Does LaunchDarkly support SSO?
LaunchDarkly supports single-sign on with SAML 2.0. All identity providers that support SAML 2.0 should work with our platform. We've tested support for the following SAML 2.0 identity providers:
- Azure Active Directory
- Google Apps
- Active Directory Federation Services (ADFS)
We have official apps already built for Okta, OneLogin, and Azure. See our documentation for complete setup instructions as well as configuration tips for some specific providers.
LaunchDarkly targeting lets you turn features on or off for individual users or groups of users. You can use the Targeting tab to roll features out for internal testing, private betas, or usability tests before performing a broader rollout. You can create your own rules to target who you want, when you want.
Learn more about targeting users in our documentation here.
Targeting by attribute
In addition to targeting individual users, LaunchDarkly allows you to set up targeting rules that target users by attribute.
Each rule has three parts: an attribute, an operator, and a user value. You can create as many custom targeting rules as you want for each feature flag and even perform percentage rollouts for each rule.
All users that have not been individually targeted or who are not targeted by a custom rule will be evaluated by the default rule.
Flag management dashboard
LaunchDarkly provides you with a centralized dashboard to manage the lifecycle of your features from local development, to QA, to production. Manage multiple different software projects with their own development environments.
Projects and environments to manage your development process
Projects allow you to manage multiple different software projects under one LaunchDarkly account. For example, you can create one project called Mobile App and another project called Web App. Each project will have its own unique set of environments and feature flags. By default, all team members in your LaunchDarkly account will have access to every project within that account.
Environments allow you to manage your feature flags throughout your entire development lifecycle — from local development to QA, staging, and production.
When you first sign up, you're provided with two environments within a project. By default, they're named Test and Production. Each environment has its own private SDK key, which is used to connect a LaunchDarkly SDK to a specific environment.
Each feature flag that you create has its own unique set of targeting rules for each environment. This means that you can change your flag rollout rules in a development or staging environment for QA testing before rolling out to production.
The Debugger: Real-time feature flag events
The debugger helps you test whether you've set up LaunchDarkly correctly. From the debugger, you can see your users' feature flag requests and events in real-time.
You can access the debugger from the sidebar. The debugger must be the active tab in its browser window in order for events to appear. You can have a second window open with your application, if you need to click around in your app in order to generate events.
Please note that in high-volume environments, the events sent to the debugger may be sampled. When this happens, you will see a subset of events on the debugger, instead of every event.
The debugger is helpful for troubleshooting that you're successfully sending events to LaunchDarkly and is not intended as a source of truth for the variations your users are receiving. The debugger displays real-time events only and does not keep a historical record of this data.
User dashboard and profiles
The user dashboard gives you a summary view of how each user sees all of the features your site, and lets you quickly tailor their experience from one screen. The data on the users dashboard is populated from the user data you send in
variationcalls, as well as data from
From the user dashboard, you can filter users by name, key, or e-mail address.
If you're an admin for your LaunchDarkly account, your Account Settings page will include a Team tab. Here, you can invite new team members to LaunchDarkly, remove old team members, or manage access controls for team members by setting roles.
LaunchDarkly has several different roles for team members:
- Readers— readers can see anything in LaunchDarkly, but can’t modify any data. This role is perfect for members of your organization that need visibility into your feature flags, but shouldn’t be able to modify rollout rules, or administer the system. Readers do not have access to view the account level access token.
- Writers— writers can modify feature flags, goals, environments and more. They can’t add new team members to the account, or manage your payment method or plans.
- Admins / owners— admins and owners have the same level of access. The owner role cannot be deleted.
If you need more fine-grained access controls, check out our Custom roles feature, available for Enterprise customers.
Custom roles to create granular permissions
LaunchDarkly's basic role-based permission system provides global access control levels for team members based on a set of built-in roles (reader, writer, or admin / owner). Customers on enterprise plans also have access to LaunchDarkly's custom roles system. Custom roles allow you to create flexible policies providing fine-grained access control to everything in LaunchDarkly-- from feature flags to goals, environments and teams. With custom roles, it's possible to enforce access policies that meet your exact workflow needs. For example, you can:
- Lock your production environment down to a small set of trusted users
- Distinguish infrastructure-level feature flags (controlled by your devOps team) from experiments (controlled by product management or marketing)
- Allow QA members to control feature flags on designated QA environments only
Our custom role system is inspired by AWS Identity and Access Management (IAM), so if you're familiar with IAM, you'll see a few similarities.
If you require any assistance with configuring custom roles, our support team is here to assist you.
Audit log to track feature flag changes
The audit log contains a record of all the changes made in LaunchDarkly. You can filter the audit log by timestamps, or search audit log entries.
The audit log always shows entries for a single environment-- to see the entries for other environments, use the environment switcher at the top of your sidebar.
You can also use our REST API to access the audit log. The paginated endpoint will include entries across all projects and environments, as well as account level changes.
Securing your account with multi-factor authentication (MFA)
LaunchDarkly offers multi-factor authentication as an added layer of security for all accounts.
Multi-factor authentication (MFA) improves the security of your account by requiring a second verification step in addition to your password to log in. In LaunchDarkly, you can enable multi-factor authentication for your individual account, which requires you to enter a verification passcode from a free authenticator application you install on your mobile device.
Administrators can also require all newly invited team members on the team to enable multi-factor authentication when they first log in.
We strongly recommend that all LaunchDarkly users enable MFA for their account, and that administrators enforce MFA for their entire team.