01
Greenfield SaaS platform
0→1 build for product-led or sales-led SaaS. Multi-tenancy strategy, billing integration (Stripe / Lago / Metronome), SSO, audit logs, observability — designed in from architecture.
Loading…
Custom Software · FORGE
SaaS Development.
Production multi-tenant SaaS platforms — multi-tenancy strategy, billing, identity, onboarding, scale. Engineered against the architectural decisions that decide whether the product survives Series B due diligence and the regulatory frame enterprise customers actually require.
- Practice
- Custom Software
- Department
- FORGE
The problem
Most SaaS platforms start single-tenant and pay for it through every customer migration after.
The pattern across SaaS engagements we audit: a v1 that shipped fast on a single-tenant Rails or Express monolith; first enterprise customer arrives and demands SSO, audit logs, custom subdomain, data residency; engineering pulls a quarter to retrofit; second enterprise customer arrives and wants something else; the codebase fragments. The architectural decisions that determine multi-tenancy, billing scope, and identity surface are typically made in week two and revisited every six months for the next three years.
Prosigns ships SaaS platforms with multi-tenancy strategy as primary scope from day one. Pooled vs siloed vs bridge tenancy decided up front against your roadmap. Billing model (usage / seat / hybrid) integrated with metering and revenue recognition. Identity layer that supports SSO, SCIM, and the audit trail enterprise procurement actually requires. Architecture decisions documented in writing; engineers who scope the build are the engineers who ship it.
Where it ships
5 use cases, in production.
Specific applications we’ve built and operated. Not speculative — every example below is grounded in a real shipped engagement.
- 02
12x
tenant onboarding speed
Single-tenant → multi-tenant migration
Refactor an existing single-tenant codebase to multi-tenant without disrupting customers. Tenant-isolation strategy (pooled / siloed / bridge), data migration, dual-running windows.
- 03
Enterprise-tier features
SSO (OIDC / SAML), SCIM provisioning, audit logs, custom roles, custom subdomain, data residency. The features enterprise procurement asks for in week two of a sales cycle.
- 04
Billing + revenue infrastructure
Usage-metering pipelines, seat-based billing, hybrid models, plan-change semantics, revenue-recognition integration. Built so finance doesn't have to reconcile in spreadsheets.
- 05
Multi-region SaaS
Region-aware architectures for data residency (GDPR, PIPEDA, regional sovereignty). Identity, payments, and compute distribution per regulatory frame.
How we engage
4 phases, named in the SOW.
Each phase has a deliverable, an owner, and an acceptance criterion. Not slogans — operating rules.
- 01
Multi-tenancy in writing
Pooled (shared schema, tenant_id), siloed (DB per tenant), or bridge (shared compute, isolated data) — decided on the whiteboard before code. Trade-offs documented; tenancy strategy survives the next decade rather than being relitigated every six months.
- 02
Identity + audit from day one
SSO, SCIM, audit logs, role-based access — designed in, not retrofitted before the first enterprise customer. Identity is the substrate every other enterprise feature inherits.
- 03
Billing as primary architecture
Usage metering, plan-change semantics, billing-event idempotency, revenue-recognition integration — engineered alongside the product, not bolted on. Stripe / Lago / Metronome / Chargebee / custom — picked by fit.
- 04
Operate to compound
Observability calibrated to tenant-level SLOs. Quarterly architectural review. Feature flags (Statsig / GrowthBook / LaunchDarkly) integrated for progressive delivery. The platform compounds value across customers when the substrate doesn't decay between releases.
Capabilities
What’s in scope.
- Multi-tenancy strategy: pooled / siloed / bridge with documented trade-offs
- Identity: SSO (OIDC / SAML), SCIM, audit logs, role-based access
- Billing: usage metering, seat-based, hybrid, plan-change semantics
- Multi-region architecture for data residency and regulatory frame
- Observability: tenant-aware SLOs, structured logging, distributed tracing
- Feature flags + progressive delivery for production rollouts
- Onboarding flows: self-serve, sales-assist, white-glove enterprise
- Compliance scope: SOC 2, ISO 27001, HIPAA-ready engagements
Stack
Tools we use in production.
- Languages
- TypeScriptPythonGoJavaKotlin
- Frameworks
- Next.jsReactRemixSpringFastAPI.NET
- Databases
- PostgreSQLMySQLMongoDBDynamoDBRedis
- Identity
- Auth0OktaWorkOSMicrosoft Entra IDCustom OIDC
- Billing
- StripeLagoMetronomeChargebeeOrb
- Cloud + ops
- AWSAzureGCPTerraformDatadogStatsig
Selected work
Quantified outcomes, not adjectives.
Common questions
Asked before the first call.
- 01
Pooled, siloed, or bridge tenancy?
Workload-dependent. Pooled (shared schema, tenant_id column) wins for high-volume / low-isolation needs. Siloed (DB per tenant) wins for regulated / sovereignty / very-high-isolation. Bridge (shared compute, isolated data) is the most common choice for enterprise SaaS — gets most of the operational simplicity of pooled with the data isolation of siloed. We document the trade-offs on the whiteboard before code.
- 02
Stripe, Lago, Metronome — which billing platform?
Use case dependent. Stripe wins for the broadest feature set and lowest integration cost. Lago and Metronome win for high-volume usage-based billing where Stripe's metering model doesn't scale. Chargebee wins when subscription-management ergonomics matter. Custom billing makes sense rarely, when the pricing model genuinely doesn't fit any platform. We assess and recommend in writing.
- 03
Can you migrate us from single-tenant to multi-tenant?
Yes — strangler-fig migration with documented rollback. We've migrated production SaaS from single-tenant Rails / Django / Laravel to multi-tenant architectures across 6–14 month engagements. Most cutovers land with under 30 minutes of total per-tenant downtime.
- 04
How do you handle SSO / SCIM for enterprise customers?
OIDC and SAML support designed in from day one. SCIM provisioning for the major IdPs (Okta, Microsoft Entra ID, OneLogin, JumpCloud). WorkOS as a fast path when integration time matters; native implementation when control matters. We tell you which fits.
- 05
What about SOC 2 / HIPAA from the start?
CITADEL co-pilots compliance scope from kickoff for engagements that will need it. SOC 2 Type II evidence pipelines, HIPAA Security Rule controls, ISO 27001 alignment — engineered into the architecture rather than retrofitted before audit. Most engagements ship with first-attempt audit pass.
- 06
What does a SaaS engagement cost?
Discovery + ADR: 4–6 weeks, $50K–$150K. Greenfield SaaS MVP: 5–9 months, $400K–$1.2M. Single-tenant → multi-tenant migration: 6–14 months, $700K–$2.5M. Enterprise-tier feature build (SSO + SCIM + audit + RBAC): 3–5 months, $250K–$700K. Managed Services for ongoing operations: $30K–$150K monthly retainer.
Within Custom Software
Other capabilities in this practice.
Talk to us
Bring a saas development problem. We’ll bring a senior engineer.
A senior engineer plus the FORGE department lead joins the first call. No discovery gauntlet, no junior reps.