SafetyCulture

Enabling enterprise scale at SafetyCulture

Role

Design Lead

Date

2023

The Challenge

At the project's start, "user management" was a vague catch-all term for severe enterprise friction. Lacking a scalable foundation for organizations with over 250 seats actively stalled our upmarket growth and bled revenue across four key areas:

  • Inaccessible Market Share: Missing enterprise capabilities rendered our core Serviceable Addressable Market (5,000 companies, 36.7M employees, and $3.8B in potential revenue) largely inaccessible.
  • Direct Revenue Loss: Account contractions and lost enterprise deals (such as AusPost and Chick-Fil-A) resulted in direct losses between $2.4M and $5M in ARR.
  • Blocked Acquisition: The absence of table-stakes features blocked the migration of 138 recently acquired customers from EdApp (a recent acquisition) stalling an additional $4.6M in ARR.
  • Unscalable Workarounds: To bypass system limitations, 5,000 existing organizations accounting for 450K seats and $70M in ARR were forced into highly complex and frustrating multi-organization setups.
Organisational Structures

Internal Research

To identify and understand the primary friction points enterprise organizations encounter when structuring, governing, and scaling their SafetyCulture deployments, and to uncover high-leverage design opportunities for administrative management.

Qualitative internal discovery. Conducted 11 in-depth interviews with Customer Success Managers (CSMs), Customer Success Executives (CSEs), and Account Executives (AEs) managing enterprise accounts (100+ seats).

Bulk management

Managing users at scale is a highly manual bottleneck. Lacking robust bulk tools and seamless HRIS/SSO integrations, admins are forced into tedious "org-switching" and creating large amounts of groups. Enterprises urgently need bulk-action capabilities to make user management easier for 100+ users.

11 of 11 Interviews

Flexible Org Structures

Rigid "site" and "group" structures clash with the matrixed reality of enterprise organizations. Customers require flexible hierarchies mapped to custom attributes (like cost centers or departments) and the ability to attribute data to roles not just individuals, whilst preserving historical context during personnel changes.

11 of 11 Interviews

Permissions & Delegation

The lack of granular, scoped permissions prevents the safe delegation of administrative tasks. Unable to restrict access to specific sites or actions, central admins must either over-grant global permissions or hoard all the work, creating severe bottlenecks that stop regional leaders from self-serving.

10 of 11 Interviews

Automation & Workflows

Distributing tasks, templates, and training relies heavily on manual handoffs rather than self-sustaining systems. To eliminate unsustainable administrative overhead, enterprises require a centralized workflow engine where standard shifts (like new hires or role changes) automatically trigger the correct assignments and notifications.

9 of 11 Interviews

Sprinting to concepts

Qualitative internal discovery. Conducted 11 in-depth interviews with Customer Success Managers (CSMs), Customer Success Executives (CSEs), and Account Executives (AEs) managing enterprise accounts (100+ seats).

Sprint slide 7 Sprint slide 6 Sprint slide 5 Sprint slide 1 Sprint slide 4 Sprint slide 3

Phase 2 Research: Stress-Testing the Concept

Armed with the low-fi concepts from the design sprint, we moved into external validation. We put these prototypes directly in front of 12 enterprise clients—including Disney, IKEA, Transport for London (TfL), and Fulton & Hogan.

The commercial stakes were incredibly high. This specific sample size alone represented ~$2.11M USD in ARR at risk. Furthermore, major clients explicitly stated that the lack of these capabilities was actively blocking the expansion of thousands of seats.

Sprint slide 2 Concepts slide 1 Concepts slide 2 Concepts slide 3 Concepts slide 4 Concepts slide 5 Concepts slide 6 Concepts slide 7 Concepts slide 8 Concepts slide 9
Hypothesis
Signal

Bulk Management

By replacing manual tasks with automated bulk actions, we empower administrators with precise, confident control over user management at scale.

Validated

Customers urgently need automated provisioning to replace manual seat purges. Customers explicitly cited the Permission Matrix and bulk user management concepts as a mandatory requirement.

Constraint uncovered

IT stakeholders require a safe, non-production "Sandbox" to test complex SSO flows before cutting over to live production.

Support for Matrix Org Structures

If we enable customers to model their operations using flexible structures that support matrix organizations, paired with granular permissions, it will unlock highly accurate reporting, precise task assignment, and strict data security at scale

Validated — 80% confidence

All customers expressed a need for better modeling of their matrix organizational structures specifically role/team and site. With larger orgs needs move advanced categorisation of locations and autonomous divisions and business units. Also expressing a need for capturing more information on users for better compliance and reporting.

Constraint uncovered

We must maintain a "single source of truth" synced with external HR systems to handle ongoing organizational drift.

Delegated Management & Role-Based Permissions

If we empower local managers with role based permissions and access controls, we will ensure frontline workers only see relevant data while eliminating the administrative bottleneck for central admins.

