What you can configure
Workspace
The organization’s identity — who it is and how members leave or delete it.General
Organization name, organization ID, leave, and delete.
User & Roles
Members, invitations, roles, and the permission model.
Identity & Access
How people sign in and what the platform lets them do.SSO Configuration
Microsoft Entra ID and generic OIDC single sign-on, with break-glass emergency access.
SCIM Provisioning
Automatic user creation and removal driven by Microsoft Entra ID.
User sync & group mappings
Map identity-provider groups to NeuralTrust platform roles.
Integrations
Org-level providers and hostnames used across products.Models
LLM and embeddings providers used by NeuralTrust features.
Custom Domain
Serve the NeuralTrust app on a hostname you own via a CNAME.
Telemetry
Turn TrustGuard and TrustGate telemetry into prioritized alerts and forward them to your SIEM. These live under the Telemetry product nav, not Platform Settings.Alerts
Predefined detection use cases and custom rules over TrustGuard and TrustGate telemetry, with severity, status, and assignment.
Use Cases
Author custom rules — conditions, time windows, field catalog, and rule preview.
Integrations
Forward OCSF alert findings to Splunk, Elastic, IBM QRadar, Microsoft Sentinel, Datadog, or a webhook.
Audit & Compliance
Evidence for SOC2 and incident response, plus the platform’s security posture and data-privacy model.Audit Logs
SOC2-grade security event log with filtering, search, and export.
Security posture
Platform-wide authentication, access control, networking, and encryption guarantees.
Data privacy
Data sovereignty, GDPR / HIPAA / SOX compliance, and the privacy-by-design architecture.
Infrastructure
Where the NeuralTrust app and its data plane actually live — and how to deploy them.Data plane (Advanced)
Provision a hybrid data plane in your own AWS, GCP, or Azure account — or connect an existing one.
Architecture
Control plane, data plane, and deployment modes (SaaS, Hybrid).
Deployment guides
Cloud-specific install guides for AWS, Azure, GCP, Kubernetes, and Docker.
Who can do what
Access is driven by platform roles and per-product permission levels. See User & Roles for the full model.Recommended setup order
For a fresh organization, configure Platform Settings in this order:- General — set a human-readable organization name.
- SSO Configuration — pick Microsoft Entra ID or generic OIDC.
- Break-glass access — add at least one emergency path before enforcing SSO.
- SCIM Provisioning (Entra ID) — automate user creation and removal.
- Group mappings — map IdP groups to NeuralTrust platform roles.
- User & Roles — invite anyone not provisioned by SCIM and assign access.
- Integrations — forward alert findings to your SIEM.
- Custom Domain — if you want the app on your own hostname.
- Advanced — provision a hybrid data plane if you’re on a Hybrid plan.
Prerequisites
- NeuralTrust account with Owner, Global Admin, or IAM Admin access (depending on the task).
- For SSO: administrator access to your identity provider.
- For hybrid provisioning: admin access to the target AWS / GCP / Azure account.
- For custom domain: control over the DNS zone of the domain you want to use.