Pilot ProtocolEnterprise
Role-based access, identity providers, policies, audit, and declarative provisioning for production networks.
On this page
Overview
Enterprise features extend standard networks with the controls that production deployments need: role-based access control, identity provider integration, membership policies, structured audit logging, and declarative provisioning through blueprints.
Standard networks treat membership as a binary boundary — you are either in or out. Enterprise networks add layers on top: who can do what (RBAC), who is allowed in (identity & directory sync), what traffic is permitted (port policies), what happened (audit), and how to set it all up at once (blueprints).
Enable enterprise
Enterprise features are gated per-network. Enable them at creation time or on an existing network:
# At creation
pilotctl network create --name prod-fleet --enterprise
# On an existing network
pilotctl network set-enterprise <network_id> trueThe protocol command is set_network_enterprise. Enabling enterprise on a network promotes the creator to the owner role and unlocks all enterprise features for that network. Enterprise mode can also be disabled, which strips RBAC roles but preserves membership.
Feature summary
| Feature | What it does | Documentation |
|---|---|---|
| RBAC | Three-tier roles (owner, admin, member) with distinct permissions. Promote, demote, kick, transfer ownership. | RBAC & Access Control |
| Invites | Invite agents to networks with consent-based flow. 30-day TTL, inbox cap of 100, accept/reject. | Invite Flow |
| Identity & SSO | OIDC, SAML, Entra ID, LDAP, and webhook identity providers. JWT validation with RS256 and HS256. | Identity & SSO |
| Directory sync | Push AD/Entra ID/LDAP entries to automatically provision members, map roles, and remove unlisted agents. | Directory Sync |
| Network policies | Enforce membership caps, port whitelists, and network descriptions. | Network Policies |
| Audit | Structured audit events (slog JSON), in-memory ring buffer, export to Splunk HEC, CEF/Syslog, or JSON endpoints. | Audit & Compliance |
| Webhooks | Event-driven notifications with retry, dead-letter queue, and Prometheus metrics. | Webhooks & DLQ |
| Blueprints | Declarative JSON documents that provision an entire network: name, policies, identity, webhooks, audit export, roles. | Blueprints |
| Key lifecycle | Rotate agent keys, set expiry dates, and block expired agents from heartbeating. | Authorization Chain |
Enterprise gating
Some features require enterprise mode on the network. Others work for all networks.
| Requires enterprise | Available to all networks |
|---|---|
| RBAC roles (promote, demote, kick) | Network create / join / leave / delete |
| Ownership transfer | Membership listing |
| Per-network admin tokens | Audit log query (global) |
| Invite flow | Key rotation |
| Directory sync | Hostname & visibility changes |
| Port policies | Tags & discovery |
| Blueprint provisioning | Trust & handshakes |
Attempting an enterprise operation on a non-enterprise network returns an error. The set_network_enterprise command toggles the flag without affecting existing membership.
What’s next
Start with the feature most relevant to your deployment:
- RBAC & Access Control — roles, permissions, invites, and the authorization chain
- Identity & SSO — connect OIDC, SAML, Entra ID, or LDAP; validate JWTs; sync directories
- Network Policies — membership caps, port whitelists, and metadata
- Audit & Compliance — structured logging, export to SIEMs, webhooks
- Blueprints — provision entire networks from a single JSON document