top of page

Account management

Product background

Large enterprises own multiple domains and subdomains, which could be deployed across multiple servers. Such enterprises need hundreds to thousands of digital certificates to secure their domains. Such enterprises need an inventory management and life cycle management software for all their certificates.

Symantec offers two products that together help large enterprises buy certificates and manage them. Both the products compliment each other's functionality while also having some duplicate features.

Symantec wants to consolidate both these offerings into one single product which provides customers a consistent experience across the board.

Project

Create a consolidated single portal that plugs-in the distinct functionalities from both the products.

Create a common account signup and management UI.

Create a common dashboard that can display critical information from both the products.

Re-imagine the existing task flows and improve them.

Identify new task flows based on changes in the industry guidelines and accommodate them in the product UI.

Redo all design and content to match the new style guide.

Redo all email templates to match the new style guide.

Effort

UX designers: 6

UX writers: 5

Project duration: 6 months

Screens I worked on: 20

Work

I was the assigned to the following tasks:

User stories and task flows for:

  • First time flow

  • Organization management

  • Domain management

 

UI Content for:

  • User onboarding

  • Account management

    • Organization management

    • Domain management

  • Related error and confirmation messages

 

Email templates for:

  • Organization life cycle

  • Domain life cycle

  • Admin user life cycle

User onboarding:

See User onboarding flows.

Organization and domain management:

Provided content for:

  • Table views

  • Filters for table views

  • Actions on items in the table view

  • Details view

  • Actions in the details view

  • Dashboard alerts for orgs and domains

  • Audit log entries for orgs and domains

  • Email templates for org and domain life cycle events

Top fights

Provided better status messages to admins for their orgs and domains.

Industry regulations required multiple checks on an organization/domain before a CA can issue an certificate for a domain. The existing UI didn't help users identify why their certificate requests are held up. I did a thorough research on all mandated checks and proposed to provide additional statuses in the organization and domain validation processes.

Existing statuses:

  • New authentication

  • Authentication in progress

  • Authentication failed

  • Authenticated

  • Authentication expired

Additional statuses added by me:

  • Waiting for documents

  • Waiting for callback

  • Waiting for payment

  • gTLD authentication failed

  • gTLD proof of ownership required

  • CAA check failed

  • CAA record update required

  • Extended validation upgrade in progress

  • Extended validation upgrade failed

Challenges:

  • When engineering expressed their inability to accommodate some of these new statuses, I dug up the database tables and showed them the values that they can manipulate to display these statuses.

Final improvements:

  • More granular status information about domain and org vetting process.

  • Ability to filter the list by values like names, periods, and status.

  • Meaningful, clutter free content throughout the task flows that are triggered from this view.

  • Useful what's next information for life cycle actions, like add, remove, and request.

The legacy UI

Revamped look

New, details view

Better feedback for actions

Negotiated new CAA check related task flows and messaging during domain enrollment

CAA, Certification Authority Authorization check is a mandatory requirement proposed by CAB Forum around the time we were working on this project. The rule requires that CAs issue certificates to any domain only if the domain DNS record mentions that CA's name in the CAA record. This rule helps domain owners to ensure that their authorized representatives do not buy certificates from any other CA who is not authorized by the organization.

Symantec was one of the key players in getting the industry body to implement this rule. However, the checks were not implemented stringently within Symantec yet.

I debated that since this is our initiative, we should lead by example in implementing the relevant checks.

I proposed that we do a CAA check when a customer submits their domain enrollment request. This would prevent customers from failing this check when they submit a certificate request for that domain. Large enterprises deal in 100s of certificates and a certificate request failure can lead to significant business disruptions.

My initial idea was to check a domain's CAA record during enrollment and block the enrollment if its DNS CAA record doesn't include our CA brand.

Challenges:

  • Symantec has too many brands of CAs.

  • CAA check requires sentinel calls so they affect the performance.

  • Some types of certificates don't require CAA check.

  • There are already too many checks during the enrollment.

Final result:

  • On further research, we found that the enterprise certificate issuance engine deals with only two of our brands and one of those brands was about to be EOL'ed. So technically we needed to check for only one brand in the DNS CAA record. Solved!

  • The product manager agreed that the value of performing this check outweighed the performance compromise. The actual impact on the performance also turned out to be very negligible, in the end. Solved!

  • After due negotiation we decided not to block domain enrollment if the CAA check fails. Instead, we decided on showing a warning message mentioning that the admin must update their CAA record if they want a public CA certificate. Solved!

Other significant contributions

First time flows for a super admin:

Identified the first time configurations required by the first administrator of a new customer account.

Wrote UI notifications to help admins figure out what they must do when they login for the first time.

These messages are today shown as alerts on the main dashboard when the admin logs in:

Email templates:

Made email notification templates for org and domain enrollment life cycle. Made sure that these templates adhered to the common voice and tone prescribed for the product.

bottom of page