Enterprise Setup
RootCause.ai is designed for enterprise deployment. This guide covers the organizational structure, access controls, governance features, and administrative capabilities that make RootCause.ai suitable for large organizations with complex requirements.
Organizations and Workspaces
RootCause.ai uses a hierarchical structure to organize users and data:
Organization
The top-level container representing your company or tenant:
Contains all users, workspaces, and billing
Has organization-wide settings and policies
Typically one organization per company
Workspaces
Isolated environments within an organization:
Each workspace has its own datasets, Data Views, Digital Twins, and reports
Users can belong to multiple workspaces with different permissions
Ideal for separating teams, projects, or business units
Use Cases:
By team
Marketing Workspace, Operations Workspace, Finance Workspace
By project
Customer Churn Analysis, Supply Chain Optimization
By region
EMEA Workspace, Americas Workspace, APAC Workspace
By sensitivity
Production Data, Sandbox/Testing
(SCREENSHOT: Organization and workspace hierarchy diagram)
User Management
Adding Users
Organization administrators can invite users:
Navigate to Settings → Users
Click Invite User
Enter email address
Assign organization role
Optionally assign to workspaces
User Roles
Organization-level roles:
Owner
Full control, billing, can delete organization
Admin
Manage users, settings, all workspaces
Member
Access assigned workspaces only
Workspace-level roles:
Admin
Full workspace control, manage members
Editor
Create/edit data, twins, reports
Analyst
Run simulations, view data
Viewer
Read-only access
(SCREENSHOT: User management interface with role assignment)
Single Sign-On (SSO)
RootCause.ai integrates with enterprise identity providers for seamless authentication.
Supported Protocols:
OIDC (OpenID Connect) – Azure AD, Okta, Auth0, Google
SAML 2.0 – ADFS, Ping Identity, OneLogin
Benefits:
Users authenticate with corporate credentials
Centralized user provisioning and deprovisioning
Enforce corporate password policies
Enable MFA through your identity provider
Configuration:
See SSO Configuration for detailed setup instructions.
(SCREENSHOT: SSO configuration in admin settings)
Role-Based Access Control (RBAC)
RBAC assigns permissions based on user roles, simplifying access management at scale.
How It Works:
Define roles with specific permission sets
Assign users to roles
Users inherit all permissions from their roles
Permission Categories:
Data
Read, write, delete datasets and Data Views
Intelligence
Create, edit, run Digital Twins and simulations
Reports
Create, edit, share reports
Admin
Manage users, settings, integrations
Example Role Configuration:
Analyst
Read
Run
Read
None
Data Scientist
Read/Write
Full
Read/Write
None
Admin
Full
Full
Full
Full
Attribute-Based Access Control (ABAC)
ABAC provides fine-grained access control based on data attributes—going beyond roles to control access at the record level.
Use Cases:
Regional data restrictions (users see only their region's data)
Business unit isolation (marketing sees marketing data only)
Sensitivity tiers (PII access for authorized users only)
Time-based access (temporary project access)
How It Works:
Define attributes on data (region, department, sensitivity)
Define attributes on users (location, team, clearance)
Create policies matching user attributes to data attributes
Access is granted when attributes match
Example Policy:
This ensures users only see data from their region at their clearance level.
(SCREENSHOT: ABAC policy configuration interface)
Sharing and Collaboration
Workspace Sharing
Share entire workspaces with users or groups:
Open workspace settings
Click Share
Add users or groups
Set permission level (Viewer, Analyst, Editor, Admin)
Object-Level Sharing
Share specific objects within a workspace:
Data Views – Share prepared datasets
Digital Twins – Share models for simulation
Reports – Share analytical findings
Sharing Options:
Specific users
Named individuals
Groups
AD groups or custom groups
Workspace
All workspace members
Organization
Everyone in the org
(SCREENSHOT: Share dialog with permission options)
Model Governance
Enterprise deployments require governance over analytical models. RootCause.ai provides:
Version Control
Every Digital Twin maintains full version history:
Track who created each version and when
See what changed between versions
Compare model structures
Rollback to previous versions
Audit Trails
Complete logging of all actions:
Who accessed what data
Which simulations were run
Configuration changes
User activity
Change Approval (Optional)
Require approval for sensitive changes:
New model versions in production
Data source modifications
Sharing permission changes
(SCREENSHOT: Version history with audit information)
Data Governance
Data Lineage
Track where data comes from and how it's transformed:
Source connections and sync history
Data View transformations
Which Digital Twins use which data
Data Classification
Tag data with sensitivity levels:
Public
Internal
Confidential
Restricted
Use with ABAC to enforce access policies.
Retention Policies
Configure how long data is retained:
Automatic deletion after specified period
Archive to cold storage
Comply with data protection regulations
Compliance Features
GDPR Compliance:
Data subject access requests (export user data)
Right to erasure (delete user data)
Processing records (audit trail)
Data minimization (retention policies)
SOC 2 Compliance:
Access controls (RBAC/ABAC)
Audit logging
Encryption at rest and in transit
Change management
Industry-Specific:
HIPAA (healthcare data)
PCI DSS (payment data)
Custom compliance frameworks
Administrative Tools
Organization Settings
Configure organization-wide policies:
Authentication requirements
Password policies (when not using SSO)
Session timeout
IP allowlisting
Usage Analytics
Monitor platform usage:
Active users
Simulation runs
Data storage
API calls
Quota Management
Set and monitor limits:
Storage per workspace
Concurrent simulations
API rate limits
(SCREENSHOT: Admin dashboard with usage metrics)
Integration with Enterprise Systems
Identity Providers:
Azure Active Directory
Okta
Google Workspace
LDAP directories
Data Sources:
Enterprise connectors for:
Data warehouses (Snowflake, BigQuery, Redshift)
Databases (PostgreSQL, MySQL, MongoDB)
Cloud storage (S3, Azure Data Lake, GCS)
APIs (REST, GraphQL)
Automation:
API for programmatic access
Webhooks for event notifications
CI/CD integration for model deployment
Security Architecture
Network Security:
TLS encryption for all connections
VPC deployment options
Private endpoints
Network policies
Data Security:
Encryption at rest (AES-256)
Encryption in transit (TLS 1.3)
Field-level encryption for sensitive data
Key management (customer-managed keys optional)
Application Security:
Regular security assessments
Dependency scanning
Penetration testing
Bug bounty program
Deployment Options
Cloud (SaaS)
Fully managed by RootCause.ai
Fast deployment, minimal ops
Private Cloud
Dedicated infrastructure in your cloud
Data residency requirements
Self-Hosted
On-premises or your Kubernetes
Maximum control
See Installation for self-hosted deployment guides.
Getting Started
For enterprise deployment:
Contact Sales – Discuss requirements and pricing
Architecture Review – Plan integration with your systems
Pilot Deployment – Start with a proof-of-concept workspace
Production Rollout – Expand to full organization
Training – Enable your teams with training and documentation
Related Documentation
Last updated