top of page

CASE STUDY

Designing a Frictionless Zero Trust Experience for Duo Mobile

Woman on Her Smart Phone

Overview

As part of Duo's transformation toward a Zero Trust(1) security model, we reimagined Duo Mobile as Trusted (DMAT)—a feature that verifies a device’s security posture (OS updates, malware, compliance) before granting access to sensitive applications and data. The goal was simple: strengthen security while keeping the user experience frictionless.

Project team

Our success stemmed from strong cross-functional collaboration. Our triad of Product Design, Engineering, and Product Management teams worked together from day one, aligning on shared goals to create a seamless experience for our end user.​

​

However, we had our challenges:

​

  • Fostering collaboration and a shared vocabulary: Early on, the Engineering team had limited experience working with product designers, so we took the time to align on processes and terminology, ensuring smoother collaboration moving forward.

  • Bridging the project management gap: With no dedicated project manager, I took on project management responsibilities for the design team, coordinating efforts across disciplines to keep work moving smoothly.

My role

As Senior Product Designer, my responsibilities included:

​

  • Leading design efforts, keeping the design squad on track.

  • Collaborating with the cross-functional partners in Engineering and Product Management.

  • Planning and conducting usability testing to validate our designs.

  • Designing key screens and workflows based on our findings.

  • Prototyping interactions to refine functionality and gather stakeholder buy-in.

  • Creating and managing design documentation in Confluence and delivering prototypes for internal teams to be used as product demos.

  • Ensuring a smooth handoff to Engineering while supporting design QA.

CHALLENGE

How might we make mobile authentication feel seamless for people who just want to access their applications without frustration?

Understanding our user

Lee.jpg

Duo’s design process is deeply rooted in user personas. At the heart of our design process for DMAT was “Lee”—our typical end user.

 

Lee is a student, employee, or faculty/staff member who isn’t focused on security details; they simply want quick, uninterrupted access to their resources. Our challenge was to ensure security felt invisible to Lee.

Process & execution

Working on a two-week sprint cycle, we followed an iterative process that guided us from discovery to a successful beta launch.​​


Key design phases​​
 
Discovery

  • Auditing workflows & content: We examined existing authentication flows to pinpoint friction points for Lee.

  • Research planning: A structured research plan helped us validate assumptions and identify UX challenges.

​

Concepting & research

  • Designing the “Happy Path”: We envisioned a streamlined authentication flow and created low-fidelity prototypes.

  • User testing: Testing with customer administrators, Lees, and internal teams provided valuable insights.

  • Synthesis & buy-In: Findings were shared with Engineering and Product Management, ensuring cross-team alignment.

​

Iteration & refinement

  • Flow Improvements: Feedback from testing informed refinements in interaction and clarity.

  • Visual design: We applied Duo’s design language, resulting in a high-fidelity prototype that captured our vision.

​

Handoff & support

  • Design documentation: Detailed handoff in Confluence and design QA supported engineering throughout the build.

  • Continuing collaboration: Ongoing support ensured that the final product stayed true to our design intent.

Beta launch

We conducted a beta launch with select customer partners to test the new authentication flow in real-world environments. Their feedback helped us fine-tune the experience before a broader market rollout.

​

  • Customer feedback: Observations and usability insights highlighted areas for final refinement.

  • Cross-Functional preparation: Collaboration with Engineering, Marketing, Customer Support, and Documentation ensured smooth adoption.​​​

Ideal user flow

QUALITATIVE FEEDBACK FROM BETA TESTING

"I barely noticed the transitions, this [flow] provides just enough feedback to know it worked."

Redesigned User Flow

Outcomes

By partnering with key customers and leveraging iterative feedback, we delivered meaningful improvements that led to:

​

  • Reduced friction in authentication: Streamlined login experience minimized unnecessary steps.

  • Improved user experience: Clearer instructions and a more predictable flow reduced confusion.

  • Stakeholder buy-in: Research findings influenced product strategy and earned leadership support.

  • Successful beta launch: Early user feedback validated our approach and guided final adjustments.

Final thoughts

This project reinforced the importance of balancing security and usability—a fundamental challenge in authentication design. By championing user needs, collaborating across disciplines, and refining the experience through research, we delivered a product that strengthened security without sacrificing usability.

Footnote & additional reading

(1) "Zero Trust" refers to the security approach where Duo implements a "never trust, always verify" policy, meaning it continuously assesses and verifies the identity of users and the security status of their devices before granting access to applications and data.
​

Read more about Zero Trust Security:
https://duo.com/solutions/zero-trust-security​

​© 2025 Desmond Connolly

bottom of page