> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cassidyai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Enterprise readiness

> Full control over deployment, access, AI governance, and extensibility for IT and operations teams.

Cassidy gives IT and operations teams full control over deployment, access, and AI governance. Here's what's available out of the box.

## Single Sign-On

Cassidy supports SAML 2.0 SSO with any compatible identity provider, including Okta and Microsoft Entra ID. Your team signs in with existing credentials. SAML role mappings can grant privileges automatically, and SAML group mappings can place users into the right resource visibility groups.

<Card title="Set up SSO" icon="key" href="/settings/sso">
  Step-by-step SSO configuration guide.
</Card>

## Roles and privileges

Managed roles and custom roles give you fine-grained control over what each person can do in Cassidy. Use roles to control privileges like creating Agents, editing Workflows, adding to the Knowledge Base, recording meetings, inviting members, managing billing, or configuring SSO. Use groups to control which shared resources each team can access.

<Card title="Assign roles and groups" icon="users" href="/settings/roles-and-groups">
  Configure roles, custom privileges, and visibility groups.
</Card>

## Knowledge Base access controls

Knowledge Base content is organized into collections, each with its own access settings. Collections can be open to the whole organization, restricted to specific groups or individuals, or kept private. Sensitive content can live in Cassidy without being accessible to everyone.

<Card title="Manage Knowledge Base permissions" icon="lock" href="/knowledge-base/permissions-and-structure">
  Configure collection-level access controls.
</Card>

## Knowledge verification

Admins can flag Knowledge Base documents as potentially outdated and require them to be reviewed before Agents continue using them. This gives teams a lightweight governance layer to ensure the information powering your Agents stays accurate and current.

<Card title="Verify documents" icon="circle-check" href="/knowledge-base/verify-documents">
  Set up document verification.
</Card>

## Agent and Workflow controls

Agents and Workflows can be shared with specific groups, kept private, or made available to the whole organization. Both can be organized into folders with their own permission settings. Workflows support external deployment via webhooks and inbound email triggers for integration into other systems. Agents support draft and publish versioning with full version history, so changes can be reviewed before they go live.

<CardGroup cols={2}>
  <Card title="Share and manage Agents" icon="robot" href="/agents/sharing-and-management">
    Agent permissions, folders, and versioning.
  </Card>

  <Card title="Share and deploy Workflows" icon="diagram-project" href="/workflows/sharing-and-deployment">
    Workflow permissions, folders, and external deployment.
  </Card>
</CardGroup>

## Meeting access controls

Meeting recordings default to private and can be shared with specific people, groups, or the whole organization. Admins can set up automated sharing rules that apply access settings based on defined conditions, so the right teams always have access without manual sharing.

<Card title="Manage meeting permissions" icon="video" href="/meetings/sharing-and-permissions">
  Configure meeting sharing and access rules.
</Card>

## Data retention

Enterprise customers can configure automated retention policies for Workflow run history. Set a custom retention window to automatically purge run data after a defined period, or retain it indefinitely. Manual deletion is always available. All data is permanently deleted when an account is closed.

<Card title="Configure data retention" icon="clock" href="/workflows/advanced/data-retention">
  Set up automatic data retention policies.
</Card>

## Global AI governance

Admins can set organization-wide instructions that apply to every Agent and Workflow across the organization. Use this to enforce tone, restrict certain language, add compliance disclaimers, or ensure consistent behavior regardless of how individual Agents are configured.

<Card title="Configure global instructions" icon="sliders" href="/settings/global-instructions">
  Set organization-wide AI instructions.
</Card>

## Default Agent configuration

Admins control which Agents appear by default for team members when they open a new chat. This ensures new users land in the right context without needing to hunt for the right Agent.

<Card title="Configure default Agents" icon="robot" href="/settings/default-agents">
  Set the default Agents for your organization.
</Card>

## Observability and AI usage monitoring

The usage dashboard surfaces credit consumption by user, Workflow run volumes, Knowledge Base storage, and meeting hours. Workflow run history logs every execution with inputs, outputs, and step-level results for auditing and debugging. Per-user credit limits and alert thresholds give admins proactive control over spend.

