Selling to the Enterprise: Be Enterprise-Ready

We’ve written before that building a product that users will love and customers will buy is kind of like dating or marriage. Two people need to capture the magic of aligning what they bring to the table with what the other is seeking. It’s an opaque, situation-specific dance, not an algebra equation that you can crank through.

But just like dating, there are certain boxes that you can check as you build your product that will absolutely make you more appealing to enterprise customers in particular. Selling to the enterprise is a key step in moving up-market and has a number of inherent benefits related to business efficiency, net dollar retention, and brand recognition. In this post we’ll lay out some of the most important enterprise features to add to your product. The activities listed here will help you move up-market, as surely as brushing your teeth and having good hygeine will help you land a hot date.

Here’s the list:

  • Build with the assumption of Role-Based Access Controls (RBAC) from day 1; the code for all CRUD actions in your product should have a check against permissions, even if those permissions don’t exist yet.
  • Add SSO with several providers, and make sure that you support top providers such as Google, Okta, Microsoft, and others.
  • Where possible, configure your user, group, and company account data models to support many-to-many relationships and arbitrary hierarchies from day one. The enterprise world is filled with a huge diversity of organizational structures, and any rigidity in how users and organizations are configured will present a roadblock. For example, consulting firms who help integrate your product may want to have a set up where one consultant can log in to multiple customers’ accounts (and have different roles in each). Retrofitting your product to support this can be painful.
  • Build out a complete logging system – log all of the logins / signups to your product, with metadata on where they’re coming from. At least have a code hook for all CRUD actions that can be taken within your app; you don’t need to log them all, but you should have the ability to add logging for them if needed in the future.
  • If you have a major workflow (say, publishing a project to production), add approval flows around it or assume that you’ll need to in the future.
  • Build flexible data retention policies if you’re storing data on behalf of your customers. Enterprises have many regulatory needs that can lead to wildly different requirements (eg you must delete user data as soon as a user is removed from the system, or you must keep it archived for 3 years for reporting reasons).
  • For your analytics features, allow reports to be built, scheduled, and exported via email on a regular basis. This is a standard way that many organizations handle upward reporting at enterprise companies.
  • Build your product to be accessible, especially if you have a b2b2c model. Many enterprise companies need to ensure accessibility by law.
  • Make sure that you get the right certifications done. This includes SOC 2 Type 2, ISO 27001 (check out a company like Vanta or its competitors), and a regular penetration test from 3rd party security researchers.
  • Hire a lawyer or find good counsel who can help you navigate local privacy laws like GDPR / CCPA or negotiate a Data Processing Agreement. This is often a requirement to sell large enterprise contracts.


You don’t need to rush to do everything on this list, but you should be aware that these features and activities matter. My recommendation:

  • Take these steps when prompted. If Apple or the US Army show up saying that they need you to build better permissions, assume that they’re the first of many customers you can apply this to. The asks that you’re getting for better RBAC are an invitation to move up-market.
  • Take these steps when it’s convenient. For example, if you hit the end of your roadmap, checking these boxes is a great way to make forward progress without lengthy product or market discovery.