> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neuraltrust.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Platform Settings is where you manage your NeuralTrust organization — identity, users and roles, SSO, integrations, and workspace configuration.

Every NeuralTrust tenant is an **organization**. An organization holds your members, roles, SSO configuration, product access, and the products provisioned for you (TrustGate, TrustGuard, TrustLens, TrustTest, Telemetry). **Platform Settings** is the admin surface for everything that lives above the individual products.

Open it from the sidebar gear → **Platform settings**, or from product Settings when you drill into Platform.

## What you can configure

### Workspace

The organization's identity — who it is and how members leave or delete it.

<CardGroup cols={2}>
  <Card title="General" icon="settings" href="/platform/general">
    Organization name, organization ID, leave, and delete.
  </Card>

  <Card title="User & Roles" icon="users" href="/platform/users">
    Members, invitations, roles, and the permission model.
  </Card>
</CardGroup>

### Identity & Access

How people sign in and what the platform lets them do.

<CardGroup cols={2}>
  <Card title="SSO Configuration" icon="key-round" href="/platform/sso">
    Microsoft Entra ID and generic OIDC single sign-on, with break-glass emergency access.
  </Card>

  <Card title="SCIM Provisioning" icon="refresh-cw" href="/platform/scim">
    Automatic user creation and removal driven by Microsoft Entra ID.
  </Card>

  <Card title="User sync & group mappings" icon="git-branch" href="/platform/user-sync">
    Map identity-provider groups to NeuralTrust platform roles.
  </Card>
</CardGroup>

### Integrations

Org-level providers and hostnames used across products.

<CardGroup cols={2}>
  <Card title="Models" icon="brain" href="/platform/models">
    LLM and embeddings providers used by NeuralTrust features.
  </Card>

  <Card title="Custom Domain" icon="globe" href="/platform/custom-domain">
    Serve the NeuralTrust app on a hostname you own via a CNAME.
  </Card>
</CardGroup>

### Telemetry

Turn TrustGuard and TrustGate telemetry into prioritized alerts and forward them to your SIEM. These live under the Telemetry product nav, not Platform Settings.

<CardGroup cols={2}>
  <Card title="Alerts" icon="siren" href="/platform/alerts">
    Predefined detection use cases and custom rules over TrustGuard and TrustGate telemetry, with severity, status, and assignment.
  </Card>

  <Card title="Use Cases" icon="list-checks" href="/platform/use-cases">
    Author custom rules — conditions, time windows, field catalog, and rule preview.
  </Card>

  <Card title="Integrations" icon="database" href="/platform/alert-integrations">
    Forward OCSF alert findings to Splunk, Elastic, IBM QRadar, Microsoft Sentinel, Datadog, or a webhook.
  </Card>
</CardGroup>

### Audit & Compliance

Evidence for SOC2 and incident response, plus the platform's security posture and data-privacy model.

<CardGroup cols={2}>
  <Card title="Audit Logs" icon="scroll-text" href="/platform/audit-logs">
    SOC2-grade security event log with filtering, search, and export.
  </Card>

  <Card title="Security posture" icon="vault" href="/neuraltrust/security/overview">
    Platform-wide authentication, access control, networking, and encryption guarantees.
  </Card>

  <Card title="Data privacy" icon="fingerprint" href="/neuraltrust/data-privacy/overview">
    Data sovereignty, GDPR / HIPAA / SOX compliance, and the privacy-by-design architecture.
  </Card>
</CardGroup>

### Infrastructure

Where the NeuralTrust app and its data plane actually live — and how to deploy them.

<CardGroup cols={2}>
  <Card title="Data plane (Advanced)" icon="server" href="/platform/advanced">
    Provision a hybrid data plane in your own AWS, GCP, or Azure account — or connect an existing one.
  </Card>

  <Card title="Architecture" icon="layers" href="/neuraltrust/deployment/overview">
    Control plane, data plane, and deployment modes (SaaS, Hybrid).
  </Card>

  <Card title="Deployment guides" icon="cloud" href="/neuraltrust/deployment/overview">
    Cloud-specific install guides for AWS, Azure, GCP, Kubernetes, and Docker.
  </Card>
</CardGroup>

## Who can do what

Access is driven by **platform roles** and **per-product permission levels**. See [User & Roles](/platform/users) for the full model.

| Access                              | Scope                                                                                                                                                   |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Owner**                           | One accountable owner per organization. Everything a Global Admin can do, plus transfer ownership, final billing approval, and delete the organization. |
| **Global Admin**                    | Full admin across products and Platform Settings. Multiple Global Admins are allowed.                                                                   |
| **Break the Glass**                 | Emergency access equivalent to Global Admin, with password login and no MFA. See [Break-glass access](/platform/break-glass).                           |
| **Product Admin / Editor / Viewer** | Per-product levels (and optional gateway/collector scopes). Controls what someone can do inside each product.                                           |
| **IAM Admin**                       | Required to manage users, roles, SSO, SCIM, and most Integrations settings.                                                                             |

## Recommended setup order

For a fresh organization, configure Platform Settings in this order:

1. **[General](/platform/general)** — set a human-readable organization name.
2. **[SSO Configuration](/platform/sso)** — pick Microsoft Entra ID or [generic OIDC](/platform/generic-oidc-sso).
3. **[Break-glass access](/platform/break-glass)** — add at least one emergency path *before* enforcing SSO.
4. **[SCIM Provisioning](/platform/scim)** *(Entra ID)* — automate user creation and removal.
5. **[Group mappings](/platform/user-sync)** — map IdP groups to NeuralTrust platform roles.
6. **[User & Roles](/platform/users)** — invite anyone not provisioned by SCIM and assign access.
7. **[Integrations](/platform/alert-integrations)** — forward alert findings to your SIEM.
8. **[Custom Domain](/platform/custom-domain)** — if you want the app on your own hostname.
9. **[Advanced](/platform/advanced)** — provision a hybrid data plane if you're on a Hybrid plan.

## Prerequisites

* **NeuralTrust account** with **Owner**, **Global Admin**, or **IAM Admin** access (depending on the task).
* For SSO: administrator access to your identity provider.
* For hybrid provisioning: admin access to the target AWS / GCP / Azure account.
* For custom domain: control over the DNS zone of the domain you want to use.

## Support

If you hit an issue configuring the organization, reach out at [support@neuraltrust.ai](mailto:support@neuraltrust.ai).
