

Taking into account the competitive research and the time constraints, I reviewed the current flows and shared my proposed changes by sharing low fidelity, easy-to-follow user flows to collect feedback from the team.

What happens when:

  • A customer submits a support ticket

  • Support team responds to a support ticket

Now

  • Ensure customer receives efficient troubleshooting support without experiencing delays.

  • Implemented mandatory consent collection for temporary account access by the Support team before troubleshooting.

  • Consent automatically expires after one month unless manually revoked.

  • Provide transparent and easily accessible activity logs and records.

Next

  • Streamline access consent collection within support ticket communication, creating additional paths and reducing the number of clicks it takes to grant access.

  • Allows admins to set and customize their preferred notification methods when access is granted.

When a customer submits a support ticket, they can go to their profile and activate "Account access control" to grant permission for support to troubleshoot. This feature allows them to track when access was granted, and they can manually revoke access or it will automatically expire after one month.

Now

  • Minimize legal and financial risks by implementing controlled access to customer data.

  • To enhance scalability we changed the login button color from “gray” to “green” when access is granted.

  • Ensure Customer Support can perform effectively while safeguarding customer data with restricted account access.

Next

  • Enable admins to configure account-wide access permissions.

  • Further developments will be determined after monitoring performance.

A support team member receives a ticket, navigates to the customer's account in the control panel, and swiftly checks for a "green" login button, which indicates the collection of customer consent.

THE TAKEAWAYS

Feature was successfully launched in August 2023 and is being monitored.

The feature will undergo a phased release, initially reaching a percentage of users and gradually expanding. The full release is scheduled for the end of Q4 2023, with careful monitoring and iteration between each phase of deployment.