Governance

Your AD groups are your AI access policy.

No new permission system. pLLM reads your existing AD / Entra / Okta groups and turns membership into fine-grained, auditable policy on every model, MCP server, agent, and prompt.

01 · Identity
SSO sign-in
AD / Entra / Okta
user sarah@acme.com
oidc ✓ verified
mfa ✓ enforced
02 · Groups & Policy
pLLM policy engine
evaluating groups → rules
groups
2
rules matched
14
ad:Analysts allow
ad:All-Employees allow
ad:Finance-Ops deny
03 · Access
Resolved scope
what sarah can use
claude-4.6-sonnet
mcp://snowflake
agents/sql-analyst
skills/summarize-document
mcp://sap
agents/finance-bot
policy evaluated per request · < 2ms overhead every decision logged to audit trail
works with what you have

Identity providers

OIDC · SAML · LDAP · OAuth 2.0
Entra ID
Active Directory
Okta
Auth0
Google
GitHub
AWS IAM
Keycloak
LDAP

Different groups, different gateways.

Three people hit the same URL — three completely different surfaces. Scope is derived from AD groups, not hand-maintained lists.

Sarah · Analyst
ad:Analystsad:All-Employees
can use
claude-4.6-sonnet
mcp://snowflake
agents/sql-analyst
blocked
mcp://sap
agents/finance-bot
Marcus · Engineer
ad:Engineersad:Developers
can use
claude-4.6-opus
mcp://github
agents/release-captain
skills/code-reviewer
blocked
mcp://sap
agents/finance-bot
Priya · Finance Ops
ad:Finance-Opsad:All-Employees
can use
gpt-5
mcp://sap
agents/finance-bot
blocked
mcp://github
agents/release-captain

Policies, not snowflakes.

Six core policy primitives cover 95% of what enterprises actually need. Compose them.

Budget ceilings

Hard and soft monthly spend limits per group, per key, or per project.

example
ad:Interns → $50 / month, throttle at 80%

Model allow-lists

Pin which models each group can use. Block frontier models from unvetted teams.

example
ad:All-Employees → gpt-4.1-mini, claude-4.6-sonnet

MCP tool scoping

Allow-list individual tools on an MCP server. Read-only by default.

example
ad:Contractors → github-mcp/search_* only

Data egress rules

Block PII, secrets, or IP-classified data from leaving the gateway.

example
All groups → no raw customer PII to external providers

Rate & quota limits

Per-user, per-group, per-agent RPS and token quotas with burst controls.

example
ad:Engineering → 200 RPS, 10M tokens/day

Audit & retention

Every request, tool call, and agent step logged with redacted payloads.

example
PII masked · 18-month retention · SIEM-ready
policies/org.yaml
policy-as-code 
# bind AD groups to capabilities
policies:

  - match: ad:Engineers
    allow:
      models: [claude-4.6-*, gpt-5]
      mcp:     [github, jira, internal-rag]
      agents:  [release-captain, *]
    budget: $2000/month
    rate: 200rps

  - match: ad:Finance-Ops
    allow:
      models: [gpt-5, claude-4.6-sonnet]
      mcp:     [sap]
      agents:  [finance-bot]
    guardrails:
      - presidio-pii
      - sap-data-egress

  - match: ad:Contractors
    allow:
      models: [gpt-4.1-mini]
      mcp:     []  # no tool access
    budget: $25/month
Live audit stream
streaming
ALLOW
sarah@acme.comagents/sql-analyst
matched ad:Analysts · p95=84ms · $0.0042
2s ago
DENY 
sarah@acme.commcp://sap/get_invoice
not in ad:Finance-Ops · blocked by policy
4s ago
MASK 
marcus@acme.comclaude-4.6-opus
presidio-pii masked 2 emails, 1 phone
6s ago
ALLOW
priya@acme.comagents/finance-bot
matched ad:Finance-Ops · tool=mcp://sap/query_gl
9s ago
QUOTA
ad:Contractorsbudget=80%
soft limit hit · throttling to 50 rpm
12s ago
98.7%
allow rate
<2ms
policy eval
100%
audited

Keep exploring

All platform pillars

MCP Gateway

Registry, lifecycle & per-tool policy

Registry

Agents, skills & prompts as artifacts

Guardrails

Pre / post / during / logging filters

Routing

Latency-aware routing & failover