Empowering developers, one plugin at a time: Neo4j’s Backstage story

tl;dr Sweden’s Neo4j has been leading the way in graph technology for almost two decades. Now their graph database systems are playing a vital role in powering today’s latest RAG-based LLMs. Addressing new use cases and imagining new possibilities in this ever-changing AI landscape is propelling their teams to build and scale faster than ever. Read how Backstage and Spotify’s premium plugins — including RBAC (Role-Based Access Control) and Insights — help bring simplicity and sanity to their development environment, so that their teams can continue to focus on inventing the future.

About Neo4j

“The world's most-loved graph database”

At Neo4j, we’re passionate about creating powerful tools that enhance how teams interact with data. As the creators of the world’s leading graph database, we help developers model and query data in ways that reflect real-world relationships. Our cloud platform, Neo4j Aura, makes these capabilities even more accessible, providing a fully managed experience for deploying and scaling graph-powered applications.

In recent years, Neo4j has played a key role in the space of retrieval-augmented generation (RAG). Graph databases are uniquely suited to this domain, thanks to their ability to structure knowledge and connect diverse information sources meaningfully. With RAG gaining popularity as a strategy for making AI systems more accurate, explainable, and context-aware, Neo4j’s relevance in this rapidly developing space has only grown.

Why Spotify Plugins for Backstage?

As our teams continue to scale and build complex, interconnected services, developer enablement becomes increasingly critical. That's where an internal developer portal (IDP) like Backstage comes in. We use Backstage to centralise our developer experience by providing a consistent interface for managing services, documentation, environments, and more.

To extend Backstage’s capabilities, we opted for Spotify’s paid plugins bundle, which has proven to be a valuable investment. In particular, the RBAC (Role-Based Access Control) and Insights plugins have already made a noticeable impact — and we predict that the Soundcheck plugin is going to play a huge role in ensuring our software is of the highest quality, as well. These tools help us maintain consistent standards across services, control access more securely, and gain better visibility into what’s happening across our internal ecosystem.

Role-Based Access Control: Simplicity and flexibility as the deciding factors

Among the plugins in the bundle, RBAC stood out as a crucial feature for us. Before adopting it, we faced a significant challenge: access control had to be implemented manually through code. Any time we wanted to adjust permissions — whether adding a new team or modifying access levels — we had to dig through the codebase and apply changes manually. This approach wasn’t scalable and added unnecessary complexity to our workflows.

The approach: Growing platform engineering as a product, not a policy

^{A default policy is defined in the RBAC plugin}

With Spotify's RBAC plugin, things changed dramatically. Since our Backstage instance integrates with Okta for authentication, the RBAC system is fully aligned with Okta groups. This means a developer’s access is automatically determined by the groups they belong to — no manual code changes required. It’s a cleaner, more secure, and far more manageable solution.

^{Assigning a set of permissions to a certain Okta group is simple with the no-code UI}

The beauty of the RBAC plugin lies in its simplicity and flexibility. It provides a clean, user-friendly interface where roles and permissions can be defined and managed without touching code. Through the Backstage UI, we can easily map roles to specific Okta groups, create fine-grained access policies, and adjust them on the fly.

One can even add condition statements to further manage the role-based access for specific scenarios. For example, we have some Scaffolder templates that are labelled such that only specific engineers can run them.

^{Example of a conditional statement we set up in the UI}

This means that changes to access levels — like granting a new team access to a plugin or revoking privileges — can be made quickly and confidently, all without the need for code reviews or deployment cycles.

💡Quick tip: Read-only by default

Another RBAC-based pattern we’ve adopted — and can wholeheartedly recommend — is our “read-only by default” approach when we deploy Backstage. This serves as a safety feature if Backstage is accidentally deployed in a fresh state.

Insights: What are our devs really using the portal for?

To ensure your IDP is providing the value you expect, it’s essential to understand how your developers are actually using it. At Neo4j, we use Spotify’s Insights plugin to track the usage of our Backstage instance. We can quickly see the headline numbers, like how many users we have per day, and share them with our leadership team. Or we can dig deeper to see more detailed information, like which entities were most visited.

^{The Insights plugin provides detailed analytics about the usage of the portal}

What templates can tell you

^{Top templates by engagement on a typical day}

We provide a number of different templates to our engineers through the Backstage Scaffolder. The usage tab provides a quick view into which templates are being run most frequently. From here, we can start to put together a picture of which tasks engineers need to carry out more often, and how that should affect our decision-making. For example, we can see above that engineers are more frequently running the “Create AuraDB” template than the “Delete” template, so we should probably put something in place to make sure that DBs are being tidied up.

Investigating entities

^{Dig into your most visited entities}

The usage page also provides a view into which Catalog entities are the ones that users are regularly interacting with. Besides our aura-docs (which contains all of our high-level docs and which we would expect to have a high number of visitors), we can see that some of our components get more attention than others. This might indicate that we need to add more or clearer documentation for those components if people keep coming back to them. Note that there may be some survivorship bias here as components with no docs won’t get repeat visitors, so wouldn’t appear very high up.

Chart-topping plugins

^{Top 5 plugins on a typical day}

One of the other great features of the Insights plugin is that it lets you quickly see which are the Backstage plugins that users are most frequently using. We can then focus our development time accordingly to make sure that we’re working on features that our users care about.

Building the future

By investing in Spotify’s premium Backstage plugins, Neo4j continues to evolve its developer platform with powerful features that prioritise security, clarity, and autonomy. These tools free our teams from operational friction, allowing them to focus on what matters most: building the future of AI. As the boundaries of graph technology expand, so does our ambition to deliver exceptional experiences — for developers and users alike.

---

Luke Beamish and Chris Heisz are platform engineers on the enablement team at Neo4j. Luke has been working with Backstage since 2021 and embarking on D&D campaigns since he could roll for damage.🎲 You can also find Chris on Spotify’s other popular platform as Chris Philippe Hemingway.🎸

RBAC, Insights, and Soundcheck are part of the Spotify Plugins for Backstage bundle subscription. These premium plugins also come built into Spotify Portal for Backstage.