IndyKite Hub v.2 | Enterprise identity portal

Guides technical teams through complex identity workflows with clearer flows and explainability; built on Next.js and the Tyr design system.

Lead Product Designer | 2021 - 2024

Snapshot

What: Customer-facing portal for configuring and operating IndyKite’s identity services (EU/NA enterprise clients).

Who: Solution engineers, security/IT admins, implementation partners.

My Role: Discovery, UX/UI, design system integration, React/Next.js implementation for key flows; acceptance criteria and handoff-free delivery with FE.

Stack: Next.js, TypeScript, Tyr DS (tokens/components/docs), Storybook, Jest/RTL, Cypress.

Outcomes: Enterprise onboarding completed in one guided session (from multi-day back-and-forth) • Fewer UI bugs reached QA • Releases moved faster.

Outcomes

  • Enterprise onboarding completed in one guided session (previously multi-day back-and-forth).
  • Fewer UI bugs reached QA; reduced rework on visual/interaction defects.
  • Releases moved faster with consistent patterns from the Tyr design system.

Problem → Insight

  • Problem: Complex identity workflows, inconsistent UI, and heavy handoff slowed onboarding and created avoidable QA churn.
  • Insight: A unified flow model and DS-driven components would cut cognitive load and let design and FE ship the same intent with minimal handoff.

What I did (design + build)

  • Mapped end-to-end onboarding and configuration flows; simplified forms, progressive disclosure, and clearer error guidance.
  • Integrated Tyr DS tokens/components; specified a11y states; partnered with FE to replace ad-hoc UI.
  • Implemented key Next.js UI for high-risk steps; wrote acceptance criteria and test IDs for Jest/RTL/Cypress.
  • Tightened handoff: component specs, usage rules, and Storybook examples; weekly design-dev clinics.

How it works (compact flow)

  • Users authenticate and select tenant.
  • Guided steps configure identity services and policies.
  • DS components handle states, validation, and a11y.
  • Telemetry events track completion, errors, and drop-offs.
  • CI gates enforce unit/UI tests before releases.

Selected screens

IndyKite Hub Ingestion Summary showing 6 of 6 successful operations: Person x2, Car x2, OWNS x2.

Ingestion complete — two people, two cars, and OWNS links added to the graph.

Graph view with a Person node connected to a Car via OWNS; side panels list node and relationship counts.

Data Profile confirms the model: Person owns Car, with type counts and relationship stats.

Entity Matching details for Enrich 1: source Person (email, family_name, given_name) to target Car (model, year, make), threshold >70.

Entity Matching pipeline ‘Enrich 1’ maps person fields and sets an auto-match threshold.

Authorization editor showing Rego policy with deny-by-default and self read/update rules, plus ‘Run policy validation’ button.”

Authorization policy in Rego: deny by default; allow self read/update for digital twins.

New consent form with name, expiry selector, one-time vs multiple collections, and description fields.

Consent manager: create a reusable consent with expiry and collection options.

Trade-offs & constraints

  • Prioritized high-traffic flows first; deferred long-tail admin tools to later releases.
  • Kept the DS lean to land adoption; postponed advanced components until usage data justified them.

What’s next

  • Explainability for key decisions (tooltips and “learn more” drawers).
  • A11y sweep for high-contrast mode; expand keyboard shortcuts.
  • Experimentation on step grouping to reduce time-to-complete further.