<CardGroup cols={2}>
  <Card title="Monitor usage" icon="chart-line" href="/settings/monitor-usage">
    Track organization-wide usage and credits.
  </Card>

  <Card title="Set credit alerts and limits" icon="bell" href="/settings/credit-alerts-and-limits">
    Configure per-user credit limits and alerts.
  </Card>
</CardGroup>

## Secret management

API keys, passwords, and other sensitive credentials used in Workflows are stored as encrypted secret keys rather than plain text values. Secrets can be scoped to specific users or groups so only authorized team members can use them in Workflow actions. Once saved, secret values are never exposed in the Workflow editor or run history.

<Card title="Use secret keys" icon="key" href="/workflows/advanced/secret-keys">
  Store and manage encrypted credentials for Workflows.
</Card>

## Custom integrations and extensibility

Cassidy integrates natively with most enterprise tools. For everything else, Workflows can send API requests to any external system, accept webhook and email triggers from any source, run custom code for advanced logic, and connect Agents to internal systems via MCP servers.

Most integrations are point-and-click. The edge cases are covered by code.

<CardGroup cols={2}>
  <Card title="Browse integrations" icon="plug" href="/integrations/overview">
    Native integrations catalog.
  </Card>

  <Card title="Send API Request" icon="code" href="/reference/actions/send-api-request">
    Connect to any external API.
  </Card>

  <Card title="MCP servers" icon="server" href="/agents/connectors/mcp-servers">
    Connect Agents to custom systems.
  </Card>

  <Card title="Connect non-native apps" icon="puzzle-piece" href="/integrations/connect-non-native-apps">
    Webhooks, API requests, and custom code.
  </Card>
</CardGroup>

## Managed MCP servers and native Agent connectors

Cassidy supports MCP, giving Agents the ability to connect to virtually any external system. Unlike consumer AI tools, Cassidy's MCP is admin-controlled: only admins can register servers, access is scoped per user or group, and every tool carries its own permission setting (always allowed, requires approval, or disabled). All actions are logged and data retrieved through MCP is never stored.

Cassidy also provides native connectors for HubSpot, Salesforce, Airtable, Snowflake, BigQuery, and ServiceNow with the same permissioning model. Users connect their own accounts so Agents only access data they're authorized to see. Any connector action that modifies data requires explicit in-chat approval before it executes.

<CardGroup cols={2}>
  <Card title="Agent connectors" icon="plug" href="/agents/connectors/overview">
    Native connectors for CRMs, data warehouses, and more.
  </Card>

  <Card title="MCP servers" icon="server" href="/agents/connectors/mcp-servers">
    Connect Agents to any system via MCP.
  </Card>
</CardGroup>

## Native OAuth integrations

All native integrations connect through standard OAuth or API key authentication. Cassidy only requests the scopes needed for each integration, and credentials are encrypted and stored separately from content data. Users connect their own accounts through the standard OAuth flow. For shared service accounts, admins can set up centralized connections with controlled scope.

<Card title="Browse integrations" icon="plug" href="/integrations/overview">
  See all available integrations.
</Card>

## Multi-organization support

Cassidy supports multiple separate organizations under the same login, useful for companies managing multiple divisions, brands, or client environments that require strict data separation.

<Card title="Manage multiple accounts" icon="buildings" href="/settings/multiple-accounts">
  Set up and switch between organizations.
</Card>

## Deploy Cassidy wherever your team works

Agents can be deployed wherever your team already works: Slack, Microsoft Teams, Outlook, Word, Excel, Chrome, Edge, email, embedded in any website, or accessed via API. All deployment surfaces operate under the same security model as the main platform.

<CardGroup cols={2}>
  <Card title="Deploy to Slack" icon="slack" href="/integrations/slack/deploy-agent">
    Deploy an Agent into Slack.
  </Card>

  <Card title="Deploy to Teams" icon="users" href="/agents/deploy/microsoft-teams">
    Deploy an Agent into Microsoft Teams.
  </Card>

  <Card title="Deploy via email" icon="envelope" href="/agents/deploy/email">
    Deploy an Agent to a dedicated email address.
  </Card>

  <Card title="Embed an Agent" icon="window-maximize" href="/agents/deploy/embed">
    Embed an Agent in any website or portal.
  </Card>

  <Card title="Agent API" icon="code" href="/agents/deploy/api">
    Access Agents via API.
  </Card>
</CardGroup>

***

For questions about enterprise deployment, contact [support@cassidyai.com](mailto:support@cassidyai.com) or visit [trust.cassidyai.com](https://trust.cassidyai.com/).