Getting started

Overview

Enterprise Governance extends DeepIntShield’s core governance capabilities with advanced security, compliance, and user management features designed for large-scale enterprise deployments. This module provides comprehensive identity management, regulatory compliance, and detailed audit capabilities.

Enterprise Extensions:

Identity & Access Management - OpenID Connect integration with Okta and Microsoft Entra
User-Level Governance - Individual user authentication and budget allocation
Role-Based Access Control - Fine-grained permissions with custom roles and resource-level controls
Team Synchronization - Automatic team membership based on identity provider groups
Compliance Framework - SOC 2 Type II, GDPR, ISO 27001, and HIPAA compliance
Advanced Auditing - Comprehensive audit reports and compliance dashboards

Builds Upon Core Governance:

All standard Virtual Keys, Teams, and Customers functionality
Hierarchical budget management and rate limiting
Model and provider access controls
Usage tracking and cost management

Identity Provider Integration

DeepIntShield Enterprise supports OpenID Connect (OIDC) integration with popular identity providers for single sign-on (SSO) authentication. Users are automatically provisioned on first login, with roles and team memberships synchronized from your identity provider.

Supported Identity Providers:

Okta - Full OIDC integration with custom roles and group sync
Microsoft Entra ID - Azure AD integration with app roles and group claims

Key Features:

Automatic User Provisioning - Users are created on first SSO login
Role Synchronization - Admin and Viewer roles mapped from identity provider
Team Membership - Groups from your identity provider automatically create and sync teams
Secure Token Handling - JWT validation with automatic token refresh

Role Hierarchy

DeepIntShield resolves identity-provider roles to two access levels:

Role	Privilege Level	Description
Admin	Highest	Full access to all DeepIntShield features and settings
Viewer	Lowest	Read-only access to dashboards and reports

When a user has multiple roles, DeepIntShield assigns the highest privilege role. Any mapped role that is not viewer resolves to Admin, so reserve write access for users who need it.

For detailed information on managing roles and permissions, including creating custom roles and assigning granular permissions, see Role-Based Access Control.

Configuration

Identity provider configuration is done through the DeepIntShield UI:

Navigate to Governance → User Provisioning in the DeepIntShield dashboard
Select your identity provider (Okta or Microsoft Entra)
Enter the required credentials from your identity provider
Enable the provider and save

For detailed setup instructions, see the provider-specific guides:

Setting up Okta
Setting up Microsoft Entra

User-Level Authentication & Budgeting

Enterprise Governance extends the hierarchical governance model to include individual user-level controls, providing granular access management and personalized budget allocation.

User Management

Enhanced Hierarchy:

Customer (organization-level budget)
    ↓
Team (department-level budget)
    ↓
User (individual-level budget + authentication)
    ↓
Virtual Key (API-level budget + rate limits)

User Features:

Individual Authentication - SSO-based login credentials
Personal Budgets - User-specific cost allocation
Access Controls - Per-user model and provider restrictions
Usage Tracking - Individual consumption monitoring
Audit Trails - User-specific activity logging

User Authentication Flow

SSO Authentication:

# 1. User signs in to the DeepIntShield dashboard via SSO (Okta/Entra)
# 2. The dashboard issues a virtual key scoped to the user
# 3. Use that virtual key to authenticate inference requests

curl -X POST https://app.deepintshield.com/v1/chat/completions \
  -H "Authorization: Bearer sk-bf-your-virtual-key" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Virtual Key with User Context:

# Use virtual key with user tracking
curl -X POST https://app.deepintshield.com/v1/chat/completions \
  -H "x-bf-vk: sk-bf-your-virtual-key" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Compliance Framework

Enterprise Governance includes built-in compliance capabilities for major regulatory frameworks including SOC 2 Type II, GDPR, ISO 27001, and HIPAA compliance. These features provide automated compliance monitoring, policy enforcement, and audit trail generation to meet enterprise security and regulatory requirements.

Audit Reports & Compliance Dashboards

Enterprise Governance provides comprehensive audit reporting and compliance dashboards for regulatory requirements and internal governance.

Audit Report Types

1. Access Audit Reports

User login/logout activities
Failed authentication attempts
Privilege escalation events
Unusual access patterns

2. Usage Audit Reports

API request tracking
Model and provider usage
Budget consumption patterns
Rate limit violations

3. Data Audit Reports

Data access and modification
Data export activities
Data deletion requests
Consent management tracking

4. Compliance Reports

SOC 2 Type II control evidence
GDPR compliance status
ISO 27001 risk assessments
HIPAA safeguard compliance

Report Generation

Generate audit and compliance reports from the DeepIntShield dashboard:

Navigate to Audit Reports
- Go to Enterprise → Audit & Compliance
- Select Generate Report
Report Configuration

Report Type:

Access Report: Authentication and authorization events
Usage Report: API consumption and cost analysis
Compliance Report: Regulatory compliance status
Security Report: Security events and incidents

Date Range:

Last 24 Hours: Recent activity
Last 7 Days: Weekly summary
Last 30 Days: Monthly analysis
Custom Range: Specific date range

Filters:

Users: Specific users or all users
Teams: Specific teams or all teams
Customers: Specific customers or all customers
Event Types: Filter by event categories

Export Options:

PDF: Formatted compliance report
CSV: Raw data for analysis
JSON: Structured data export

See Audit Logs for how to query events, filter by type and severity, and forward them to your SIEM.

Compliance Monitoring

Use the Audit Logs query and export views to monitor your compliance posture:

Security posture - review authentication and security events for failed logins and unusual access
Access reviews - export authorization events to evidence who accessed which models and keys
Change tracking - export configuration-change events for change-management reviews
Long-term evidence - export audit trails on a schedule to your SIEM or object store

Error Responses

Enterprise Governance extends standard governance errors with additional authentication and compliance-related responses:

Authentication Errors:

{
  "error": {
    "type": "authentication_required",
    "message": "SSO authentication required"
  }
}

{
  "error": {
    "type": "mfa_required",
    "message": "Multi-factor authentication required"
  }
}

Authorization Errors:

{
  "error": {
    "type": "user_not_authorized",
    "message": "User does not have permission to access this model"
  }
}

Compliance Errors:

{
  "error": {
    "type": "compliance_violation",
    "message": "Request violates GDPR data minimization requirements"
  }
}

Next Steps

Role-Based Access Control - Manage roles and fine-grained permissions
Setting up Okta - Configure Okta as your identity provider
Setting up Microsoft Entra - Configure Microsoft Entra ID as your identity provider
Core Governance - Understand base governance concepts
Clustering - Deploy enterprise governance across multiple nodes
Vault Support - Secure credential management