FeatureSignals

Enterprise Onboarding

Your guided path to running FeatureSignals Enterprise in production. This 4-week onboarding plan covers SSO setup, organization structure, team provisioning, security review, and go-live — with a dedicated solutions engineer supporting you at every step.

Your Solutions Engineer

Every Enterprise customer is paired with a named solutions engineer who knows your stack, your compliance requirements, and your timeline. They're available via a dedicated Slack channel with a 1-hour response SLA for P1 issues. You are never alone in this process.

Organization Structure

Before creating flags, define your organization's structure. FeatureSignals uses a hierarchical model that maps naturally to how engineering teams work:

Organization (your company)
├── Project: webapp
│   ├── Environment: development
│   ├── Environment: staging
│   └── Environment: production
├── Project: mobile-app
│   ├── Environment: development
│   └── Environment: production
└── Project: backend-services
    ├── Environment: staging
    └── Environment: production
  • Organization — Top-level tenant boundary. Billing, SSO, and global settings live here.
  • Project — Maps to an application or service. Flags and segments are scoped to a project.
  • Environment — Development, staging, production, or custom. Flag values can differ per environment.

SSO Setup

FeatureSignals supports SAML 2.0 for single sign-on. Here's the typical setup flow:

  1. Initiate setup — From FlagEngine, navigate to Settings → Organization → SSOand click “Configure SAML.”
  2. Exchange metadata— Provide your IdP's SAML metadata XML. FeatureSignals returns its SP metadata for your IdP configuration.
  3. Map attributes — Map SAML assertions (email, name, groups) to FeatureSignals user attributes.
  4. Test — Use the test mode to verify authentication before enforcing SSO for all users.
  5. Enforce — Once verified, enable SSO enforcement. Existing password-based users are migrated to SSO authentication.

SCIM Provisioning

SCIM 2.0 automates user provisioning and deprovisioning. When someone joins your team, they get FeatureSignals access automatically. When they leave, access is revoked across all systems:

  • Create users in your IdP → automatically provisioned in FeatureSignals
  • Add users to IdP groups → automatically assigned FeatureSignals roles
  • Remove users from IdP → automatically deactivated in FeatureSignals
  • Supported IdPs: Okta, Azure AD, OneLogin, JumpCloud, and any SCIM 2.0-compatible provider

4-Week Onboarding Plan

Week 1: Setup & Configuration

  • Create your FeatureSignals Enterprise organization
  • Configure SAML SSO with your identity provider (Okta, Azure AD, Google Workspace, etc.)
  • Set up SCIM provisioning for automated user lifecycle management
  • Define your organization structure — projects, environments, and naming conventions
  • Configure IP allowlisting to restrict dashboard and API access

Week 2: Integrations & Security

  • Create custom IAM roles matching your team's permission model
  • Set up audit log export to your SIEM or data warehouse
  • Configure webhook endpoints for flag change notifications
  • Complete security questionnaire and review shared responsibility model
  • Integrate SDKs into your application stack (one environment at a time)

Week 3: Migration & Training

  • Migrate existing flags from your current provider or homegrown solution
  • Set up Terraform/Pulumi/Ansible for IaC flag management
  • Train your engineering team on flag lifecycle best practices
  • Configure the AI Janitor for automatic stale flag detection
  • Create your first percentage rollout targeting rule

Week 4: Go-Live & Handoff

  • Run the production readiness checklist (see below)
  • Schedule a joint go-live war room with FeatureSignals support
  • Verify monitoring dashboards and alerting thresholds
  • Document your internal flag management runbook
  • Quarterly business review scheduled with your solutions engineer

Go-Live Checklist

Before flipping the switch in production, verify every item on this list:

1All SAML/SCIM users can successfully authenticate
2IP allowlisting is enabled and verified from an external IP
3Custom IAM roles are assigned and tested by each team
4Audit logs are flowing to your SIEM
5SDKs are returning correct flag evaluations in staging
6At least one percentage rollout has been tested end-to-end
7Rollback procedure has been documented and practiced
8On-call rotation is aware of FeatureSignals escalation path
9Production flag change notifications are reaching the right Slack channel
10Backup admin account (non-SSO) exists for emergency break-glass access

Warning

Keep a non-SSO backup admin account. If your IdP experiences an outage, you still need access to FeatureSignals to manage flags during the incident. Store these credentials in your company's emergency access vault.

Learn More