Validated — 80% confidence

Clients unanimously validated that our concepts resolved core administrative bottlenecks through delgated management of sites and teams/groups. Crucially, enterprise giants like IKEA, TfL, and Disney explicitly confirmed the need for a cascading permission model—allowing regional leaders to delegate down to local site managers while enabling functional managers to operate cross-organizationally.

Constraint uncovered

The larger and/or more mature clients had more of a preference towards limiting the number of system level roles that apply governance and tight controls to ensure global standards were maintained and complexity/variance limited to a small number of roles

Global workflows and local autonomy

If we empower global owners to distribute standardized processes while allowing local teams to make controlled adaptations, we balance strict corporate governance with local operational agility.

40% confidence — reality check

Customers desperately want to delegate local process creation, but are terrified of losing global standardization.

Design pivot

We must introduce an Approval Step for local workflow creators to seek permission before publishing.

Enterprise validation customers Product roadmap

User Fields & Custom Attributes

We designed and built User Fields, which enabled enterprise admins to add, display, and filter by custom user fields. Administrators can now map their organization's unique operational reality by creating custom fields—such as Job Roles, Business Units, Start Dates, or Emergency Contacts—using text, dates, user assignments, or multiple-choice inputs.

Between December 2025 and June 2026, 700 active accounts successfully adopted and saved custom user fields, representing $23.3M in connected ARR. Proving this was a critical enterprise capability, 73% of that ARR concentration sat entirely within our high-value Enterprise+ segment.

User fields configuration

Creation of user fields with ability to choose multiple data types

Bulk update interface

Update user details in bulk by uploading a CSV with your custom user fields, streamlining management and ensuring all information is up-to-date in one simple step

Site fields configuration

Extending this capability to locations and site fields to enable customers to capture and filter their locations based on custom data such as brands, site types, service lines, etc. Launched May 2026.

Organisation fields configuration

We built a foundation to use fields accross all orgninisational structures even those that we had not launched such as projects, vendors etc.

Bulk Operations

For Mid-Market, we designed a self-serve HR Integration Marketplace (powered by Merge.dev), allowing admins to easily install and configure 11 native connectors (like BambooHR and HiBob) without bespoke developer support. For Enterprise clients, we improved our SCIM provisiioning with Okta and Microsoft Entra ID—unlocking advanced seat-type mapping, full custom field syncing, and auto-seat purchasing to prevent silent provisioning failures.

We eliminated the need for manual data entry and bespoke integration requests. By standardizing the external HRIS as the source of truth, the system now automatically handles deactivations, reactivations, and field mapping entirely in the background. Today, this fortified SCIM and HRIS architecture powers zero-touch programmatic provisioning for ~400 enterprise organizations, effortlessly managing a staggering ~846,000 users (FY26) with perfect data compliance.

Bulk User Uploads

We completely overhauled the Bulk User Upload experience. Giving admins the abilities to bulk provision users, assign them to complex Group and Site hierarchies, roles and permissions, and populate Custom User Fields—all with better error and formatting handling with CSV uploads.

By proactively catching formatting issues, we reduced validation errors per session from 8.3% down to 5.5% and drove overall file upload success rates from 49% up to 65%. This flow has become a mandatory enterprise capability—adopted by Enterprise+ accounts at 3x the rate of Small Businesses. During the FY26 period alone, this optimized flow empowered ~1,100 organizations to confidently and accurately manage ~97,000 users.

Bulk update detail view

Automation of Group Management

We designed a system to enable automatic provisioning of sites and groups using membership rules. Instead of manually adding and removing users as to groups and sites as they change roles, teams, departments, etc can now build intersecting logic to automatically dictate group membership based on a user's Custom Fields.

The shift toward rule based automation saw accelerating adoption. Over a 6-month window (December 2025 – May 2026), customers created 2,365 dynamic groups, with creation rates doubling to over 600 in April alone. As of May 2026, 261 organizations maintain active dynamic groups, representing $16.2M in connected ARR.

Dynamic groups configuration

Notifications

The notification system was designed to keep large organisations informed without creating noise: targeted, role-aware, and tied to the org structure so the right updates reached the right people.

Notifications management

Roles & Permissions

To solve one of the key bottlenecks we uncovered in the research, we have fundamentally re-archotected our permission system enabliing us to launch scoped roles. Launching next month (Jun 26), this capability empowers local leaders—like store captains, regional directors, or franchise owners—to autonomously provision, edit, and manage their own users, strictly bounded within their specific Site or Group remit.

This architectural shift directly answers our #1 most-requested enterprise feature. By enabling secure, delegated management at the edge, this release protects over $13M AUD in at-risk Enterprise ARR. Crucially, it serves as the mandatory, contract-blocking prerequisite to unlock global rollouts for massive accounts, including a 300-site deployment for DHL and a 22,000-user expansion for IKEA EMEA.

Roles management interface
 Site-level roles configuration