Platform Settings
Enterprise-grade AI governance control plane configuration
Environments & Organization Structure
Configure deployment environments and organizational hierarchy
Environments
Environments provide isolation for models, controls, and policies across different deployment stages. Each environment maintains separate data stores and evidence chains.
Production
production
Staging
staging
Development
development
Impact: Environment configuration affects which models and controls apply where, data storage locations, and evidence collection scope.
Organizations & Workspaces
Organizational units allow multi-tenant governance across subsidiaries, brands, or regions. Each organization can have independent policies, user permissions, and compliance frameworks.
Headquarters
headquarters
EMEA Region
region
APAC Region
region
Permissions: Users inherit base permissions from their organization, then can be granted additional role-specific access.
Identity & Access Management
Configure SSO, user provisioning, and authentication
Single Sign-On (SSO)
Integrate with your identity provider for centralized authentication. Supports SAML 2.0 and OpenID Connect (OIDC) protocols.
Enable OIDC/SAML
Single sign-on with OpenID Connect or SAML 2.0
SCIM Provisioning
Automated user lifecycle management with System for Cross-domain Identity Management (SCIM 2.0). Users and groups are automatically synchronized from your IdP.
Enable SCIM 2.0
Automated user provisioning and deprovisioning
Role-Based Access Control (RBAC)
Manage predefined roles and permissions
Predefined Roles
Roles define what users can view and modify. Assign roles based on job function to enforce least-privilege access. Roles are linked to IdP groups when SSO is enabled.
Organization Admin
3 usersFull administrative access across all resources
Permissions:
- View all models, controls, policies
- Edit all governance resources
- Manage users and access
- Configure integrations
- Export audit logs and evidence
- Delete resources
CISO
2 usersSecurity and compliance oversight
Permissions:
- View all governance data
- Approve/reject high-risk models
- Access audit logs and evidence
- Generate compliance reports
- View security posture metrics
Compliance Lead
5 usersManage compliance frameworks and evidence
Permissions:
- View/edit controls and policies
- Manage evidence collection
- Generate compliance reports
- View audit logs
- Access framework mappings
Model Owner
18 usersManage specific AI models and their governance
Permissions:
- View/edit assigned models
- Upload evidence for owned models
- View applicable controls
- Submit for approval
- View monitoring metrics
Viewer
35 usersRead-only access to governance data
Permissions:
- View models and controls
- View compliance status
- Access reports
- View dashboards
Auditor
4 usersAccess audit trails and evidence
Permissions:
- View audit logs
- Access evidence ledger
- Export compliance evidence
- View all governance data
- Generate audit reports
Custom Roles: Enterprise plans support custom role creation with granular permission assignment for controls, inventory, policies, evidence, and settings.
Permission Matrix
Simplified view of role capabilities across key governance areas.
| Role | View | Edit | Approve | Delete | Export |
|---|---|---|---|---|---|
| Org Admin | |||||
| CISO | — | — | |||
| Compliance Lead | — | — | |||
| Model Owner | — | — | — | ||
| Viewer | — | — | — | — | |
| Auditor | — | — | — |
Platform Integrations
Connect AI platforms and tools for discovery and telemetry
Connected Integrations
Integrations enable automated model discovery, runtime telemetry collection, evaluation result ingestion, and evidence gathering. Each integration shows what data is being synced and operational status.
OpenAI Platform
jira Integration
Synced Data:
- Model Discovery
- Usage Telemetry
- Fine-tune Tracking
Anthropic Console
slack Integration
Synced Data:
- Model Discovery
- Prompt Logs
- Safety Evals
AWS Bedrock
github Integration
Synced Data:
- Model Discovery
- CloudWatch Metrics
- GuardRails
Integration Dependencies: Model discovery requires platform integrations. Runtime monitoring requires both platform integration and telemetry SDK. Evaluation hub requires platform API access or webhook configuration.
API Keys & Programmatic Access
Manage API keys for data ingestion and report retrieval
API keys enable programmatic access for model ingestion, evidence upload, metric retrieval, and report generation. Keys can be scoped to specific operations and environments.
API Keys
Manage API keys for programmatic access
| Name | Key Prefix | Scopes | Created | Last Used | Actions |
|---|---|---|---|---|---|
Production API | stratum_a1b2c3d4... | read:modelswrite:modelsread:controls | 3 months ago | about 1 hour ago | |
CI/CD Pipeline | stratum_e5f6g7h8... | read:modelsread:evidenceadmin:all | about 1 month ago | 1 day ago |
API Documentation: Full API reference available at https://docs.stratum.ai/api with code examples in Python, Node.js, and cURL.
Notifications & Alerts
Configure alert channels and triggers
Email Notifications
Critical alerts
High-severity policy violations and incidents
Incident notifications
New incidents raised by detection systems
Evaluation failures
Model evaluation results below threshold
Shadow AI detected
New unapproved AI models discovered
Evidence expiring
Attestations and evidence nearing expiration
Weekly digest
Summary of governance activities and metrics
Slack Notifications
Webhook Configuration
Webhooks enable real-time event streaming to external systems. Supported events: incidents raised, policy violations, evaluation failures, shadow AI detection, evidence expiration.
Data Residency & Privacy
Configure data storage, retention, and privacy controls
Data Residency
Control where your governance data is stored to meet regional compliance requirements (GDPR, data sovereignty laws). Evidence, audit logs, and telemetry are stored in your selected region.
