Trusted Identity Propagation-EMR

Enables administrators to manage and audit data access and deliver frictionless single sign-on with their organization's identity provider for all users.

Company: Amazon web service (aws)

My Role

I executed as User Experience lead for Trusted Identity Propagation Integration project where I led UX design for Amazon EMR. I also led UX direction for overall AWS Analytics services (EMR, Athena, and Redshift) which integrated with AWS IAM Identity Center enabling administrators to manage and audit data access and deliver frictionless single sign-on with their organization's identity provider for all users.
My role for this project included:

  • Driving UX-product alignment managing Amazon Redshift, Amazon Athena, and Amazon EMR integrate with AWS IAM Identity Center, and Amazon S3.

  • Contributing in defining EMR integration product requirements with product manager and engineering team with UX working sessions to identify surfaces where this feature would impact and create end-to-end workflow.

  • Present solutions to senior leadership to get alignment on design solutions for Amazon Athena, Redshift, and EMR with Amazon IdC and Amazon S3 partners.

  • Aligned with partner teams to identify and aggregate disparate qualitative and quantitative data to inform design solutions at the product level.

  • Demonstrated high judgement trade-off decisions for the product, incorporating system limitations, scaling factors, edge cases, and architectural decisions.

Success Metrics

Our target users are existing M+ (Million plus) AWS Analytics users who need to integrate their identity provider through IAM Identity Center across all analytics for authentication and authorization. Within 6 months, of its launch more than 20% of these customers have started using this feature.

AWS LAUNCH ANNOUNCEMENT

Simplify and improve user access control for AWS Analytics Services

Project timeframe

3 months(August 2023- October 2023).
Launched: Generally available November 2023

PLATFORM

Responsive, Enterprise product.

Team

Product Manager, Data Scientist, Front-end developers, Backend developers, Legal, UX copywriter.

Amazon Redshift, Amazon Athena, Amazon IdC and Amazon S3 UX Designers, Product Managers and Engineering teams.

UX Tools Used

Figma, Figjam, Usertesting.com

Problem

 

Today, each AWS analytics service integrates with AWS’s role-based access control system, IAM. Data users find it challenging to interact with separate IAM credentials as they access each service for their analytics and ML use cases, instead of accessing via Single Sign On, as they do with most of their applications. Customer administrators have a fragmented and manual approach to mapping each users’ organizational credentials with its attributes to IAM roles, adding significant administrative and development cost to implement permissions management at scale. Ongoing changes in data sensitivity, job function and teams must be managed through end-to-end traceability of user access to address audit and security risks. Customers in sensitive data industries like financial services and healthcare face complex regulatory requirements.

PROPOSED SOLUTION

 

IAM Identity Center (IdC) is launching a feature that allows customers to manage user permissions and traceability for customer administrators. Analytics services like Amazon EMR, Amazon Athena, and Amazon Redshift will integrate with this feature to solve the problem.

Value Proposition

 

  • Organizational identity is propagated seamlessly, helping customers and its users ease of use when using various Amazon Analytics services for their use cases.

  • Enable customer administrators with fine-grained access control for their users.

  • Help customers in sensitive data industries with regulatory requirements, with end-to-end traceability.

Target users

 

Target customers are the enterprises who access data using multiple AWS Analytics services or third-party applications for their analytics requirements.
1. Administrators - who provide access to users/groups

2. Data Admin - who configures access controls to Analytics services.

3. Data Scientist or Data Engineer (end user) - who uses single sign-on access to AWS Analytics applications.

the design process

I led the daily/weekly meeting with project stakeholders including Product Manager (PM), Data Science team, Engineering team through the design process.

  1. Empathize and Discover: I teamed with Product Manager, Data Scientist, and engineering team to strategize accurate and deep intuitive understanding of the customer needs and translate concepts into features that addressed user’s information needs and behavior.I conducted weekly working sessions with those stakeholders to craft the user flows. I created various UX artifacts like journey maps, user flows, and task analysis during early design phase. I led the collaboration (weekly) with Amazon Redshift, Amazon Athena, IAM Identity Center, and S3 team’s UX Designers and Product managers to maintain consistency in our design approach and conducted design thinking workshop with these cross-functional teams to highlight the user needs and design ideation for each.

  2. User Interviews: I conducted customer interviews to gather and understand their requirements and constraints. I collaborated with Product Manager and various customers to gain insight into user behavior and expectations. I was rapidly prototyping and iterating based on customer feedback and stakeholder feedback.

  3. Hunt for Data Source and Utilize Metrics and collaborate with diverse teams: I collaborated with engineering team to get adoption metrics for existing EMR Studio and highlight pain points of the user that could be simplified in the new flow.

  4. Strategy, Vision, Ideation and Iteration: I participated in senior leadership discussion to propose seamless design. integration strategies for cross-functional teams of Amazon EMR, Amazon Redshift, Amazon Athena, Amazon S3 and IAM Identity Center teams for this project.

  5. Testing and Validation : I tested and validated the designs with customers early and often during various stages of the design process to craft the final product. This helped the product take its final shape.

Back to Top

Trusted Identity Propagation-EMR user flow

Trusted Identity Propagation-EMR user flow

Customer Personas

Customer Personas

Set up in Identity Center

Set up in Identity Center

EMR on EC2 - TIP Integration

EMR on EC2 - TIP Integration

EMR on EC2- TIP Integration

EMR on EC2- TIP Integration

EMR -Studio - TIP Integration

EMR -Studio - TIP Integration

EMR Studio - Assign users/groups

EMR Studio - Assign users/groups

End user- access EMR application via single sign on that was set up in EMR on EC2 and Identity Center

End user- access EMR application via single sign on that was set up in EMR on EC2 and Identity Center

EMR-Athena-Redshift-IAM Idc-S3- Design Thinking workshop

EMR-Athena-Redshift-IAM Idc-S3- Design Thinking workshop

Launch announcement Video

Challenges & Lessons learned

AWS Analytics services (Amazon Redshift, Amazon Athena, and Amazon EMR) had very different needs in regards to integrate with Trusted Identity Propagation which was a new IAM Identity Center (IdC)feature. For instance, Amazon EMR needed scaling attribute when users/groups could be added to its applications as its key customers have ~3 Million users who would be using this feature. Despite early brainstorming during design thinking workshops, IdC team could not design add users widget that would provide scaling capability. This was a setback for our users and I had to push for scaling feature to be designed and implemented the quarter following the launch.

Back to Top