Company & Product Background
What is Sonatype?
What is Repository Firewall?
Repository Firewall is a Sonatype product that acts as a first line of defense, using AI/ML to analyze open-source components and block the download of malicious packages or components that violate a company's security policies.
How might we create a delightful and efficient onboarding experience that empowers new Sonatype users to quickly understand and utilize the value of software supply chain protection?
Goal
Streamline the onboarding experience for Sonatype’s new cloud offerings, ensuring a faster, simpler, and more intuitive process that reduces friction for new customers and trial users.
Problem
Onboarding is complex, time-consuming and error-prone. Users must rely on help documentation, switch between products, and seek Customer Success assistance, often taking 6+ hours or multiple days to complete.
Revisiting a Broken Onboarding Experience
Before diving into this project, I evaluated the current onboarding experience through conversations with our customers, engineers and customer success advocates.
😵💫
Fragmented Experience
A significant portion of the onboarding for Repository Firewall occurs in a separate product (Nexus Repository), leading to a disjointed and confusing experience for users.
😒
Manual and Error-Prone Setup
Companies with large numbers of repositories must manually enable Firewall features for each individual repository, which is both time-consuming and prone to errors.
🤨
Outdated and Inefficient Forms
Onboarding begins with an outdated form that requires information from multiple sources, often forcing users to rely on help documentation or external support to complete the process.
😟
Lack of Clarity
Users face insufficient clarity about what exactly is being enabled during the setup, increasing the risk of insufficient or incorrect setup and reducing confidence in the process.
From Frustration to Flow
My role was to lead the design efforts in transforming the onboarding process within a one month time frame.
Firewall onboarding involves touchpoints in two different products, requiring alignment from product & engineering across multiple teams. I facilitated a Design Sprint to get all the right perspectives in the room.
We kicked things off with "Ask the Expert" sessions. Senior leadership stakeholders shared their vision for Repository Firewall SaaS, product managers shared insights from competitor analyses and engineers shed light on the technical intricacies of today's experience. We uncovered three key goals to guide our user journeys:
😌
Balance
Providing enough context for new users without overwhelming them.
🤩
Value
Showcasing the product's value from the very start.
😃
Empowerment
Enabling decision-making while building trust in Sonatype's expertise.
Building the User Journey
Experts from Design, Marketing, Engineering, and Customer Success weighed in on user journeys, storyboards, and engaged in open discussions.
After three days of sprint workshops and ongoing discussions on Slack, we joined together around a final user journey – a shared vision for a streamlined onboarding experience.
From Blueprint to Reality
With the user journey as our guide, I collaborated closely with product and engineering to translate this vision into tangible mockups. Early iterations featured a WIP visionary set of design system components to help the team envision the future of Repository Firewall SaaS.
Refinement Through User Testing and Iteration
To ensure we were on the right track, we conducted two rounds of customer interviews and async stakeholder reviews with a design revision cycle in between.
These feedback cycles provided invaluable insights into the level of context and explanation needed at each step, ways to further streamline the process and overall UX enhancements.
I want to know what the recommended custom policies are.
Repo Administrator
Customer Interview
Numbering the steps would make it clearer these aren't features, but a sequence of steps.
DevOps
Customer Interview
It could take hours to load audit preview data.
Engineer
Stakeholder Review
I don't understand Firewall's "proxy" stage. It's unclear that these selections are being made for "proxy" repositories.
DevOps
Customer Interview
If I don't know Firewall and am asked to select/deselect repositories, I want to know what's happening and have more reassurance that I'm not screwing anything up
Customer Success
Stakeholder Review
Access link could act as token during authentication, so "Connect" step could be automatic
Engineer
Stakeholder Review
I might spend too much time trying to tweak the protection level at this stage.
Customer Success
Stakeholder Review
I want more explanation as to what is being automatically enabled.
Repo Administrator
Customer Interview
Final Solution
Easy Onboarding with Repository Firewall Guided Setup
A 5-step guided experience that equips repository administrators with adequate knowledge on Firewall features and highlights security best practices as the happy path.
6+ hours to 1 hour
Reduced time estimate for onboarding completion
2/5 to 4/5
Improvement in customer rating of clarity of onboarding
2/5 to 5/5
Improvement in customer rating of satisfaction of onboarding