Every seat. Every session. One admin console.
Model control, user management, AI Firewall policy, alerts, and a complete audit log — operable by your IT director without engineering support.
Built for the person who has to answer for it.
Org dashboard
Active users, prompt volume, model mix, AI Firewall events, and compliance alerts on a single screen. Filterable by team and date range.
User management
SSO/SAML, SCIM provisioning, role-based access. Add, remove, suspend. Assign Model Groups and Firewall policies per user or per team.
Model control
Enable or disable any of the 47 models org-wide or per Model Group. Set defaults. Surface model deprecation notices before they affect users.
Firewall policy editor
Per filter category — PII, PHI, PCI, credentials, government IDs, custom — choose Hard Block, User Warning, or Silent Reconstitute. Different policies per Model Group.
Compliance alerts
Email, Slack, or webhook on Firewall events that match a rule. Threshold-based (e.g. >5 PHI Hard Blocks/hour) or category-based (any classified-term match).
Audit logs
Every prompt, every model selection, every Firewall decision, every admin action — logged from day one, retained per your policy, exportable on demand.
Standard reports today. Custom dashboards on Business and Enterprise.
| Capability | Team | Business | Enterprise |
|---|---|---|---|
| Standard usage reports | Yes | Yes | Yes |
| AI Firewall event report | Yes | Yes | Yes |
| AWS QuickSight dashboards | — | Yes | Yes |
| Reporting API | — | Yes | Yes |
| Custom dashboards (Pro Services) | — | Available | Included hours |
| Log retention | 90 days | 1 year | Configurable |
| Export formats | CSV | CSV, JSON, Parquet | CSV, JSON, Parquet, BYO sink |
An in-product visualization UI for log browsing is on the near-term roadmap. Until it ships, logs are accessible through the reporting layer and the API.
A read-only mirror of your production tenant.
Sandbox Mode (Business and Enterprise) gives security and compliance reviewers a read-only mirror of your production tenant — same admin console, same audit log shape, no live user data. Use it to walk an auditor through how Backplain works without exposing real prompts, and to test policy changes before promoting them to production.
Operable in any of the five hosting shapes.
The admin console runs in multi-tenant SaaS, in your own AWS / Azure / GCP, in a fully managed private cloud, in a fully isolated environment, or on dedicated bare metal in our private San Diego Tier 3 data center. The capabilities are the same; the data residency answer is the one your governance policy requires.
20 minutes with the product team.
A real walkthrough of the admin console — not a slide deck.