Okta
2024
Resource Collections
Scaling Role-Based Access Across Resources in Okta’s Identity Governance Platform
TL;DR
I led UX strategy and design for Resource Collections, a net-new platform capability in Okta’s Identity Governance platform that enables scalable, cross-application access management. The solution contributed to a 3x increase in Entitlement Management adoption, improved governance efficiency for IT admins, and helped formalize cross-team alignment processes through RAPID frameworks and shared design practices.
About Okta
Okta is a leading enterprise identity and access management platform, helping organizations securely connect people to the right technologies. Its Identity Governance products empower IT and security teams to manage, automate, and audit access across complex environments—supporting compliance, operational efficiency, and zero trust initiatives.
My Role
I was the lead (and sole) UX designer for Resource Collections, responsible for end-to-end design strategy, research, execution, and cross-functional alignment. I worked closely with product managers, engineering leads, platform architects, and the design systems team throughout the project. I also partnered with other designers across the Identity Governance product suite to ensure alignment across access policies, certifications, and access requests.
Context & Problem
At the time of this project, Okta’s Resource Access Management platform lacked a way to define and manage cross-application access. Entitlement Management had recently launched, giving customers fine-grained control over access to individual apps and entitlements—but it introduced new pain points:
Defining policies for each app individually was repetitive and hard to scale
There was no centralized view of a role’s access across systems
Admins had to manually track access in spreadsheets or click through dozens of UIs
End users and managers needed to submit and approve many access requests for a single role
Enterprise customers typically manage access to 200+ apps and thousands of entitlements, with 100+ internal roles. While fine-grained control was valuable, the manual effort made it difficult to maintain governance at scale.
We introduced Resource Collections to bundle together applications and their associated entitlements, making it easier to manage and grant access. This new abstraction aimed to simplify:
Granting fine-grained access across multiple apps
Creating and managing entitlement policies
Centralizing access definitions
Streamlining access requests and certifications
This was a critical follow-up to Entitlement Management and key to the success of Okta’s Identity Governance strategy.
Complexity & Constraints
Designing Resource Collections involved deep technical and organizational complexity. It required navigating cross-team dependencies, challenging legacy design patterns, and introducing a new concept into Okta’s core governance model.
Technical & Architectural Constraints
Coordination was required across Access Requests, Access Certifications, Universal Directory, and the design system team. Many prior design decisions were based on legacy architecture or scoping tradeoffs, such as a strong dependency on Groups. These legacy patterns were not always aligned with optimal UX or future scalability. I worked closely with product and engineering partners to propose phased approaches and negotiate feasible paths forward.
Organizational Challenges
There was no formal process for introducing new constructs into the platform’s primary navigation or terminology system. I surfaced this gap to leadership, and co-developed a RAPID framework with another design partner to formalize decision-making around naming and IA. Naming was particularly sensitive: we had to avoid confusion with other Okta constructs (e.g. Groups, App Sets, Roles), while keeping the model flexible enough to support non-role-based access patterns in the future.
Design Ambiguity & Tradeoffs
We debated whether Groups should be considered a resource within a collection—a tension rooted in Okta’s shift away from Group-reliant models. Another challenge was handling access drift and provisioning failures, which could occur when users were manually removed from apps outside the collection model. We needed to balance transparency with technical constraints, and provide safe fallback states while planning for longer-term solutions.
Approach
To create alignment and drive clarity, I created a UX strategy document that outlined the vision, challenges, outcomes, guiding principles, timeline, and RAPID roles. I partnered closely with PM, the engineering manager, and solutions architect, and collaborated across other PM, engineering and design stakeholders throughout the process.
Key milestones included:
A problem framing workshop with EPD stakeholders
Internal interviews, entitlement management beta feedback analysis, competitor audits, and industry research
User interviews, thematic analysis, and concept feedback sessions
A cross-functional ideation workshop
Prioritization and phased delivery planning
I created a centralized EPD project wall to maintain visibility into research, concepts, and decision history. I also facilitated regular design critiques, alignment reviews, and workshop sessions, and led share-outs on workshop facilitation best practices with other designers.
Competitor analysis
Participants voting on terminology and navigation
Concept explorations
Navigation touchpoints across platform
Solution
The final experience introduced Resource Collections as a scalable abstraction for bundling applications and their entitlements, enabling simplified, centralized access management across multiple surfaces in the Identity Governance platform.
Core capabilities included:
A landing page for browsing and managing all resource collections
A collection detail view showing assigned users/groups and resource contents
Manual and automated assignment workflows
Management of Access Request conditions and visibility of request eligibility
Creation of birthright policies for automatic provisioning
End-user access request workflows via the dashboard
Collection-based certification flows in Access Certifications
I also addressed cross-surface visibility needs by designing contextual cues on app assignment pages, showing when access originated from a collection—reducing governance gaps and improving admin clarity.
Design decisions were informed by multiple solution explorations, and narrowed based on feasibility, scalability, and alignment with Okta’s long-term strategy. I stress-tested interaction models against potential future states (e.g., service accounts, privileged access, devices), and contributed several new patterns back to the design system.
End users can request resource collections
IT admins can time-bound access to a resource collection
IT admins can make resource collections requestable so that Managers may approve access
IT admins can understand how an individual gained access to an app and entitlements wherever contextually relevant
Outcome
Resource Collections had immediate and lasting impact:
Entitlement Management adoption tripled following the release
The work became foundational for Phase 2 efforts, designed to further drive adoption
Customers shared high levels of excitement and validation during feedback sessions
Internally, the work improved cross-team collaboration and helped set new precedents:
The RAPID framework for naming and IA became a reusable internal process
The EPD project wall became a model for collaboration and decision transparency
I was recognized for leading successful, inclusive workshops and sharing facilitation practices with the broader team
Reflection
This project deepened my understanding of platform UX strategy and the importance of designing for extensibility from the start. Creating Resource Collections required rethinking how access is modeled and governed across systems. I learned how to balance short-term feasibility with long-term scalability, especially when designing new abstractions within identity infrastructure.
I also saw how process design and communication tooling can be as impactful as the product design itself. By establishing RAPID roles and centralized decision tracking, we improved velocity, reduced ambiguity, and helped teams stay aligned.
One of my biggest takeaways was the value of facilitation as a design skill. The workshops I led weren’t just creative moments—they moved alignment forward, clarified tradeoffs, and created shared ownership. I’ve since leaned into this strength to help shape design culture and collaboration across teams.
If I could go back, I would push for earlier clarity on scope and technical feasibility. While we ultimately navigated friction points well, aligning on constraints earlier would have reduced delays. This reinforced my belief in using framing and facilitation to scale clarity across complexity.