01 Overview

Groups are the primary mechanism for admins in JumpCloud to manage authorization in their org. Groups also serve to define authorization in downstream applications and directories which are managed with JumpCloud. Managing membership in groups can be daunting and quite manual to keep current. Groups most effectively used in JumpCloud usually require a plan in advance, an IT architecture, which is distinct from from some of the better known, old school, tools many admins are familiar with (think the nested structure of AD for example)—thus, efficient use of JumpCloud’s group structure isn’t always intuitive or easy to get started with.

02 Customer Need

As an admin working in JumpCloud, I need groups to introduce both efficiency and accuracy in my management of authorization to the many endpoints I manage.

How might I manage a users access to groups without manually breaking down each and every user’s identity? If a user changes departments how do I know what groups they should be removed or added to?

03 Research

This is something PM’s had been doing discovery calls on for months before coming to us on the UX team so they were fairly confident that an attribute driven rule builder was an ideal solution.

I threw together some initial designs after having a few small group brainstorm calls with the PM team and we put the designs in front of customers to get their feedback on the ideas, flow, and language.

“It was easy. I appreciate seeing the suggestions”

“It slick and intuitive. It looks interesting I want to be able to poke around more.”

“These changes usually get lost...this provides what I need to manage this more efficiently.”

“This would be really helpful for someone working in our industry.”

04 MVP Designs

The initial designs featured a rule builder in a collapsed card on the users tab. Admins would have to open their card, add rules, and then wait for an email or click “review suggestions” to change membership to their user group. In our initial test many participants expressed a desire to review membership suggestions like the flow included because they wanted to build trust in our system to make the appropriate decisions.

We launched with a very similar flow to what we tested with users and for months the feature sat fairly unused. Several months after releasing the feature with little change we sent out a survey to all of our customers.

We received 95 responses.

05 User Feedback

It was pretty clear admins needed more from this feature in order to even begin thinking about using it. We knew going in adoption would be difficult as this requires a fairly large uplift on the admins end to make sure users have the right attributes populated. We made a list of some quick and not so quick wins to work on in the next year.

1. More operators for conditions

2. Allow user exemptions

3. Allow admins to add multiple values for a single condition

4. Help admins identify/configure important attributes for end users

5. Automation

06 Enhancements

Allow admins to manage groups more more complex and expansive conditions.

We also defaulted this card to be open by default and saw an immediate uptick in usage with these enhancements.

March 2022: 149 orgs with query populated
December 2022: 771 orgs with query populated

07 Automation

The automation of this feature has always been floating in the back of our minds but it was time to make this a reality.

We started with mapping user flows and then began mapping out designs.

08 Group Types

In order for admins to understand what their groups are set to outside of the context of each groups aside we needed to get them familiar with the internal terms we were assigning to the 3 types of groups:

Manual
Users are manually bound and unbound from the user group at any time. No conditions are used on these groups.

Suggested
Using configured conditions user membership changes will be suggested to admins daily.

Automated
Using configured conditions user membership changes will be automatically managed for admins.

When turning automation on we want admins to be confident in our systems ability to make the appropriate decisions and also help them understand the impacts this may have on their organization or any connected resources that.

To solve this I proposed a warning modal displaying a preview list of membership changes that will take place on confirmation. This was scoped fairly large by the engineering team so we paired the design back to support a faster release without compromising too much of the UX.

Admins will still receive a toast notification after turning automation on prompting them to add any outstanding user suggestions to their exemptions list in case they were purposefully ignoring these users.

09 The Future

What’s next for groups? Organization and filtering. We’re currently going through a few rounds of discovery calls with customers to figure out what enhancement they need next.

Many of our customers are coming from Active Directory (AD) so we know there is a strong desire out there for nesting permissions between groups. We’re just wondering, is that the right solution. Or is there something else we can offer that solves the problem even better. This is an in-progress study so I don’t quite have the results yet but here are some of our latest card sorts.