Enterprise Features
Built-in enterprise capabilities for authentication, provisioning, multi-tenancy, and compliance - no additional configuration required
The .do platform provides enterprise-grade capabilities out of the box. When you build on .do, your application automatically inherits enterprise features that typically take months to build and maintain.
What's Included
Every application on the .do platform automatically gets:
- Enterprise Authentication - SSO with 50+ identity providers (Okta, Microsoft Entra, Google Workspace, etc.)
- RBAC & Fine-Grained Authorization - Role-based access control with automatic enforcement across your entire application
- Vault & Secrets Management - Built-in secrets storage with encryption, rotation, and audit trails
- Automatic User Provisioning - SCIM-based directory sync with real-time updates
- Multi-Tenancy - Secure organization isolation with per-tenant data and configuration
- Self-Service Admin Portals - IT admins can configure integrations without developer involvement
- Audit Logging - Comprehensive event tracking for SOC 2, HIPAA, and GDPR compliance
Why This Matters
For Developers
Build faster: Skip months of authentication and compliance infrastructure work. Focus on your core product.
Stay secure: Enterprise security is hard to get right. The platform handles authentication, encryption, and audit logging automatically.
Scale effortlessly: Multi-tenancy, rate limiting, and resource isolation are built-in. Your app is enterprise-ready from day one.
For Enterprises
Deploy confidently: Meet security and compliance requirements (SOC 2, HIPAA, GDPR) without custom development.
Reduce IT overhead: Self-service admin portals mean IT teams configure SSO and directory sync themselves - no support tickets.
Maintain control: Centralized user management through existing identity providers. Enforce MFA, conditional access, and security policies.
How It Works
The .do platform integrates enterprise features at the infrastructure level. When you use platform primitives, enterprise capabilities are automatically available:
// Authentication is built into the platform
on($.User.login, async ({ email }) => {
// Platform automatically:
// - Checks for SSO connection based on email domain
// - Routes to appropriate identity provider
// - Handles SAML/OAuth flows
// - Creates/updates user record
// - Logs authentication event for audit trail
})
// Multi-tenancy is automatic
const projects = await db.list($.Project)
// Platform automatically:
// - Scopes query to current organization
// - Enforces row-level security
// - Applies resource quotas
// - Tracks usage per organization
// Audit logging is automatic
await $.Project.update(projectId, { name: 'New Name' })
// Platform automatically:
// - Logs who made the change
// - Records what changed (before/after)
// - Captures IP address and location
// - Stores for compliance retention periodEnterprise-Ready by Default
Unlike building on traditional infrastructure where you must implement each capability separately, the .do platform provides enterprise features as first-class primitives:
| Capability | Traditional Approach | .do Platform |
|---|---|---|
| SSO | Integrate auth library, handle 50+ IdP variations, maintain SAML/OAuth implementations | Automatic - users authenticate via their company IdP |
| Authorization | Build permission system, implement RBAC, add checks everywhere | Automatic - roles and permissions enforced platform-wide |
| Secrets | Deploy vault, manage encryption keys, implement rotation | Automatic - built-in vault with encryption and rotation |
| Provisioning | Build SCIM endpoints, handle webhooks, sync users/groups | Automatic - directory changes sync in real-time |
| Multi-tenancy | Design data model, implement isolation, add org context to every query | Automatic - all data scoped to organizations |
| Admin Portals | Build UI for SSO config, add support workflows, handle IdP variations | Automatic - self-service portals for IT admins |
| Audit Logs | Instrument every action, build storage, implement retention, create reports | Automatic - all actions logged for compliance |
Getting Started
Enterprise features are enabled automatically when you build on the platform. No special configuration required.
1. Build Your Application
Use platform primitives as you normally would:
// Define your data model
const Project = $.define({
name: 'Project',
fields: {
name: $.String,
description: $.Text,
status: $.Enum(['active', 'archived'])
}
})
// Create resources
await $.Project.create({
name: 'Acme Website Redesign',
description: 'Q1 2025 website refresh'
})2. Enable Enterprise Features
When a customer wants enterprise features, they simply:
- Configure SSO - IT admin uses self-service portal to connect their IdP
- Enable Directory Sync - Users automatically provisioned from their directory
- Verify Domain - Prove ownership of company domain (acme.com)
That's it. No code changes required.
3. Monitor & Maintain
The platform handles:
- Authentication flows
- User provisioning/deprovisioning
- Audit log collection and retention
- Compliance reporting
- Security updates
You focus on your product features.
