On this page

Initial Setup Guide of your Workspace

Initial setup guide for configuring your Statsig workspace, organization, projects, and team access permissions for new Enterprise deployments.

Organizations and their related features are for Enterprise contracts only. Reach out to the support team, your sales contact, or the Slack channel to enable Enterprise features.

How this guide is organized

This guide covers the essential configurations needed to get started with Statsig on an Enterprise plan. It's written for organization admins who need to set up the initial environment and configure access controls for their teams, and includes best practices to increase operational efficiency.

Statsig workspace structure

Statsig structure diagram

Statsig provides three constructs to help you organize your workspace.

Organization is an enterprise-level environment that allows companies to create project(s) and bring members to work inside the project.

Project is a workspace within the organization where the configs (for example, feature gates, experiments, layers), metrics, and SDK keys your team creates live.

Team is a group of members at the project level that can help your organization manage the permissions and ownership of resources.

In Statsig, each project within the organization is isolated from the others. Statsig doesn't share resources or data among different projects, even when they're part of the same organization.

The recommended structure for most customers is a single project within the organization, where multiple teams contribute and collaborate.

Different teams and functions can stay well-organized within a single project by using features such as teams, roles, tags, and templates. This structure also avoids costly migrations if projects ever need to be consolidated for cross-functional collaboration.

Statsig structure diagram anti pattern

Statsig has rich support for environments within resources. Creating multiple projects to manage lower environments separately from production is an anti-pattern.

Setup guide

Step 1: Setting up the organization

When you sign an enterprise contract with Statsig, Statsig provisions your existing account into an enterprise account.

After provisioning, Statsig adds the tab for Organization to your account along with additional security and governance settings.

Step 2: Setting up SSO

Statsig recommends configuring SSO (Single Sign-On) for your Statsig organization to reduce login steps and improve security.Statsig supports any Identity Provider that implements the OIDC protocol for SSO, such as Okta, Microsoft Entra ID, Google, and more. Also consider integrating SCIM (System for Cross-domain Identity Management) if you're using Okta as your identity provider.

Statsig assigns new users provisioned through SSO the Member role unless you're using SCIM.

Step 3: Creating your project

Organization project administration interface

A project in Statsig is a workspace that contains everything you and your team create, including configs (for example, feature gates, experiments, dynamic configs, layers), metrics, integrations, and more.

When creating a new project, you can set its type to Open, which allows anyone in the organization to join freely, or to Closed, which allows people to join only by invitation or request.

Step 4: Setting up roles

Project roles interface

Statsig assigns each person a role that defines their level of access within the project and organization. Review the permissions for each predefined role so you can assign the appropriate roles or create a custom role that aligns with your organization's needs.

Common examples of custom roles include a Metrics Admin (responsible for managing metrics) and a Data Warehouse Admin (in Warehouse Native projects, responsible for managing warehouse connections).

Step 5: Inviting your team to the organization

Project invite interface

After you configure SSO, your teams can join the Statsig organization by signing in from the console and completing the request flow within your identity provider.

If you haven't set up SSO, you can invite individual members to your organization or project in the console.

Step 6: Creating teams within the project

You can create Teams within the project to help with organization and ownership.

After you configure a team and add users, Statsig associates any configs created with the user's team and automatically inherits all default settings and templates from that team.

Team filter in experiments

Teams become particularly useful as multiple teams begin to use Statsig because teams help with organization and governance and provide a set of defaults that simplify onboarding of new users.

As a best practice, require all resource creations to be attached to a team and have team admins (for example, tech leads and engineering managers) add people to their teams so members can start creating configs and metrics.

Best practices

Setting up review policies

Review setting interface

Within Statsig, you can enable reviews for any changes to configs and metrics, requiring a reviewer to approve the change before it deploys to production.

You can customize your review policies to align with your organization’s needs. For example, you can set up a team of reviewers by giving their roles permission to approve reviews. You can also give certain roles (for example, on-call engineers) the ability to self-approve, or require reviews for the production environment only.

Each team also has team-level review settings that can require reviews for configs and metrics owned by a specific team, and allow only members or admins (with roles that permit approving reviews) of that team to approve the reviews.

Setting up your API keys

SDK environment interface

In Statsig, you have Client API Keys to initialize all Statsig client SDKs and Server Secret Keys to initialize all Statsig server SDKs.

Statsig recommends a "Crawl, Walk, Run" approach when configuring your API keys:

  • Crawl: Create API keys scoped to a specific environment within Statsig for environment-based evaluation.

  • Walk: Create different API keys for each frontend client (for example, iOS, Android, and Web).

  • Run: At scale, create separate API keys at the service level so each backend service and its environments have their own keys.

This setup works with Target Apps to unlock additional performance and security benefits.

Configuring Target Apps for API keys

Target apps interface

A target app is an attribute you can associate with your SDK keys and configs. Target apps let you precisely set the scope of configs accessible from each SDK key, which can also reduce payload size.Set up target apps as you scale Statsig usage for additional performance and security.

Setting up notifications

Statsig has a Slack integration that sends real-time notifications about activities, status changes, and other alerts directly to your Slack workspace.You can also configure email notifications for alerts, reviews, reports, and more.

Was this helpful?