Multi-Department Setup Guide¶
Learn how to configure Aegis for multi-department deployments within your organization.
Overview¶
Aegis supports a hierarchical structure for managing different departments with different policies:
Your Organization
├── License (aegis_lic_xxx)
├── Policy Groups (Departments)
│ ├── Engineering
│ ├── Marketing
│ ├── Sales
│ └── Default
└── Policies
├── Engineering Policy (strict secrets blocking)
├── Marketing Policy (allow masked PII for analytics)
└── Sales Policy (mask financials, allow names)
Enterprise Feature
Multi-organization management (managing multiple separate companies) is available on Enterprise plans. Contact Sales for more information.
Policy Groups (Departments)¶
Policy groups allow different departments to have different rules under the same organization license.
Use Cases¶
| Department | Policy Focus |
|---|---|
| Engineering | Strict API secret blocking |
| Marketing | Allow masked PII for analytics |
| Legal | Block all sensitive data |
| Sales | Allow customer names, mask financials |
Creating Policy Groups¶
Via Dashboard:
- Go to Organization → Settings → Policy Groups
- Click Create Policy Group
- Configure rules for this group
Via SDK:
from aegis_sdk import Aegis
# Initialize with org license
aegis = Aegis(license_key="aegis_lic_xxx")
# Create instances for different departments
engineering = aegis.with_policy_group("engineering")
marketing = aegis.with_policy_group("marketing")
sales = aegis.with_policy_group("sales")
# Each uses department-specific rules
eng_result = engineering.check(content, "AI_TOOL")
mkt_result = marketing.check(content, "AI_TOOL")
Organization Settings¶
Data Region¶
Configure where data is processed for compliance:
| Region | Data Center | Compliance |
|---|---|---|
| US | Virginia | SOC2, HIPAA |
| EU | Frankfurt | GDPR, SOC2 |
| APAC | Singapore | SOC2 |
Enterprise Feature
Data region selection and custom retention policies are available on Enterprise plans. Contact Sales for more information.
Policies Per Department¶
Create department-specific policies:
Engineering Policy¶
{
"name": "Engineering Policy",
"tags": ["engineering", "strict"],
"rules": [
{
"name": "Block All Secrets",
"dataTypes": ["API_SECRETS"],
"destinations": ["AI_TOOL", "VENDOR", "CUSTOMER"],
"action": "BLOCK"
},
{
"name": "Mask PII for AI",
"dataTypes": ["PII"],
"destinations": ["AI_TOOL"],
"action": "MASK"
}
]
}
Marketing Policy¶
{
"name": "Marketing Policy",
"tags": ["marketing", "analytics"],
"rules": [
{
"name": "Allow Masked Email",
"dataTypes": ["PII"],
"destinations": ["VENDOR"],
"action": "MASK"
},
{
"name": "Block Financial Data",
"dataTypes": ["FINANCIAL"],
"destinations": ["AI_TOOL", "VENDOR"],
"action": "BLOCK"
}
]
}
SDK Configuration¶
Single Organization¶
import os
from aegis_sdk import Aegis
# Use license key from org settings
aegis = Aegis(license_key=os.environ["AEGIS_LICENSE_KEY"])
Multi-Department¶
# Initialize with license
aegis = Aegis(license_key="aegis_lic_xxx")
# Get department-specific instances
def get_aegis_for_user(user):
"""Get Aegis instance based on user's department."""
department = user.department # e.g., "engineering"
return aegis.with_policy_group(department)
# Usage
user_aegis = get_aegis_for_user(current_user)
result = user_aegis.check(content, destination="AI_TOOL")
Environment-Based Configuration¶
import os
from aegis_sdk import Aegis
# Different configs for different environments
config = {
"development": {
"license_key": os.environ.get("AEGIS_DEV_LICENSE"),
"policy_group": "dev",
},
"staging": {
"license_key": os.environ.get("AEGIS_STAGING_LICENSE"),
"policy_group": "staging",
},
"production": {
"license_key": os.environ.get("AEGIS_PROD_LICENSE"),
"policy_group": "production",
},
}
env = os.environ.get("ENVIRONMENT", "development")
aegis = Aegis(**config[env])
API Keys Per Policy¶
Each policy has its own API key for direct API access:
# Engineering team uses their policy's API key
curl -X POST .../api/preflight/text \
-H "X-Aegis-API-Key: aegis_sk_engineering_key" \
-d '{"text": "...", "destination": "AI_TOOL"}'
# Marketing team uses their policy's API key
curl -X POST .../api/preflight/text \
-H "X-Aegis-API-Key: aegis_sk_marketing_key" \
-d '{"text": "...", "destination": "VENDOR"}'
License Management¶
License Hierarchy¶
Organization
└── License (aegis_lic_xxx)
├── Policy Group: engineering
│ └── Policies: [Engineering Policy]
├── Policy Group: marketing
│ └── Policies: [Marketing Policy]
└── Policy Group: default
└── Policies: [Default Policy]
License Types¶
| Type | Features | Limits |
|---|---|---|
| Trial | All features | 1,000 checks/month |
| Standard | All features | 50,000 checks/month |
| Enterprise | Custom | Unlimited |
License Revocation¶
Revoking a license deactivates all associated policies:
Analytics Per Organization¶
View analytics for specific organizations:
# Organization analytics
GET /api/orgs/{org_id}/analytics?period=30d
# Platform-wide analytics (admin only)
GET /api/analytics?period=30d
Dashboard Views¶
- Organization Dashboard: Metrics for single org
- Platform Dashboard: Aggregated metrics across all orgs
Best Practices¶
1. Use Consistent Naming¶
Organization: "Acme Corp"
Slug: "acme"
Policy Groups: "engineering", "marketing", "sales"
Policies: "acme-engineering-v1", "acme-marketing-v1"
2. Separate Dev and Prod¶
Create separate organizations or policy groups for environments:
# Development
aegis_dev = Aegis(license_key="aegis_lic_dev_xxx")
# Production
aegis_prod = Aegis(license_key="aegis_lic_prod_xxx")
3. Audit Trail¶
All checks are logged with organization context:
{
"preflight_id": "pf_xxx",
"org_id": "acme",
"org_name": "Acme Corp",
"policy_name": "Engineering Policy",
"decision": "BLOCKED"
}
4. Regular Policy Review¶
- Review policy effectiveness monthly
- Check detection analytics for gaps
- Update rules based on new data types
See Also¶
- GDPR Compliance - Data protection guide
- LLM Integration - Framework integrations
- API Reference - Full API documentation