VF
Victor Freire
EN|PT
Back to Portfolio
CASE STUDY

SIGA

INTEGRATED ACCESS MANAGEMENT SYSTEM (SIGA) FOR THE LARGEST SANITATION COMPANY IN THE AMERICAS.

RoleUX / UI Designer & Developer
ContextGovernment / Utilities
Year2023-2024
SIGA preview

Overview

SIGA is the Integrated Access Management System for Sabesp, developed to centralize and automate permission control across hundreds of corporate modules and systems. The challenge was to create a secure, auditable, and accessible interface for thousands of employees.

The system handles complex hierarchical approval flows, regulatory compliance, and real-time synchronization with legacy infrastructure.

Problem & Context

Access management was decentralized, relying on manual requests via email and spreadsheets. This led to delays in granting permissions, security vulnerabilities, and significant compliance risks.

Managers had no clear visibility into which permissions their teams held, making periodic audits a labor-intensive manual process prone to human error.

Approach / Thinking

We mapped the end-to-end approval hierarchy and designed a Role-Based Access Control (RBAC) experience. The focus was on creating a "single source of truth" for identity and permissions.

I prioritized a clean, functional UI that could bridge the gap between technical system administrators and non-technical department managers.

Solution

A robust platform with clear management dashboards, integrated confidentiality terms, and a periodic lock management module. The system provides instant visibility and one-click revocation of unnecessary accesses.

Integrated multi-factor authentication and automated audit logging ensure that every permission change is tracked and compliant with data protection regulations (LGPD).

Key Screens

06 SCREENS
01

Secure access to the system environment.

02

Track operational data across workflow stages.

03

Manage system modules and permissions.

04

Control user access and permissions.

05

Manage and track document versions.

06

Streamline access approval workflows.

UX Decisions

01

Hierarchical Approval Visualization

Approval paths are visualized as clear progress steps. Users and managers can see exactly where a request is stuck, reducing follow-up emails by 70%.

02

Integrated Compliance Terms

Digital confidentiality terms are integrated into the access flow. Users must acknowledge responsibilities before receiving access to sensitive modules, ensuring legal compliance by design.

03

Periodic Access Reviews

A dedicated module reminds managers to review team permissions every 90 days. Non-reviewed secondary accesses are automatically flagged for suspension, maintaining a "least privilege" security posture.

Impact & Outcomes

85%Reduction in average access grant time
100%Auditable permissions in compliance with LGPD
50k+Employees managed centrally

Final Reflection

The complexity of Sabesp's legacy ecosystem required a highly adaptable UI. The biggest win was reducing the access request lifecycle from weeks to hours through automated routing.

If evolving this further, I would implement predictive access suggestions based on peer roles to further streamline the onboarding of new employees.