Royce

Posted on Mar 17 • Originally published at starterpick.com

Bedrock Review 2026: Enterprise-Grade SaaS Starter

#bedrock #review #enterprise #boilerplate

TL;DR

Bedrock is the best choice for enterprise-focused SaaS that needs organizations, SSO/SAML support, advanced billing, and proper API documentation. At $1,500+ (team license), it's the most expensive boilerplate — and it earns the price for products targeting mid-market to enterprise customers. Overkill for consumer SaaS.

What You Get

Price: ~$1,500 (team license) — see bedrock.mxstbr.com for current pricing

Created by: Max Stoiber (creator of styled-components, Spectrum chat)

Core features:

Next.js 14+ + TypeScript (strict)
Multi-tenancy: Organizations, teams, members, roles
Auth: Passport.js + custom session management
Enterprise Auth: SAML/SSO (WorkOS integration)
Payments: Stripe with advanced billing
Email: Postmark
Database: PostgreSQL with careful schema design
API: REST with Swagger documentation
Admin panel: Comprehensive
Docker: Full Docker Compose setup
Testing: Jest + Cypress configured

What "Enterprise-Grade" Means

Bedrock's architecture reflects enterprise requirements:

1. SAML/SSO Support

Enterprise B2B customers demand SSO. Bedrock integrates WorkOS for SAML authentication:

// Enterprise login flow
  const organization = await findOrganizationByEmail(email);

  if (organization?.ssoEnabled) {
    // WorkOS SAML flow
    const authorizationUrl = await workos.sso.getAuthorizationURL({
      organization: organization.workosOrgId,
      redirectURI: `${BASE_URL}/auth/callback`,
    });
    redirect(authorizationUrl);
  } else {
    // Regular email/password
    redirect(`/login?email=${email}`);
  }
}

This is a day of work to implement correctly. Bedrock ships it pre-built.

2. Advanced Billing

Usage-based billing, team seats, add-ons — enterprise pricing is complex:

// Team seat billing — charge per member
  organizationId: string,
  invitedUserId: string
): Promise<void> {
  const org = await getOrganization(organizationId);
  const currentSeats = await countActiveMembers(organizationId);
  const plan = await getSubscriptionPlan(org.stripeSubscriptionId);

  // Check seat limit
  if (currentSeats >= plan.maxSeats) {
    throw new Error('Seat limit reached. Upgrade your plan to add more members.');
  }

  // Add member
  await addMember(organizationId, invitedUserId);

  // Prorate billing if on per-seat plan
  if (plan.billing === 'per-seat') {
    await stripe.subscriptionItems.update(plan.seatItemId, {
      quantity: currentSeats + 1,
      proration_behavior: 'create_prorations',
    });
  }
}

3. Proper API Documentation

Bedrock generates Swagger/OpenAPI docs from route handlers:

/**
 * @openapi
 * /api/organizations:
 *   get:
 *     summary: List organizations
 *     security:
 *       - apiKey: []
 *     responses:
 *       200:
 *         description: "List of organizations"
 *         content:
 *           application/json:
 *             schema:
 *               type: array
 *               items:
 *                 $ref: '#/components/schemas/Organization'
 */
  // ...
}

Enterprise customers expect public API documentation.

4. Audit Logging

Compliance requirements often mandate audit trails:

// Every important action logged
  orgId: string,
  userId: string,
  settings: OrgSettings
): Promise<void> {
  const previous = await getOrganization(orgId);

  await prisma.organization.update({
    where: { id: orgId },
    data: settings,
  });

  await prisma.auditLog.create({
    data: {
      organizationId: orgId,
      userId,
      action: 'organization.settings.updated',
      metadata: {
        before: extractChangedFields(previous, settings),
        after: settings,
      },
    },
  });
}

Docker and Infrastructure

Bedrock includes Docker Compose for local development with all services:

# docker-compose.yml
services:
  app:
    build: .
    ports: ["3000:3000"]
    depends_on: [postgres, redis, mailhog]

  postgres:
    image: postgres:16
    volumes: [postgres_data:/var/lib/postgresql/data]

  redis:
    image: redis:7-alpine

  mailhog:
    image: mailhog/mailhog
    ports: ["8025:8025"]  # Email preview at localhost:8025

One command: docker-compose up. Everything runs locally, including email preview.

Who Should Buy Bedrock

Good fit:

Enterprise SaaS targeting companies with 50+ employees
Products that will need SAML/SSO (required for Fortune 500 sales)
SaaS with complex per-seat or usage-based billing
Funded startups with runway to invest in the right foundation
Teams that need API documentation for enterprise partnerships

Bad fit:

Consumer SaaS (individual users)
Early-stage indie SaaS (the price is 5-10x higher than alternatives)
Solo founders (team license for solo use is poor ROI)
Products that don't need enterprise authentication

Alternatives at Different Price Points

Need	Alternative
Multi-tenancy only	Supastarter ($299)
Good code quality	Makerkit ($149-$599)
Free enterprise patterns	Epic Stack
SAML without the full kit	WorkOS SDK directly (~$0 to start)

Final Verdict

Rating: 4/5

Bedrock delivers on its promise of enterprise-grade. The SSO, per-seat billing, audit logging, and Docker setup are production-quality. The price is high but justified for enterprise-focused products — a week of engineering time at agency rates exceeds the cost.

The question isn't "is Bedrock good?" — it's "does your product need what Bedrock provides?" If yes, it's excellent. If not, you're paying for features you'll never use.

Compare Bedrock with alternatives on StarterPick.

DEV Community