- contact@verticalserve.com
When InsightWorker spreads across a department, three things start to hurt: no central visibility into who is using what, no central policy on which models or tools are allowed, and no central distribution of the skills your best people have built. Enterprise solves all three without changing what individual users love about the product.
A control plane that pairs with your installed clients (CLI, VS Code, Desktop). Manage identity, policy, quotas, skills, and audit — from one admin UI.
Federated login via OIDC and SAML — Okta, Azure AD / Entra ID, Google Workspace, Ping. SCIM 2.0 sync so offboarded users lose access automatically. Device-bound client tokens; revoke a lost laptop in one click.
"Underwriting can use Bedrock Claude only. Data engineering can also use OpenAI." Pin specific models to specific skills. Block expensive providers (or expensive reasoning levels) below a defined seniority.
Set limits per user, per team, per model — daily, weekly, or monthly. Soft warnings at 80%, hard caps at 100%, manager-approved overage flow when the cap matters less than the work. Cost attribution per team, per skill, per day.
Your team's approved, signed agent behaviours — distributed automatically to every client. Compliance-reviewed underwriting templates, vetted DevOps runbooks, finance-approved digest formats. Versioned, signed, scoped per team.
Whitelist tools per team — "underwriters get read access to SharePoint and email drafting; they can't use bash or send_email." Centrally control auto-approve so a junior can't open dangerous gates on their own laptop.
Every agent run logged with user, model, tokens, tools invoked, skill used, success or failure. Configurable retention (1-7 years). Export to your SIEM (Splunk, Datadog, Elastic). Pre-built reports for SOC 2, GDPR, HIPAA evidence.
Org → Team → User policy hierarchy with inheritance and override. Roles for Admin, Team Lead, Member. Versioned policy with change history — see exactly who changed what, when, and roll back if needed.
Region-pin LLM calls ("Bedrock must use eu-central-1"). Force traffic through your corporate proxy. Disable public providers. Off-hours mode for change-windows. Skill code-review gates before anything enters the marketplace.
Run the control plane in your own VPC (Helm chart on EKS / AKS / GKE / OpenShift, or a single-VM installer) or use our SOC 2-aligned hosted version. Same code, your choice. Required for regulated buyers; convenient for everyone else.
Your prompts and completions stay between the client and your LLM tenant — exactly the way they do today. The control plane handles identity, policy, quotas, audit, and skill distribution. It never sees a prompt unless you opt in.
┌──────────────────────────┐ ┌──────────────────────────┐
│ InsightWorker clients │ auth │ Enterprise Control │
│ (CLI / VS Code / Desk.) │ ──────► │ Plane │
│ │ │ │
│ - User runs an agent │ policy │ - SSO (OIDC / SAML) │
│ - Client checks policy │ ◄───────│ - Policy engine │
│ - Client enforces limits│ │ - Quota counters │
│ - Client emits usage │ ──────► │ - Skills marketplace │
│ │ events │ - Audit log │
└─────┬────────────────────┘ │ - Admin web UI │
│ └──────────────────────────┘
│ LLM call (DIRECT — never through the control plane)
▼
┌─────────────────────────────────┐
│ Bedrock / OpenAI / Anthropic / │
│ Azure OpenAI / Vertex AI / ... │
│ (in your tenant, your keys) │
└─────────────────────────────────┘
The control plane sees metadata only — model, token counts, tools, timestamps, user. Prompt content is opt-in per tenant.
Customers bring their own Bedrock / Azure / OpenAI keys. The control plane never holds them. Pulls from your secret manager are supported.
If the control plane is unreachable, clients run on cached policy for up to 24 hours, then enter read-only mode. Never fail open.
The Enterprise control plane is also where you manage production workers — scheduled jobs, event-triggered automations, and long-running daemons running in your environment. Same dashboard, same audit, same skill marketplace.
Scheduled for batch and recurring work · Event-triggered for fast-reaction automations · Long-running daemons for conversational agents. Each gets a pinned signed skill version, a scoped service-account credential, and lives in the Deployments page of the Enterprise UI.
We're explicit about the scope so you know what to expect — and what to keep using your other tools for.
Most customers go from kickoff to org-wide deployment in four to six weeks. Our team works alongside yours through every step.
Stand up the control plane (SaaS or self-hosted Helm chart). Connect your IdP. Onboard the first admin.
Roll out clients to a 5-15 person pilot team. Set initial model and tool policy. Watch the audit log fill up.
Convert pilot observations into team-level quotas, model whitelists, and tool restrictions. Enable alerting.
Publish your first internal skills and playbooks. Sign and scope by team. Set the code-review gate.
Expand to remaining teams. Wire audit log into your SIEM. Turn on monthly cost reporting and compliance views.
Pricing is per seat with volume discounts above 50, 100, and 500 seats; minimum 10 seats. Self-hosted deployments include the platform fee. Reach out for a demo, a security review, or a procurement conversation.
Request a demo Contact salesFull architectural detail in the Enterprise reference document in our public repo.