Callsign Policy Manager

Web Console For Managing Authentication Policies

Callsign is a platform for contextually aware, multi-factor authentication (MFA). It provides access to proprietary services based on assessed risk and policies, via multiple authentication channels such as tokens and mobile apps.

To comply with my non-disclosure agreement, I have omitted and obfuscated confidential information in this case study.


Authentication decisions are usually driven by policies and rules. Initially bundled in the client Dashboard, these used to hide the complexity, offering only simple controls. Clients with simpler needs appreciated this but demand from the financial industry required a more customisable solution.

Built on top of a new decision system, the Policy Manager was envisioned as a web interface that would provide this flexibility along with an approval workflow.

Additionally, the project was also an exploration for a new design language to use across Callsign products.

My Role

As part of the project team, my role was to oversee design and assist with domain knowledge. External contractors were brought in to assist with the interface design and I worked closely with them on the main features and later with developers to refine the product during development in 2018.


There were a couple of issues that required compromises during the project:

  • Complexity of the domain was difficult for the contractors to grasp. As a result, they ran out of time and we didn't get to fully explore all sections, leaving various decisions to be tackled later during development.
  • Project timeframes were very tight. So some important features and design work were deferred for later iterations.


The project was well defined and feature rich, with clearly identified personas and use cases. My primary work was around the following:


Using previous work done for the Dashboard, we designed a linear, text-based query builder for defining the policy context – elements like brand, channel, customer segment – that govern how it behaved. Additional content for rules, metadata and revision history rounded out a policy. Everything was highly configurable within the framework of the workflow.

Ruleset Designer

After exploring various displays for rules, we settled on decision trees for defining authentication flows. Each node was made configurable, with custom logic, external inputs and flexible outputs.

Timelined Audits

Multi-factored authentication invokes various processes, each of which generates a list of decisions and statuses. These logs are hard to view so we visualised this as a timeline, enabling the user to step through the rationale behind each decision.

Design System

Through iterative exploration of the visual requirements for the interface, we also worked out a design language for other Callsign products. It was important to keep the process on track, ensure elements were generic enough for application in other contexts and products, stayed on brand and did not compromise on accessibility.


Coupled with its powerful backend system, the Policy Manager marked a new direction for Callsign products. The visual language developed during the process was widely appreciated by internal stakeholders and clients and is being deployed across other products.

Due to time constraints, some screens were rushed and not explored fully. We covered some issues during development, such as fleshing out navigational issues and workflow states, but further testing was required at the time when I left the project.


  • Wireframes
  • Functional specifications
  • Usability testing