🎬 New — watch the 2-minute guide videos →

Enterprise

Run AI for a company,
not a hobby.

A personal API key is fine for a weekend project. A company needs identity from its own IdP, budgets that are enforced, not suggested, and data-residency it can prove per request. BharatRouter ships all three at the gateway — with INR billing and GST invoices your finance team will actually accept.

Talk to us — [email protected] Start free

Three pillars

What “enterprise” means here

🔐

Identity & access

SAML 2.0 SSO handled in the gateway — no third-party identity broker in your data path — with SCIM provisioning, verified company domains, and auto-join so colleagues land in your org, not in personal accounts.

🧮

Governance & cost

Roles, model and provider allowlists, org-wide system instructions injected at the gateway, an append-only audit log — and hard budget caps at five scopes where the tightest cap wins.

🇮🇳

Residency & privacy

data_policy: india_only routing enforced per request, zero-retention inference by default under DPDP, and per-provider transit disclosure so you can show your DPO exactly where data goes.

Getting your company on

From zero to SSO in four steps

1

Create your org

Sign in and create an organization — you’re the owner, teammates get roles.

2

Verify your domain

Add up to 20 company domains and prove each with a DNS TXT record.

3

Connect your IdP

Point your SAML IdP at the gateway; members provision just-in-time — or push them via SCIM. Flip on require-SSO when ready.

4

Everyone auto-joins

Anyone signing in with a company email lands in your org — existing accounts included.

Step-by-step guides: SSO (SAML) · Teams, domains & workspaces · API keys & limits

Budgets · tightest cap wins

Spend limits that are enforced, not suggested

Set a hard cap at any of five scopes. Every request is checked against all of them at the gateway and the tightest cap wins — a runaway agent hits its key’s ceiling long before it dents the org’s.

org

The company ceiling

One hard cap on everything the organization spends — the number your CFO signs off on.

team

Per team

Give the ML platform team and the support-bot team separate envelopes.

workspace

Per environment

Keep production spend fenced off from staging and experiments — with per-provider and per-model caps inside a workspace.

member

Per person

A developer’s experiments stop at their own cap, not the company’s.

key

Per key

The tightest fence — cap a single API key powering a single integration.

Pair caps with the usage & activity export (CSV / JSON API) for month-end reconciliation.

Shipped, not promised

Everything on the enterprise plane

01
🔐

Sovereign SSO — SAML 2.0, in-gateway

SAML 2.0 is handled inside the gateway itself — no third-party identity broker sits in your data path. Configure your own IdP per org, provision members just-in-time on first sign-in, and turn on require-SSO so every member must come through it.

02
🔄

SCIM 2.0 provisioning

Drive membership from your directory: joiners are provisioned automatically, and the moment IT removes a leaver they are deprovisioned here too — no orphaned accounts still holding keys.

03
🌐

Verified domains & auto-join

Add up to 20 company domains and prove ownership with a DNS TXT record. From then on, colleagues signing in with a company email land in your org — new signups auto-join, existing users are captured, and anyone can self-serve join.

04
🧭

Roles & egress control

Owner, admin and member roles, plus allowlists and denylists for exactly which models and providers your org’s traffic may reach — enforced at the gateway on every request, not in a client library.

05
📜

Org instructions & audit log

Inject org-wide system instructions at the gateway so policy rides every request regardless of the calling app — and review an append-only audit log of who changed what, and when.

06
🧮

Hard budget caps, five scopes deep

Caps at org, team, workspace, member and key level — the tightest cap wins, enforced at the gateway. Inside a workspace, add per-provider and per-model caps on top.

07
📤

Usage & activity export

Every request is attributed — by member, key, workspace, model and provider — and exportable as CSV or over the JSON API for your own finance and reporting pipelines.

08
🇮🇳

Residency & zero retention

Send data_policy: india_only and requests route only to India-resident endpoints — enforced per request. Inference is zero-retention by default (DPDP), with per-provider transit disclosure so you can see where bytes travel.

09
🧾

India-native billing

An INR-canonical prepaid wallet, GST tax invoices, and payments via Razorpay. Your finance team gets rupee numbers and Indian paperwork, not a foreign card statement.

10
🪪

Agent identity via Ekam

Your agents authenticate with short-lived, verifiable identities instead of long-lived API keys — revocable centrally, attributed per agent, billed to the right org.

Compliance posture, privacy policy and DPDP notes live on the legal page.

In developer beta — and honest about it

Everything on this page is live in the product today. What we don’t have yet is a paid SLA tier — so while we’re in beta, enterprise evaluations are handled directly by the team. Tell us what you’re building and we’ll get your org, domains and IdP set up with you.

Talk to us — [email protected] Start free