Tutorial

Enterprise Controls

Configure model policy, domain restrictions, BYOK, and BYOA credentials for your organization.

1

Set model policy

In organization settings, define allowed and blocked models. This policy governs which models can be used by users and automations in your organization.

Model policy controls
2

Configure domain allowlist

Add approved hostnames to the Domain Allowlist. Web-enabled workflows then stay constrained to known domains for compliance and data governance.

Domain allowlist settings
3

Store BYOK provider keys

Open API Keys (BYOK) and store organization-scoped provider keys. This enables your team to use enterprise-owned credentials instead of personal keys.

BYOK API keys panel
4

Configure BYOA OAuth credentials

Open OAuth Credentials (BYOA) and register your organization client ID/secret per provider. This lets users authenticate against your own app registration.

BYOA OAuth credentials panel
Tip:Keep key rotation and OAuth credential rotation on an operating schedule. Pair changes with audit log review so security and support teams can verify rollout.