Intralinks has containers that house projects called 'Exchanges' (this is legacy terminology from Mergers & Acquisitions deals; 'Exchanges' could be Deals, Funds, Bundled Debt, etc.)
• Employee leaves company; need to remove their access to all current Exchanges (projects)
• New Limited Partner in Private Equity company; want to add them to all funds they are invested in
• You need to know a certain person's access to various Exchanges (projects)
• You want to quickly change the role of someone across multiple Exchanges (projects)
Business & User Goals
This one piece of functionality that users requested from the legacy product before they would transition to the new platform.
No way in new platform to manage users access and role assignment across Exchanges (projects).
User would have to go through the following flow:
HUB (list of Exchanges) --> Select an Exchange --> Navigate to the 'Users & Groups' tab --> Find the individual --> Update their access/role --> and then pogo stick back out to the HUB to select the next Exchange.
Whew! NOT easy at all! A user might be part of dozens or even hundreds of Exchanges!
The solution: Across Exchanges "Contacts" Tab
Manage a Single User
Manage Multiple Users
Check your assumptions with engineering
PM and Design added this filter so users could manager users for a specific time period. For instance only the people who had been added in the past 3 months. It was only after a technical review with Engineering that we learned that our platform did not keep track of when users were added or removed--the list of contacts would only ever show the current list of user information and couldn't deduce who was a user at a specific point in time.
Forgotten Edge cases
This was the first feature that would span across Exchanges (projects) in the new platform, so there was an overwhelming amount of details to track and technical, platform logic to understand and work with.
As we were nearing completion of the implementation, a review between the PM and Client Services Managers unearthed several edge cases that were not considered.
• Exchanges with multi-factor authentication required before a user could enter. This was a setting that could be toggled on by an Exchange manager and was seldom utilized.
• Exchanges that had splash screens, in which the user was required to "acknowledge" the splash screen before they were enter the Exchange.
Because the 'Contacts' tab was across Exchanges if any one of these Exchanges had multi-factor authentication or splash screens those verification would have to be resolved before the system would allow the user to see the people (contacts)
Unwinding the logic
It's easy to get confused trying to explain all the various logic paths. Enter a beautiful logic flow diagram to the rescue!
The quickest fix that allowed us to ship this much needed functionality simply displayed the contact list without the contacts from the Exchanges that needed additional authentication.
Long term fix
Allow the user to resolve ALL additional security requirements in a single flow. Each splash page could be acknowledged and multi-factor authentication (MFA) would only have to be entered once and would applied to all MFA Exchanges and would last for the user's current session.