Roles and Permissions
Four built-in roles. Custom roles when you need them. Every permission is locked to a specific project. Nobody gets access by default.
Single Sign-On
Connect Okta, Azure AD, or Google Workspace. One toggle to enforce SSO for your entire organization. Local passwords disabled.
Permanent Audit Logs
Every action recorded. Every user identified. Logs that nobody can edit or delete. Send them to Splunk, Datadog, or your own tools.
Governance built in. Not bolted on.
Identity, access control, and audit trails are part of the platform. Not add-ons. Not configurations. Every AI tool you deploy is automatically covered by your organization's security rules.
Roles and Access
Four built-in roles. Custom roles for specific needs. Every role is locked to a project. Connect your identity provider for SSO.
Learn moreSingle Sign-On
Connect Okta, Azure AD, or Google Workspace. Enable Strict Mode and local passwords are disabled entirely. Everyone signs in through your company identity provider.
Learn moreProject Separation
Each team gets its own workspace. Servers, secrets, and permissions are separate. One project cannot see or access another.
Learn moreAudit Trail
Every action is logged permanently. Nobody can edit or delete entries. Stream logs to Splunk, Datadog, or your own webhook endpoint.
Learn moreNobody gets access until you say so.
Every new user starts with zero permissions. You choose their role and which projects they can access. Need something more specific than the four built-in roles? Create a custom one with exactly the permissions you want.
System Roles
Owner, Admin, Member, Viewer. Four roles that cover most organizations. Each one has a clear set of permissions designed for real teams.
Custom Roles
Start from a built-in role and adjust the permissions. Need someone who can deploy but not manage billing? Create that role in two clicks.
Project-Level Access
Roles are tied to a specific project. An Admin in one project has no access to another unless you explicitly grant it. No exceptions.
One login for everything.
Connect Okta, Azure AD, Google Workspace, or any identity provider your company already uses. Enable Strict Mode and local passwords are disabled entirely. Every login goes through your company SSO.
SAML SSO
Connect Okta, Azure AD, or OneLogin. Your team signs in with the same credentials they already use for everything else.
OpenID Connect
Works with Google Workspace, Auth0, or Keycloak. Login sessions are managed and refreshed automatically.
Strict Mode
One toggle and local passwords are gone. Every user signs in through SSO. No backdoor accounts. No workarounds.
Each team gets its own workspace.
Organize your AI tools by team, department, or client. Each project is completely separate. Servers, secrets, and access rules are isolated. One team cannot see or touch another team's resources.
Separate Servers
AI tools belong to exactly one project. One team's tools are invisible to every other team. Accidental access is not possible.
Staging & Production
Separate environments per project. Deploy to staging, verify it, push to production. Secrets stay locked to their environment.
Separate Secrets
API keys and credentials are encrypted and locked to each project. A secret in one project cannot be read or used by another.
Every action tracked. Permanently.
Every deployment, configuration change, and access attempt is logged. Nobody can edit or delete these logs. Not your team. Not us. Stream them to Splunk, Datadog, or your own tools for full visibility.
Every API call, deployment, and configuration change is logged and tied to the user who made it.
Audit entries are permanent. Nobody can edit or delete them. Not administrators. Not us.
Send audit logs to Splunk, Datadog, or any webhook endpoint. Every entry is signed to verify it has not been altered.
Audit history is kept for the lifetime of your organization. No 90-day limits. No automatic deletions.
Full control over your AI tools.
Zero infrastructure to manage.
Team roles, single sign-on, project separation, and a permanent activity log. Everything you need to stay organized, built in from day one.