ROLE
TIMELINE
TEAM
1 Chief Engineer
4 Engineers
TOOL
Figma
TL;DR
ChatDoc Master is a no-code AI-powered chatbot builder. As it evolved into a B2B product, the original admin panel which was designed for managing individual users, could not scale to meet enterprise needs. Internal admins faced limited visibility, flat user structures, and manual backend work for onboarding and chatbot deployment.
I worked with internal engineers who also served as admins to map a new system architecture and designed a scalable admin panel with organization-level onboarding, role-based access control, and secure chatbot deployment via iFrame tokens.
The new admin panel for ChatDoc Master was launched in July 2024 and is actively used by internal admins.
PROBLEM
As ChatDoc Master transitioned into a B2B product, I needed to design a new admin panel that could support managing complex business hierarchies.
The original admin dashboard allowed only flat user management: individual accounts with no grouping, no granular roles beyond platform admins, and limited tooling for debugging or onboarding. This setup worked when user count was low and user roles simple, but as we onboarded business users, the limitations caused inefficiencies and operational risks.
Old admin panel of ChatDoc Master
SOLUTION
A secure, scalable panel for internal admins to manage business users, troubleshoot chatbots, and maintain platform security.
GROUP MANAGEMENT
Create new groups for business onboarding
Admins can set up new business groups by assigning subscription plans, user and chatbot quotas, and a group admin who will manage the organization’s team. This supports smooth onboarding and scalable management of our growing business user base.
USER MANAGEMENT
Control access by assigning roles across users and organizations
Admins can easily assign or update roles—User, Group Admin, or CPII Admin (our internal admins), directly from the user table. This gives internal admins fine-grained control over who can manage teams, access chatbots, or configure system settings, all without needing to touch the backend.
Gain visibility into user activity and chatbot-related data
From each user profile, admins can view chatbots created by that user. This gives admins the transparency they need to monitor usage and support business clients effectively.
CHATBOT MANAGEMENT
Enable chatbot embedding for business websites
Admins can generate iFrame tokens that allow businesses to embed their chatbots directly onto their websites. Tokens are configurable with expiration dates and can be revoked as needed.
Admins can acquire new iFrame tokens by setting parameters like expiration date and question limit.
The generated iFrame code can be copied and embedded directly into business websites.
Access chatbot data for easier debugging
For each chatbot, admins can access the uploaded documents, chunked data, and chat history. This visibility supports issue tracking and aligns with backend data structures.
RESEARCH
Understanding internal admin frustrations as ChatDoc Master scaled for B2B
As our engineering team also serves as admins, I interviewed four engineers to uncover the limitations of the original admin panel and their evolving responsibilities as we transitioned to support business users.
Interviews with admins surfaced gaps in group management, role control, and chatbot visibility and deployment.
To design features that help business users deploy chatbots, I needed to understand these two technical terms:
iFrame
The HTML snippet that businesses place on their website to embed the chatbot.
Token
A secure access key generated for a chatbot embed that controls and authorizes this embedding.
I worked with engineers to map a new information architecture organizing groups, users, and chatbots with their metadata and assets.
This structure supports managing complex business hierarchies by clearly defining relationships and data across groups, users, and chatbots.
Information architecture of new ChatDoc Master admin panel
OPPORTUNITY
How might we enable internal admins to securely manage business users and chatbots at scale, while reducing backend dependency and preserving control over platform access?
ITERATIONS
I prioritized designing secure workflows for onboarding and chatbot deployment to protect sensitive business data and maintain control over platform access.
Because our engineering team also acts as admins, every feature needed to support their technical workflows, minimize manual backend effort, and uphold platform security. I identified two core admin tasks as priorities:
01
Onboarding
Ensure only authorized users can join the right organization and prevent misuse during sign-up.
02
Chatbot deployment
Give admins control over iFrame tokens to prevent unauthorized access and protect chatbot data.
Enabling admins to onboard business users securely
ITERATION 1
I designed a flow where admins could generate a registration link tied to a business group. The business would share this link with team members to sign up under the organization.
Poses security risks if links are leaked or reused
Complex to maintain validation logic for links
ITERATION 2
I replaced the registration link with a unique registration code for each group. New users enter this code during signup to join their organization.
More secure and revocable
Easier for admins to distribute and track usage
Better aligned with backend validation and scalable across clients
Strengthening security for chatbot embed tokens
ITERATION 1
Admins generated iFrame embed tokens by entering a name and question limit. However, tokens never expired once created, leaving them permanently valid.
Tokens that never expire create a security risk if they are leaked or stolen
ITERATION 2
I added token expiration controls, allowing admins to set expiry dates.
Provides robust security by limiting token lifespan
TAKEAWAYS
This was one of the most challenging projects I've worked on due to its highly technical nature, but it helped me grow as a systems thinker.
Speak the Developers' Language
By learning what tokens and iFrames mean and why they matter for security, I made informed design decisions that protect users and platform integrity. Moving forward, I will invest time early to understand key technical concepts to design solutions aligned with technical scope.
Map System Relationships to Design for Scale
By deeply understanding how users, groups, and data interact within the backend architecture, I identified edge cases and complexities upfront. This clarity enabled me to design solutions that not only solve current needs but also scale smoothly as the business grows.
A big thank you to my team :)
