WCase Study

Enterprise platform · governance foundation

Reimagining Enterprise Administration

Whatfix's enterprise customers run dozens of workspaces. The administration model was built for one. This is the story of moving from workspace-first administration to an organization-first governance model — a single Control Center that decouples administrative effort from workspace growth and prepares the platform for content and AI governance.

01

10+

Enterprise accounts asking

02

8–15

Workspaces per account today

03

20–40+

Projected near-term scale

04

7

Configurations duplicated per workspace

Begin with the current state
01Where we started

Administration is workspace-first. Enterprises are organization-first.

Every workspace independently manages identity, access, branding, integrations, and content. As accounts scale into dozens of workspaces, the same setup is repeated, and the same configurations drift quietly between environments.

Existing administration model · administrative activities occur independently within each workspace.Board · existing workflow

What the board shows

Five workspaces. Four account managers. The same seven controls duplicated across every environment. The diagram is the diagnosis.

What is duplicated

User access · SSO · SCIM · Branding · Roles & permissions · Content · Integrations.

How it scales

Today: 8–15 workspaces per enterprise account. Projected: 20–40+. The duplication compounds.

As workspace count increases, administration complexity grows proportionally.
Recurring signal · validation interviews
02Context and opportunity

Why this initiative exists

The Context board captures the moment in one frame — the workspace-centric model, the customer signals that triggered the work, and the business outcomes the new model is asked to deliver.

Context and opportunity · the brief, the signals, and the outcomes — captured on a single board.Board · context & opportunity
Customer signals extracted from the board

Customers wanted

  • Organization-level administration
  • Delegated administration
  • Global branding and templates
  • Centralized user management

Customers requested

  • Configure once, apply everywhere
  • Shared SSO and identity
  • Compliance-driven governance
  • Cross-workspace visibility
Business opportunity from the board

Compliance

Configuration drift between workspaces creates audit risk. The new model enforces consistency at organization scope.

Operations

Administrative effort scales linearly with workspace count today. The new model removes the spillover.

Expansion

Workspace growth is the largest expansion vector. Removing administrative friction unblocks the natural expansion path.

Voice of the enterprise

Recurring themes from the validation interviews captured on the Context board.

UberMobility · Global
Changes made at the admin level should apply to all workspaces.
Theme · Configure once
MarriottHospitality · Global
Centralized theme management — brand cannot drift.
Theme · Global branding
CaterpillarIndustrial · Global
Automated SSO setup across workspaces.
Theme · Shared identity
Fortune-100 BankFinancial services
Compliance has to be enforced at the org, not requested at each workspace.
Theme · Compliance-driven governance
Global SaaS leaderEnterprise software
Delegated administration — let the centre set policy, let teams own execution.
Theme · Delegated administration
Healthcare networkMulti-region
We need cross-workspace visibility to know what good looks like.
Theme · Cross-workspace visibility

Validation interviews across 10+ enterprise accounts. Quotes paraphrased and themed.

03Diagnosis and principles

From four broken heuristics to five governing principles

The diagnosis board maps each customer pain to a UX heuristic the current architecture violates. The principles board inverts each failure into a guiding rule.

First, the diagnosis

Four problems · each captured as Principle Violated · Observation · Impact.Board · key UX problems

Extracted from the board

01

Fragmented configuration ownership

Violates · Mental model alignment

Unclear ownership, governance fragmentation, operational overhead.

02

Poor discoverability

Violates · Recognition over recall

Increased search effort, navigation complexity, lower feature uptake.

03

Duplicate setup effort

Violates · Efficiency of use

Repetitive work, maintenance load, higher error probability.

04

High cognitive load

Violates · Minimise user memory load

Slower decisions, missed alerts, audit failures as scale grows.

Each principle is the inverse of a failure above. Together they define the model the rest of the system inherits.

Then, the model

Five governance-first principles · each paired with an inheritance diagram.Board · design principles
01

Single source of truth

Organization-wide settings managed from one place.

Resolves

Fragmented ownership

02

Flexible governance

Centralized control where consistency matters; workspace autonomy where it doesn't.

Resolves

The dual customer ask

03

Configure once, inherit everywhere

Global configurations propagate automatically; overrides are deliberate.

Resolves

Duplicate setup

04

Enterprise scalability

Administrative effort decouples from workspace count.

Resolves

The growth curve

05

Recognition over recall

Navigation organised around governance domains, not settings categories.

Resolves

Poor discoverability

04Industry validation

Four benchmarks, three patterns, one direction

The benchmarking board pressure-tests the principles against how the strongest enterprise platforms in the world handle the same problem.

