Setting up SSO via SAML 2.0
LaunchDarkly supports the following SAML 2.0 identity providers:
- Azure Active Directory
- Google Apps
- Active Directory Federation Services (ADFS)
See our documentation for complete setup instructions as well as configuration tips for specific providers.
LaunchDarkly targeting lets you turn features on or off for individual users or groups of users. You can use the Targeting tab to roll features out for internal testing, private betas, or usability tests before performing a broader rollout. You can create your own rules to target who you want, when you want!
Controlled and percentage rollouts
The Targeting tab allows you to roll a feature out to a percentage of your user base. For example, you can roll a feature out to 1% of users, then gradually scale up to 100% as confidence in the feature increases. LaunchDarkly’s rollouts ensure that a user will always see the same version of a feature until the rollout changes. Top tech companies have termed this a canary release – exposing features to some subset of users (whether it be opt-in, random rollout, or specific segments) is now used to describe what was once a beta.
- Microsoft: In development of Windows 10, Microsoft used “canary” releases to test with internal users within Microsoft. Gabe Aul, who leads the Data & Fundamentals Team in the Operating Systems Group (OSG), said “our Canary ring probably sees 2X-3X as many builds as OSG because we catch problems in Canary and don’t push to OSG.”
- Instagram: “Using ‘canary’ releases, updates go out to a subset of users at first, limiting the ability of buggy software to do damage.” Mike Krieger, Instagram co-founder and CTO, said he uses canary releases because “If stuff blows up it affects a very small percentage of people”.
- Google: For Chrome, Google offers Chrome Canary, which it labels with “Get on the bleeding edge of the web, Google Chrome Canary has the newest of the new Chrome features. Be forewarned: it’s designed for developers and early adopters, and can sometimes break down completely.”
Percentage and Controlled Rollouts – Consistent Hashing
To decide which variation to show to a user, you pass us a unique identifier for that user (like a primary key or UUID) that would be consistent throughout your system. Now, when you request a flag that has a percentage rollout, say 20%, we take that key and hash it to a number between 0 and 100. This is a deterministic, consistent hash, so that user will always be bucketed that way across all your nodes.
Custom targeting rules
In addition to targeting individual users, LaunchDarkly allows you to target segments of users by constructing custom rules.In other words, you can create custom rules to target users based on any attributes you send us.
Each rule has three parts: an attribute, an operator, and a user value. You can create as many custom targeting rules as you want for each feature flag and even perform percentage rollouts for each rule.
All users that have not been individually targeted or who are not targeted by a custom rule will be evaluated by the default rule.
Flag management dashboard
LaunchDarkly provides you with a centralized dashboard to manage the lifecycle of your features from local development, to QA, to production. Manage multiple different software projects with their own development environments.
Projects and environments to manage your development process
Projects allow you to manage multiple different software projects under one LaunchDarkly account. For example, you can create one project called Mobile App and another project called Web App. Each project will have its own unique set of environments and feature flags. By default, all team members in your LaunchDarkly account will have access to every project within that account.
Environments allow you to manage your feature flags throughout your entire development lifecycle — from local development to QA, staging, and production.
When you first sign up, you're provided with two environments within a project. By default, they're named Test and Production. Each environment has its own private SDK key, which is used to connect a LaunchDarkly SDK to a specific environment.
Each feature flag that you create has its own unique set of targeting rules for each environment. This means that you can change your flag rollout rules in a development or staging environment for QA testing before rolling out to production.
Dev console to see real-time feature flag events
The dev console helps you test whether you've set up LaunchDarkly correctly. From the console, you can see your users' feature flag requests and events in real-time.
You can access the dev console from the sidebar. The filter buttons allow you to isolate specific events (like clicks or pageviews) or pinpoint errors and warnings, which represent problems with the data being sent to LaunchDarkly.
The dev console must be the active tab in its browser window. You can have a second window open with your application, if you need to click around in your app in order to generate events.
Please note that in high-volume environments, the events sent to the dev console may be sampled. When this happens, you will see a subset of events on the dev console, instead of every event.
User dashboard and profiles
The user dashboard gives you a summary view of how each user sees all of the features your site, and lets you quickly tailor their experience from one screen. The data on the users dashboard is populated from the user data you send in
variationcalls, as well as data from
From the user dashboard, you can filter users by name, key, or e-mail address.
If you're an admin for your LaunchDarkly account, your Account Settings page will include a Team tab. Here, you can invite new team members to LaunchDarkly, remove old team members, or manage access controls for team members by setting roles.
LaunchDarkly has several different roles for team members:
- Readers— readers can see anything in LaunchDarkly, but can’t modify any data. This role is perfect for members of your organization that need visibility into your feature flags, but shouldn’t be able to modify rollout rules, or administer the system. Readers do not have access to view the account level access token.
- Writers— writers can modify feature flags, goals, environments and more. They can’t add new team members to the account, or manage your payment method or plans.
- Admins / owners— admins and owners can do pretty much everything on the site. Owners can’t be removed from the account.
If you need more fine-grained access controls, check out our Custom roles feature.
Custom roles to create granular permissions
LaunchDarkly's basic role-based permission system provides global access control levels for team members based on a set of built-in roles (reader, writer, or admin / owner). Customers on enterprise plans also have access to LaunchDarkly's custom roles system. Custom roles allow you to create flexible policies providing fine-grained access control to everything in LaunchDarkly-- from feature flags to goals, environments and teams. With custom roles, it's possible to enforce access policies that meet your exact workflow needs. For example, you can:
- Lock your production environment down to a small set of trusted users
- Distinguish infrastructure-level feature flags (controlled by your devOps team) from experiments (controlled by product management or marketing)
- Allow QA members to control feature flags on designated QA environments only
Our custom role system is inspired by AWS Identity and Access Management (IAM), so if you're familiar with IAM, you'll see a few similarities.
Audit log to track feature flag changes
The audit log contains a record of all the changes made in LaunchDarkly. You can filter the audit log by timestamps, or search audit log entries.
The audit log always shows entries for a single environment-- to see the entries for other environments, use the environment switcher at the top of your sidebar.
Securing your account with multi-factor authentication (MFA)
LaunchDarkly offers multi-factor authentication as an added layer of security for all accounts.
Multi-factor authentication (MFA) improves the security of your account by requiring a second verification step in addition to your password to log in. In LaunchDarkly, you can enable multi-factor authentication for your individual account, which requires you to enter a verification passcode from a free authenticator application you install on your mobile device.
Administrators can also require all newly invited team members on the team to enable multi-factor authentication when they first log in.
We strongly recommend that all LaunchDarkly users enable MFA for their account, and that administrators enforce MFA for their entire team.