Enforce data residency
Prevent data from leaving selected region
GDPR & EU AI Act: EU regions include built-in compliance with GDPR data protection requirements and EU AI Act high-risk system documentation standards.
Data Retention Policies
Configure how long different types of data are retained. Longer retention supports forensic analysis but increases storage costs.
Model prompts and responses (default: 90 days)
System activity logs (default: 365 days)
Compliance evidence and attestations (default: 2555 days / 7 years)
Auto-delete expired data
Automatically remove data past retention period
Privacy Controls
Privacy-enhancing technologies to minimize sensitive data exposure while maintaining governance capabilities.
PII Pseudonymization
Replace personal identifiers with pseudonyms
Data Minimization
Store only essential data for governance
Security Posture
Security controls and compliance readiness
Active Security Controls
Enterprise-grade security controls protecting your AI governance data and operations.
Encryption at Rest
All data encrypted with AES-256 encryption
Encryption in Transit
TLS 1.3 for all network communications
Multi-Factor Authentication
Require MFA for all administrative access
Session Management
Automatic timeout after 60 minutes
Compliance Readiness Indicators
Configuration status for common compliance frameworks and security standards.
SOC 2 Type II Ready
All SOC 2 Trust Services Criteria controls configured
- Audit logging enabled with tamper-evident signatures
- Access controls and RBAC fully configured
- Data encryption at rest and in transit
GDPR Compliant Configuration
Data protection controls meet GDPR Article 32 requirements
- EU data residency enabled (EU West region)
- PII pseudonymization and minimization active
- Data retention policies configured
EU AI Act High-Risk Systems
Technical documentation and record-keeping requirements met
- Comprehensive audit logs and evidence ledger
- Human oversight and intervention tracking
- Risk assessment and mitigation documentation
Audit Logs
View system activity logs
Complete audit trail of all administrative actions, policy changes, role updates, and integration modifications. Audit logs are cryptographically signed and form part of the evidence ledger for compliance purposes.
Audit Logs
View and export system activity logs
| Timestamp | User | Action | Entity | IP Address |
|---|---|---|---|---|
| Nov 11, 2025 21:55:22 | sarah.chen@company.com | login | OpenAI GPT-4o Model | 192.168.1.1 |
| Nov 11, 2025 20:55:22 | marcus.rodriguez@company.com | create | Risk Assessment Documentation Control | 192.168.1.2 |
| Nov 11, 2025 19:55:22 | jennifer.kim@company.com | update | Performance Report Oct-2025 Evidence | 192.168.1.3 |
| Nov 11, 2025 18:55:22 | sarah.chen@company.com | delete | OECD AI Principles Framework | 192.168.1.4 |
| Nov 11, 2025 17:55:22 | marcus.rodriguez@company.com | export | HR Policy Fine-tune v3 Model | 192.168.1.5 |
| Nov 11, 2025 16:55:22 | jennifer.kim@company.com | login | Bias Testing Framework Control | 192.168.1.6 |
| Nov 11, 2025 15:55:22 | sarah.chen@company.com | create | Model Card v2.3 Evidence | 192.168.1.7 |
| Nov 11, 2025 14:55:22 | marcus.rodriguez@company.com | update | ISO/IEC 42001 Framework | 192.168.1.8 |
| Nov 11, 2025 13:55:22 | jennifer.kim@company.com | delete | Google Gemini Pro Vision Model | 192.168.1.9 |
| Nov 11, 2025 12:55:22 | sarah.chen@company.com | export | Risk Assessment Documentation Control | 192.168.1.10 |
| Nov 11, 2025 11:55:22 | marcus.rodriguez@company.com | login | Compliance Evidence Pack Evidence | 192.168.1.11 |
| Nov 11, 2025 10:55:22 | jennifer.kim@company.com | create | NIST AI RMF Framework | 192.168.1.12 |
| Nov 11, 2025 09:55:22 | sarah.chen@company.com | update | OpenAI GPT-4o Model | 192.168.1.13 |
| Nov 11, 2025 08:55:22 | marcus.rodriguez@company.com | delete | Bias Testing Framework Control | 192.168.1.14 |
| Nov 11, 2025 07:55:22 | jennifer.kim@company.com | export | Performance Report Oct-2025 Evidence | 192.168.1.15 |
| Nov 11, 2025 06:55:22 | sarah.chen@company.com | login | EU AI Act Framework | 192.168.1.16 |
| Nov 11, 2025 05:55:22 | marcus.rodriguez@company.com | create | HR Policy Fine-tune v3 Model | 192.168.1.17 |
| Nov 11, 2025 04:55:22 | jennifer.kim@company.com | update | Risk Assessment Documentation Control | 192.168.1.18 |
| Nov 11, 2025 03:55:22 | sarah.chen@company.com | delete | Model Card v2.3 Evidence | 192.168.1.19 |
| Nov 11, 2025 02:55:22 | marcus.rodriguez@company.com | export | Internal AI Governance Policy Framework | 192.168.1.20 |
Evidence Connection: Audit logs are automatically included in compliance evidence packs and can be exported for external auditor review.
Advanced Configuration
System maintenance and data management
Configuration Management
Danger Zone
Reset to Defaults
This will reset all settings to their default values
Delete All Demo Data
Permanently delete all demo data (type DELETE to confirm)