I’ve watched a lot of internal apps get built. Most of them technically work. The data goes in, something comes out, and everyone calls it a success—until people actually have to use it every day.
That’s when the problems start. Nobody knows who changed what. Approvals vanish into a black hole. Users can’t find the thing they entered last Tuesday. And the workflow forces people through steps that have nothing to do with how the business actually operates.
After years of building these systems, I’ve landed on five features that need to be in the first release. Not version two. Not “when we have time.” Day one.
## 1. Authentication That Makes Sense
You’d think this would be obvious by now, but I still see apps with shared logins, weak passwords, or no real concept of identity at all.
Here’s why it matters beyond security: accountability. Every action in your system should tie back to a real person. When something goes wrong—and it will—you need to know who did what, and when. A shared “admin” login tells you nothing.
If your organization runs Microsoft 365, you already have an identity provider. Use it. Your users sign in with their existing credentials, MFA is already enforced, and when someone leaves the company they lose access automatically. No separate user database. No password reset flow to build. Fifteen minutes of configuration and you’re done.
## 2. Role-Based Access (Without the Headache)
Not everyone should see or do everything. But most systems get this wrong in one of two ways: they lock everything down so tightly that people can’t do their jobs, or they open everything up and hope for the best.
A good internal app understands roles the way the business already works:
- Who can approve a request
- Who can edit it
- Who can view it
- Who shouldn’t even know it exists
The trick is keeping it simple enough that you can actually maintain it. Three or four roles cover most internal apps. If you need a spreadsheet to explain your permissions model, you’ve already overcomplicated it.
## 3. Audit Trails (Because Memory Fails)
At some point—and I promise it will happen sooner than you think—someone will ask: “Who approved this?” or “What did this record look like before it was changed?”
If your answer is “I’m not sure, let me check with Dave,” you’ve already lost. Dave doesn’t remember either.
Every state change, every approval, every edit should be logged with a timestamp and a user. It doesn’t need to be fancy. A simple audit table that records who did what and when turns your app from a data entry tool into a defensible system of record. It replaces arguments with facts and builds trust in the system over time.
## 4. Search and Filtering That Actually Works
People don’t just put data into your app. They need to find it again later. And this is where most internal tools quietly fall apart.
Endless scrolling. Filters that don’t filter. A search bar that only matches exact strings. Users give up after two attempts and go back to their spreadsheet because at least Ctrl+F works.
Your app needs to answer real questions quickly: show me everything pending approval, show me what I submitted last week, show me anything flagged as urgent. If someone can’t find what they need in a few seconds, the app isn’t saving them time—it’s wasting it.
## 5. A Workflow That Reflects Reality
This is the one that sinks the most projects.
Someone builds an app with a workflow that looks great in a diagram but has nothing to do with how the business actually operates. It forces people through rigid steps. It doesn’t handle the exceptions that happen every single day. Status is unclear, and nobody knows whose turn it is to act.
I’ve learned the hard way: sit down with the people who do the work. Watch how they actually process things today—including the workarounds. Then model that in the app. A good workflow mirrors reality, handles the messy cases gracefully, makes status obvious at a glance, and moves things forward without friction.
Get the workflow wrong and everything built on top of it will feel wrong, no matter how polished the UI is.
## Final Thought
You can pick the best tech stack in the world, but if you ship without these five things, your app is going to struggle. People will work around it instead of through it, and you’ll spend the next six months playing catch-up on features that should have been there from the start.
Internal tools aren’t just software. They’re how your business actually runs. Build them that way.