Product / Enterprise

EP Enterprise

Hardened deployment for regulated environments that require private infrastructure, data residency, and compliance-grade evidence.

Request Enterprise Pilot

Enterprise capabilities

EP Enterprise provides the full trust-control plane deployed within your infrastructure. Every feature available in EP Cloud, plus the controls required by regulated environments.

VPC / private deployment

EP runs entirely within your infrastructure boundary. No trust data, policy configurations, or signoff records leave your network. Reference AWS CloudFormation template ships in infrastructure/aws/.

SSO — SAML 2.0 + OIDC

Approvers and admins authenticate through your IdP (Okta, Entra ID, Ping, Google). SAML Service Provider and OIDC Relying Party are built in; signature validation uses vetted libraries, never custom crypto. A successful login mints a signed EP session; the IdP client secret is sealed at rest (AES-256-GCM). Your live IdP tenant is connected during onboarding.

SCIM 2.0 provisioning

Provision — and deprovision — the named humans who can sign off, directly from your directory (RFC 7643/7644: Users, Groups, deactivation, filtering). A provisioned human becomes eligible to enroll a signing passkey; offboarding in your IdP revokes their signing credentials in the same sync.

Air-gapped deployment

A self-contained offline installer: build the bundle on a connected machine, transfer one tarball, install with no network. The running stack has no route off the host — enforced by the network driver, not configuration discipline. The full run on your isolated hardware is validated during onboarding.

Data residency

All trust data, event records, and policy configurations reside in your chosen jurisdiction. Meet data sovereignty requirements without architectural compromise.

Evidence retention & legal hold

Receipts are durable, offline-verifiable evidence by construction. Formal retention policies and legal-hold workflows are scoped per engagement (roadmap); today: full event search and audit-report export.

Regulator artifact exports

Generate structured evidence packages for regulatory examination, mapped to control families used in SOX and sector-specific frameworks (full FISMA / PCI-DSS mapping is roadmap).

Investigation tooling

Query and reconstruct action sequences across time, principals, and trust surfaces via the events API and audit reports. A dedicated forensic investigation mode is engagement-scoped (roadmap).

Delegated administration

Hierarchical administration with scoped permissions. Delegate policy management, signoff configuration, and evidence access to business units without granting global control.

Roadmap (pilot-track)

Asked-for, not yet shipped.

Items below come up in nearly every enterprise pilot conversation. They are scoped per engagement rather than shipped off-the-shelf.

On-prem Kubernetes / VMware / OpenShift packaging

Container images, AWS CFN templates, and the air-gap compose bundle ship today. Helm charts, OpenShift operators, and VMware OVF templates are roadmap — pilots needing them get them as part of the engagement.

PIV / CAC / Login.gov integration

Government identity rails beyond SAML/OIDC — smart-card (PIV/CAC) authentication and Login.gov (private_key_jwt) — are pilot-track for federal engagements.

Deployment models

EP Enterprise supports multiple deployment topologies based on your security requirements and infrastructure constraints.

Customer VPC (AWS today)

EP control plane deployed in your cloud account. You control the network boundary, encryption keys, and data lifecycle. We provide the container images, the AWS CloudFormation template (infrastructure/aws/template.yaml), configuration, and operational runbooks.

Private cloud / on-prem (pilot-track)

On-premises deployment for environments that require physical infrastructure control. Container images run anywhere Linux runs; Helm charts, OpenShift operators, and VMware OVF templates are scoped per pilot rather than shipped as off-the-shelf artifacts.

Air-gapped

A self-contained offline installer (deploy/airgap/): build the bundle on a connected machine, transfer one tarball, and install with no network — the running stack has no route off the host, enforced by the network driver. The bundle is built and statically validated in CI (self-containment audit plus a proof that receipts verify with zero network); the full no-egress container run and the deployment on your certified-isolated hardware are performed together during onboarding.

Hybrid

Policy management and event explorer in EP Cloud. Signoff orchestration and evidence storage in your infrastructure. Minimizes operational burden while maintaining data residency for sensitive records.

Request Enterprise Pilot

Name

Organization

Title

Trust surface of interest

Problem description

Notes