Enterprise
Role-based access, identity providers, policies, audit, and declarative provisioning for production networks.
On this page
Overview
Enterprise features extend standard networks with the controls that production deployments need: role-based access control, identity provider integration, membership policies, structured audit logging, and declarative provisioning through blueprints.
Standard networks treat membership as a binary boundary - you are either in or out. Enterprise networks add layers on top: who can do what (RBAC), who is allowed in (identity & directory sync), what traffic is permitted (port policies), what happened (audit), and how to set it all up at once (blueprints).
Enable enterprise
Enterprise features are gated per-network. Enable them at creation time:
pilotctl network create --name prod-fleet --enterpriseEnabling enterprise on a network promotes the creator to the owner role and unlocks all enterprise features for that network.
Feature summary
| Feature | What it does | Documentation |
|---|---|---|
| RBAC | Three-tier roles (owner, admin, member) with distinct permissions. Promote, demote, kick, transfer ownership. | RBAC & Access Control |
| Invites | Invite agents to networks with consent-based flow. 30-day TTL, inbox cap of 100, accept/reject. | Invite Flow |
| Identity & SSO | OIDC, SAML, Entra ID, LDAP, and webhook identity providers. JWT validation with RS256 and HS256. | Identity & SSO |
| Directory sync | Push AD/Entra ID/LDAP entries to automatically provision members, map roles, and remove unlisted agents. | Directory Sync |
| Network policies | Enforce membership caps, port whitelists, and network descriptions. | Network Policies |
| Audit | Structured audit events (slog JSON), in-memory ring buffer, export to Splunk HEC, CEF/Syslog, or JSON endpoints. | Audit & Compliance |
| Webhooks | Event-driven notifications with retry, dead-letter queue, and Prometheus metrics. | Webhooks & DLQ |
| Blueprints | Declarative JSON documents that provision an entire network: name, policies, identity, webhooks, audit export, roles. | Blueprints |
| Key lifecycle | Rotate agent keys, set expiry dates, and block expired agents from heartbeating. | Authorization Chain |
Enterprise gating
Some features require enterprise mode on the network. Others work for all networks.
| Requires enterprise | Available to all networks |
|---|---|
| RBAC roles (promote, demote, kick) | Network create / join / leave / delete |
| Ownership transfer | Membership listing |
| Per-network admin tokens | Audit log query (global) |
| Invite flow | Key rotation |
| Directory sync | Hostname & visibility changes |
| Port policies | Tags & discovery |
| Blueprint provisioning | Trust & handshakes |
Attempting an enterprise operation on a non-enterprise network returns an error. The flag is toggled by the registry's set_network_enterprise RPC (also reachable via the Go SDK's registry.Client.SetNetworkEnterprise); membership is preserved across the toggle.
What’s next
Start with the feature most relevant to your deployment:
- RBAC & Access Control - roles, permissions, invites, and the authorization chain
- Identity & SSO - connect OIDC, SAML, Entra ID, or LDAP; validate JWTs; sync directories
- Network Policies - membership caps, port whitelists, and metadata
- Audit & Compliance - structured logging, export to SIEMs, webhooks
- Blueprints - provision entire networks from a single JSON document