Industry benchmarking · the patterns each platform is known for, and the lesson it carries.Board · industry benchmarking

Takeaways extracted from the board

Slack

Studied

Pattern

Organization → Workspaces

Takeaway

Separating organizational governance from workspace operations creates clearer ownership and reduces duplication.

Validates

Single source of truth

Atlassian

Studied

Pattern

Domain-based administration

Takeaway

Organising admin by responsibility improves discoverability and scales with the platform.

Validates

Recognition over recall

Microsoft

Studied

Pattern

Unified administrative control plane

Takeaway

Centralized visibility lets administrators act without navigating multiple management surfaces.

Validates

Configure once, inherit everywhere

Okta

Studied

Pattern

Centralized identity & security

Takeaway

Critical security controls governed globally ensure consistency, compliance, lower overhead.

Validates

Flexible governance

Three patterns, four platforms, one direction. The benchmarks did not invent the model — they confirmed it.

05The architectural shift

A governance layer above workspaces

Rather than retrofit governance into each workspace, the model introduces an organization-first layer above the workspace plane. Configuration flows top-down; operations stay distributed.

The architectural diagram

Proposed workflow · creating a governance layer above workspaces while preserving operational flexibility.Board · proposed workflow

Reading the diagram, top to bottom

  1. Step 01

    Today: workspace-first

    Every workspace independently manages every setting. Effort scales 1:1 with workspaces.

  2. Step 02

    Introduce the organization admin layer

    A single ownership model emerges. Org admins set policy; workspace admins execute.

  3. Step 03

    Build the Organization Control Center

    The operational expression of the model — a single surface for governance and visibility.

  4. Step 04

    Apply workspace inheritance

    Workspaces inherit configuration by default. Overrides are deliberate, visible, audit-logged.

What this enables

01

Configure once

02

Centralized governance

03

Controlled flexibility

04

Enterprise scalability

The same shift, by problem
Problem → Solution mapping · connecting customer pain to product decisions.Board · problem → solution mapping
Problem01

Fragmented ownership

Solution

Organization admin

Problem02

Duplicate setup

Solution

Configure once

Problem03

Configuration drift

Solution

Central governance

Problem04

Hidden controls

Solution

Domain navigation

Problem05

Scaling complexity

Solution

Enterprise scalability

06The architectural answer

The Organization Control Center.

Every signal, principle, and benchmark above resolves into this single surface. One organization-health view, four governance domains, three primitives every module inherits.

Organization Control Center · operationalising centralized governance.Board · admin dashboard
What you’re looking at

Above the modules

Organization Health

Adoption and utilization across all workspaces. The view that lets an organization admin understand the state of the entire estate at a glance.

The structure

Four governance domains

Users & Workspaces · Setup & Security · Branding & Experience · Update Center. Each is a responsibility, not a settings category.

The model

Inheritance, delegation, domain navigation

Three primitives propagate through every module. Inheritance flows top-down. Delegation is explicit, scoped, revocable. Domain navigation is by responsibility.

Each domain, in depth

Four domains. Four responsibilities. One inheritance model.

These are not screens. Each domain is a governance responsibility — defined by what it owns, how it inherits, and why it must live at organization scope.

01Governance domain
1 of 4

Users & Workspaces

Identity is organizational. Workspaces are scoped from it.

Why this exists

Enterprises operate dozens of workspaces. Putting users, roles, and delegation at the workspace level fragments ownership and breaks at scale.

Why at organization level

Users belong to people, not workspaces. Identity, role, and delegation are organizational concepts. Org-scope ownership is the only model that holds at enterprise scale.

Governance responsibility

Manage organizational structure, delegation, and access. Org-level users · workspace creation, archive, structure · delegated administration · cross-workspace visibility.

Inherited behavior

Users belong to the organization. Workspace membership and role are scoped from there. Delegation is explicit — a workspace can be granted autonomy, but never silently.

EmbodiesSingle source of truth
ResolvesFragmented configuration ownership
02Governance domain
2 of 4

Setup & Security

Security posture is consistent or it is not security.

Why this exists

Security controls re-implemented per workspace cannot be trusted. Compliance, audit-readiness, and identity all break when posture varies by environment.

Why at organization level

A single workspace cannot weaken the org posture. Critical security controls — SSO, SCIM, tokens, audit — must be governed globally to be defensible.

Governance responsibility

Identity, authentication, integrations, governance. SSO/SAML · SCIM provisioning · API tokens and audit log · integration governance.

Inherited behavior

Security posture is set at the organization. Workspaces inherit by default; localised exceptions are audit-logged and reviewable from the centre.

