Building LaunchDarkly at Scale with Self Service

"Before releasing LaunchDarkly to our customer base, we implemented a Self Service process that allowed us to control the intake process for User Account and Project creation, and allow for self-governing Single Sign On to Custom Role mapping.

Knowing that if we released LaunchDarkly directly to the enterprise; we were concerned that one or more people would have the sole job of managing access to the platform. After the initial setup, additional users to projects or roles would be the responsibility of the team, and we would no longer be able to control seats or how many custom roles are created. This lead us to create the Project Self Service Process.

Using Terraform, Gitlab-CI, Ansible, and Okta we set up a one stop process to handle the following:

• Project Creation
• Creates a Project for the user
• Custom Role Creation and Maintenance
• 3 Custom Roles (Admin, Write, Read) along with the ability to set up future Custom Roles for the Project
• The Custom Roles are all tied to Active Directory Global Groups and Synced with Okta
• Single Sign On via Okta
• Okta then maintains Single Sign On for the Project's user base through the Global Group permissions.
• Users are signed into their Custom Roles via the console
• Reporting for Seat License and Client Side MAU chargebacks per Cost Center

All of this is achieved through a single JSON object that the user fills out, and creates a Merge Request for. Once merged, gitlab-ci runs a series of terraform to do the project creation, and Ansible to make API calls to Active Directory and Okta. Future reporting is all done via Ansible and bash to pull the necessary numbers and output them into CSV files by cost center to be handed off to the appropriate Finance teams.

This allows our area to control who has access to LaunchDarkly and the ability to find out exactly what their entitlement is. We are easily able to see exactly who to contact if a user is no longer using LaunchDarkly and ask for their removal from appropriate Global Group entitlement. The future state may automate this management process. "