Architecture
The platform provides enterprise capabilities through a layered architecture:
Your Application uses platform primitives without worrying about enterprise requirements.
Platform Layer intercepts operations and automatically applies enterprise features (authentication, authorization, logging).
Enterprise Services handle integration with customer identity providers, directories, and compliance systems.
Security Model
The platform implements a defense-in-depth security model:
1. Identity Layer
- SSO with major identity providers
- Multi-factor authentication (MFA)
- Conditional access policies
- Session management
2. Authorization Layer
- Role-based access control (RBAC)
- Fine-grained permissions
- Resource-level policies
- Organization isolation
3. Data Layer
- Encryption at rest and in transit
- Row-level security
- Data residency controls
- Automatic backups
4. Audit Layer
- Comprehensive event logging
- Tamper-proof audit trails
- Compliance reporting
- Real-time alerting
Compliance
The platform helps you meet compliance requirements:
SOC 2 Type II
- Access controls and authentication
- Encryption and data protection
- Audit logging and monitoring
- Change management
- Vendor management
HIPAA
- PHI access logging
- Encryption requirements
- Audit trail requirements
- Access controls
GDPR
- Data subject rights (access, deletion)
- Consent management
- Data processing records
- Data breach notification
ISO 27001
- Information security management
- Risk assessment
- Access control
- Audit logging
Performance
Enterprise features are designed for scale:
- Authentication:
<100msSSO redirect time - Authorization:
<10mspermission checks - Audit Logging:
<1msoverhead per operation - Multi-tenancy: Zero performance impact with proper indexing
Cost Model
Enterprise features are included in platform pricing:
- No per-seat fees - Unlimited users within your subscription
- No per-connection fees - Unlimited SSO connections
- No audit log fees - Comprehensive logging included
- No compliance fees - Platform compliance inherited
You pay for platform resources (compute, storage, bandwidth), not enterprise features.
Migration Path
Moving to the platform from existing infrastructure:
From Custom Auth
// Before: Custom authentication
app.post('/login', async (req, res) => {
const user = await validateCredentials(req.body)
const token = generateToken(user)
res.json({ token })
})
// After: Platform authentication (automatic SSO, MFA, audit logging)
on($.User.login, async ({ email }) => {
// Platform handles everything
})From Manual Provisioning
// Before: Manual user creation
app.post('/users', requireAdmin, async (req, res) => {
const user = await db.users.create(req.body)
await sendWelcomeEmail(user)
res.json({ user })
})
// After: Automatic provisioning (synced from directory)
on($.Directory.user.created, async ({ user }) => {
// Platform creates user automatically
// Platform sends welcome email
// Platform assigns default permissions
})From Custom Audit Logs
// Before: Manual audit logging
await db.auditLogs.create({
userId: req.user.id,
action: 'project.updated',
resource: projectId,
changes: diff(oldProject, newProject)
})
// After: Automatic audit logging
await $.Project.update(projectId, { name: 'New Name' })
// Platform logs automatically with full contextBest Practices
1. Trust the Platform
Don't re-implement enterprise features. Use platform primitives and let the platform handle authentication, authorization, and audit logging.
2. Organization-First Design
Design your data model with organizations as the top-level tenant. The platform enforces isolation automatically.
3. Semantic Patterns
Use semantic triples ($.Subject.predicate.Object) for clear, auditable operations.
4. Explicit Permissions
Define permissions using platform roles rather than custom logic. Easier to audit and maintain.
5. Configuration Over Code
Use platform configuration for enterprise features rather than conditional code paths.
Next Steps
Explore specific enterprise capabilities:
- Authentication - SSO, MFA, and identity integration
- RBAC & Authorization - Role-based access control and fine-grained permissions
- Vault & Secrets - Secure secrets management with encryption and rotation
- User Provisioning - Automatic directory sync
- Multi-Tenancy - Organization isolation and management
- Admin Portals - Self-service configuration
- Compliance - Audit logging and reporting
Support
Enterprise features are fully supported:
- Documentation: Comprehensive guides and examples
- Support: Enterprise support included with platform subscription
- Monitoring: Built-in dashboards for authentication, provisioning, and audit logs
- Updates: Security updates and feature enhancements automatic
Building enterprise software is complex. The .do platform makes it simple by providing enterprise capabilities as infrastructure. Focus on your product - we handle the enterprise requirements.