🏢 Enterprise Features

Advanced security, compliance, and customization features for enterprise deployments.

Enterprise Plan Required: The features on this page are available on the Enterprise plan. View pricing →

Single Sign-On (SSO)

Enable SSO to allow your team to sign in using your existing identity provider.

Supported Providers

Okta
Azure AD
Google Workspace
OneLogin
Auth0
PingIdentity
JumpCloud
Custom SAML

SAML 2.0 Configuration

# Aether SAML Configuration
ACS URL: https://auth.aetherai.support/saml/acs
Entity ID: https://aetherai.support
Metadata URL: https://auth.aetherai.support/saml/metadata

# Required Attributes
- email (required)
- firstName
- lastName
- groups (for role mapping)

Setup Steps

  1. Go to SettingsSecuritySSO
  2. Click Configure SSO
  3. Select your identity provider
  4. Copy the ACS URL and Entity ID to your IdP
  5. Upload your IdP metadata or enter manually
  6. Map IdP groups to Aether roles
  7. Test the connection
  8. Enable SSO enforcement (optional)

SCIM Provisioning

Automatically sync users and groups from your identity provider.

# SCIM Endpoint Configuration
SCIM Base URL: https://api.aetherai.support/scim/v2
Authentication: Bearer Token

# Supported Operations
- GET /Users
- GET /Users/{id}
- POST /Users
- PUT /Users/{id}
- PATCH /Users/{id}
- DELETE /Users/{id}
- GET /Groups
- POST /Groups
- PATCH /Groups/{id}

Automatic Provisioning

  • Create users automatically when added to IdP group
  • Deactivate users when removed from IdP
  • Sync role changes based on group membership
  • Update user attributes (name, email, department)

Audit Logs

Complete visibility into all actions taken in your account for compliance and security.

Tracked Events

User Actions
  • • Login / Logout
  • • Password changes
  • • Role modifications
  • • API key creation/revocation
Data Access
  • • Ticket views and exports
  • • Customer data access
  • • Knowledge base edits
  • • Settings changes
// Query audit logs via API
const logs = await aether.audit.list({
  startDate: '2024-01-01',
  endDate: '2024-01-31',
  action: 'ticket.export',
  actor: 'user@company.com',
  limit: 100,
});

// Example log entry
{
  "id": "log_123",
  "timestamp": "2024-01-15T10:30:00Z",
  "action": "ticket.export",
  "actor": {
    "id": "user_456",
    "email": "admin@company.com",
    "ip": "192.168.1.1"
  },
  "resource": {
    "type": "ticket",
    "id": "TKT-789"
  },
  "metadata": {
    "format": "csv",
    "recordCount": 150
  }
}

Log Retention

  • Business: 90 days
  • Enterprise: 1 year (configurable up to 7 years)
  • • Export to your SIEM (Splunk, Datadog, etc.)

Data Residency

Choose where your data is stored to meet regulatory requirements.

Available Regions

🇺🇸

United States

us-east-1

🇪🇺

Europe (Ireland)

eu-west-1

🇩🇪

Europe (Frankfurt)

eu-central-1

🇬🇧

UK (London)

eu-west-2

🇦🇺

Asia Pacific (Sydney)

ap-southeast-2

🇯🇵

Asia Pacific (Tokyo)

ap-northeast-1

Note: Data residency must be selected during account creation and cannot be changed afterward. Contact sales for multi-region deployments.

Compliance & Security

Enterprise-grade security certifications and compliance standards.

Certifications

🔒

SOC 2 Type II

📋

ISO 27001

🇪🇺

GDPR

🏥

HIPAA

🌴

CCPA

💳

PCI DSS

🏛️

FedRAMP

CSA STAR

Security Features

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • IP allowlisting
  • MFA enforcement
  • Session management
  • Role-based access control
  • API rate limiting
  • DDoS protection

Need Enterprise Features?

Contact our sales team to discuss enterprise requirements and get a custom quote.