EmbodiesConfigure once, inherit everywhere
ResolvesDuplicate setup effort
03Governance domain
3 of 4

Branding & Experience

Brand cannot drift between workspaces.

Why this exists

Re-implementing branding per workspace creates drift. End-user experience varies by environment, customers feel the inconsistency, and the org loses brand control.

Why at organization level

Brand is an organizational asset. Governing it centrally protects customer experience and removes the burden of per-workspace re-implementation.

Governance responsibility

Theme, localisation, end-user experience standards. Global theme tokens · localisation and language defaults · widget branding and templates · enterprise preview.

Inherited behavior

Brand tokens cascade from organization to workspace. A workspace can override a sub-token, never the whole theme — drift becomes a deliberate, surfaced decision.

EmbodiesFlexible governance
ResolvesConfiguration drift
04Governance domain
4 of 4

Update Center

Operational change is coordinated at organization scope.

Why this exists

Decentralised release management produces version drift and risk. Operational signals are lost in workspace noise. Org-level coordination removes both problems.

Why at organization level

Releases, advisories, and operational state belong to the platform, not to a workspace. The organization is the only scope where coordination is possible.

Governance responsibility

Platform operations, releases, change management. Release schedule and rollout controls · cross-workspace change visibility · notifications · operational health.

Inherited behavior

Releases are coordinated at organization scope with workspace-level rollout windows. Operational signals roll up; advisories cascade down.

EmbodiesEnterprise scalability
ResolvesScaling complexity
The primitives every module inherits

Three primitives. Every module. Every future module.

Primitive · 01

Inheritance

Configuration flows top-down. The organization is the source. Workspaces consume by default and pick up changes the moment they're published.

Primitive · 02

Delegation

Authority can be scoped — a workspace, a domain, a responsibility — and revoked. Every delegation is explicit, audit-logged, and visible from the centre.

Primitive · 03

Domain navigation

Administration is reached by responsibility, not by settings category. Every module is named for what an administrator owns.

Why this scales
  • 01Administrative effort no longer scales with workspace count. New workspaces inherit the organization baseline.
  • 02Override is a deliberate, surfaced decision — not a silent fork.
  • 03Audit-readiness is structural — every inheritance and override is logged at organization scope.
  • 04Future modules slot into the same shell. The platform absorbs new governance domains without architectural rework.

The dashboard is intentionally small. Four modules and a health view. What makes it scale is not the number of surfaces — it is the governance primitives every module inherits.

07Architectural proof

The model absorbs the next decade without rework.

This is not a roadmap. It is the proof that the architecture was designed to scale. Content governance, AI governance, and global deployments all slot into the same governance shell — same modules, same primitives, same domain navigation.

Future IA · the same shell, three stages of evolution.Board · future IA & scalability

Three stages, one shell

TodayStage 1

Foundational governance shipped

The four domains in the Organization Control Center. The shell, the primitives, the navigation — established.

Governance domains

  • Users
  • Security
  • Branding
  • Updates
TomorrowStage 2

Content & AI governance slot in

Three new domains. Same shell. AI governance is not bolted on — it is the next natural domain in the model.

Governance domains

  • Users
  • Security
  • Branding
  • Updates
  • Content governance
  • AI governance
  • Cross-workspace analytics

3 new domains added.

FutureStage 3

Global platform operations inherit

The shell becomes a global platform-operations surface. Content, widgets, and deployments inherit the same model.

Governance domains

  • Users
  • Security
  • Branding
  • Updates
  • Global content
  • Global widgets
  • Global deployments

3 new domains added.

Proof — the model already absorbs what's next

Each future domain inherits the same shell. The work below is not re-architecture — it is the model expressing itself in a new domain.

Proof · 01

AI governance

Slots in as a new domain. Inheritance, delegation, and domain navigation all carry over. No new architecture required.

Proof · 02

Content governance

Same shell. Content lifecycle, approvals, and ownership inherit the org-level model the rest of the platform runs on.

Proof · 03

Global deployments

Coordinated at organization scope through the same primitives that coordinate releases and identity today.

Each new module slots into the same domain pattern. The IA absorbs the next decade of the platform without architectural rework.

The thesis

The decisive move was not a UI change. It was reframing a settings-UX brief as a governance architecture problem.

Once the reframe was on the table, the principles, the benchmarks, the dashboard, and the future IA followed in a single coherent line. The shift from feature design to platform design is the entire project.

What this work demonstrates

  • 01Governance primitives — inheritance, delegation, domain navigation — every future module inherits.
  • 02Customer signal, UX heuristic, and industry pattern triangulating every decision.
  • 03An information architecture roadmap that absorbs content and AI governance without rework.
  • 04A model the team can operate against for years — not a feature shipped once.