🏢 archetype: enterprise-saas

Sell to enterprises without the cross-tenant breach.

Building multi-tenant B2B SaaS? GreatCTO auto-detects the enterprise-saas archetype and ships tenant isolation (RLS / schema-per-tenant), SSO + SCIM (Okta / Azure AD / WorkOS), immutable audit log, data residency, and SOC2 Type 2 gates from day one.

$ npx great-cto init Back to home ↗
What you avoid

The 5 enterprise-SaaS bugs that kill deals.

Without GreatCTO

  • Cross-tenant query leaks customer A data to customer B — auditor finds in week 1
  • No SSO support — every enterprise prospect stalls at security review
  • Audit log mutable in app DB — SOC2 CC7 fail
  • No data residency option — EU customers churn after Schrems II
  • Tier downgrade deletes data — paying customers lose trust
  • One incident · 6-month SOC2 re-audit · enterprise pipeline frozen.

With GreatCTO

  • enterprise-saas-reviewer enforces RLS on every PII table
  • WorkOS / SAML + SCIM at gate:ship for enterprise tier
  • Audit log → S3 Object Lock immutable + customer-exportable
  • Per-tenant region pinning · EU + US write paths separated
  • Tier downgrade preserves data 90d · Stripe metered reconciliation daily
  • Enterprise-ready from week 1 · SOC2 Type 2-clean.
Auto-applied gates

Detected: workos / samlify / @scim2/core
enterprise-saas archetype.

Compliance auto-suggested: soc2-type-2 · iso27001 · gdpr · ccpa. Specialist agents activated:

01 · enterprise-saas-reviewer

Tenant isolation + SSO

Row-level / schema-per-tenant / DB-per-tenant decision · Postgres RLS policies · SAML 2.0 + OIDC + SCIM · per-tenant IdP config · admin-impersonation audit trail · per-tenant rate limits.

02 · security-officer

SOC2 Type 2 controls

CC6.1 access control · CC7 system monitoring · CC8 change management · CC9 risk mitigation. Audit-log signing + retention. Vulnerability disclosure process.

03 · db-migration-reviewer

RLS-safe schema changes

Tenant-key migration safety · default-deny RLS policies · backfill safety · index strategy for multi-tenant queries · zero-downtime patterns.

04 · regulated-reviewer

GDPR + CCPA + DPA

Data Processing Agreements ready · sub-processors list maintained · GDPR Art. 17 erasure SLA · CCPA right-to-know + delete · ISO27001 SoA gap analysis.

Domain pack overlays

Likely to overlay on enterprise-saas.

Packs auto-attach when CLI detects pack-specific signals (e.g. twilio in deps → voice-pack). Each pack adds its own reviewer agents + human gates on top of the base archetype pipeline.

+ HR-AI
NYC LL 144 AEDT bias audit, EEOC, EU AI Act employment
+ API Platform
OAuth 2.1, webhook signing, idempotency, RFC 8594 Sunset
Real-world examples

Companies operating as enterprise-saas.

20 startups in this space. Click for full pack mapping.

Veeva Systems
Cloud software for life sciences
publicUS
Benchling
R&D cloud for life sciences
growthUS
Deel
Global hiring + payroll
growthUS
Doctolib
European medical-appointment platform
growthFR
Harver
AI-driven volume hiring
growthNL
HireVue
AI-driven video interviewing
growthUS
Iodine Software
AI for clinical revenue cycle
growthUS
Rippling
Workforce platform
growthUS
Spitch
Voice biometrics + speech analytics
growthCH
Workable
All-in-one recruiting software
growthGR
Eightfold
AI for talent intelligence
series-eUS
Glean
Enterprise AI search
series-eUS
Personio
HR platform for European SMBs
series-eDE
Uniphore
Conversational AI for enterprise
series-eUS
Beamery
Talent lifecycle management
series-dGB
Cresta
AI for contact centers
series-dUS
Greenhouse
Hiring software for growing teams
series-dUS
Phenom
Talent experience platform
series-dUS
Ashby
All-in-one hiring platform
series-cUS
Cognigy
Enterprise conversational AI
series-cDE

Listed companies operate in this space. Inclusion is based on publicly available product descriptions and does not imply endorsement of or by GreatCTO.

30 seconds

Drop into any B2B SaaS / multi-tenant Next.js / Django / Rails repo.

$ npx great-cto init
no signup·runs locally·pay your own API