some.im
开始使用

docs-enterprise-deployment

Category: Documents Risk: Medium risk ★ 3.9 · Rating 3.9/5 (8) sboghossian/mini-claude-for-legal MIT

Rating is derived from the repo's GitHub stars and shown for reference.

network_accessfilesystem_accessautomation_control
Download zip View source

name: docs-enterprise-deployment
description: Use when an enterprise prospect or IT administrator asks about deploying the platform at scale — tenant isolation, SSO, audit logs, custom data residency, SLA, implementation timeline, and dedicated support. This is a platform documentation skill covering the enterprise deployment model, implementation phases, security architecture, and customization options for law firm and corporate legal department deployments.
license: MIT
metadata:
id: docs.enterprise-deployment
category: docs
jurisdictions: [multi]
priority: P2
intent: [docs, enterprise, sso, tenant isolation, implementation, dedicated support]
related: [docs-audit-log-export, docs-data-residency-mena, docs-billing-and-credits, docs-dev-hub-api-reference]
source: Louis — HAQQ Legal AI (github.com/sboghossian/mini-claude-for-legal)
version: "1.0"

Enterprise Deployment

Overview

The enterprise deployment tier is designed for law firms with 20+ users, corporate legal departments, and any organization that requires:

  • Tenant isolation (dedicated infrastructure or logical separation).
  • Single Sign-On (SSO) integrated with the organization's identity provider.
  • Full audit log access and SIEM integration.
  • Custom data residency (MENA/GCC, EU, or US hosting per compliance requirement).
  • Enterprise SLA with dedicated support and a named customer success engineer.
  • Custom branding and workspace configuration.

The typical implementation timeline is 4–6 weeks from contract signature to full production deployment. A pilot phase (2–4 weeks, limited user group) is strongly recommended before full firm rollout.

Security architecture

Tenant isolation

Enterprise customers receive logical tenant isolation: all data, configuration, and audit trails are scoped to the organization's workspace and are inaccessible to other tenants. Dedicated infrastructure (single-tenant deployment) is available on request and negotiated as part of the enterprise agreement.

Key isolation boundaries:

  • Database: per-tenant schemas with row-level security.
  • Storage: per-tenant encrypted S3-equivalent buckets.
  • AI model calls: workspace context is scoped; no cross-tenant context leakage.
  • API keys: workspace-scoped; cannot access other workspaces.

Encryption

  • Data at rest: AES-256 encryption.
  • Data in transit: TLS 1.2+ (TLS 1.3 where supported by the client).
  • Encryption key management: AWS KMS (default) or customer-managed keys (CMK) on request.
  • Customer-managed keys (BYOK): available for organizations that require key custody. Contact the sales team.

Penetration testing and certifications

  • SOC 2 Type II attestation: available on request under NDA.
  • ISO 27001: certification in progress (verify current status).
  • Penetration test reports: annual third-party pen tests; reports available under NDA for enterprise customers.

Single Sign-On (SSO)

Enterprise customers can integrate with their organization's Identity Provider (IdP) using SAML 2.0 or OIDC:

  • Supported IdPs: Okta, Microsoft Azure Active Directory (Entra ID), Google Workspace, PingIdentity, Auth0.
  • SCIM 2.0 for automated user provisioning and deprovisioning.
  • MFA: platform-level MFA available as a fallback; most enterprise customers use IdP-enforced MFA.
  • Session management: configurable session timeout (default 8 hours; configurable 1–24 hours).

SSO configuration is completed during the implementation phase. The IT administrator requires access to the IdP to create the SAML/OIDC application configuration and to provide the platform with the metadata URL or certificate.

Audit logs and compliance

Enterprise customers receive full audit log access, SIEM streaming, and configurable retention up to 7 years. See [[docs-audit-log-export]] for full detail.

Compliance artifacts available on request:

  • Data Processing Agreement (DPA) — GDPR-compliant; also covers UAE PDPL and KSA PDPL.
  • Sub-processor list.
  • Records of processing activities (RoPA) template.
  • Business Associate Agreement (BAA) — for US healthcare-adjacent matters (HIPAA).

Custom data residency

Enterprise customers can select their data residency region at contract stage:

  • EU Frankfurt (default).
  • MENA / GCC (Bahrain region) — for GCC-regulated entities.
  • Saudi Arabia (roadmap 2026 Q2) — for KSA PDPL and SAMA-regulated entities.
  • US East — for US-incorporated entities.

See [[docs-data-residency-mena]] for full detail on regulatory drivers and migration process.

Custom branding and workspace configuration

Enterprise workspaces can be configured with:

  • Custom logo and color scheme in the platform UI.
  • Custom subdomain (e.g., legal.acmefirm.com pointing to the platform).
  • Custom email templates for user invitations and notifications.
  • Default jurisdiction and language settings per workspace.
  • Skill library restriction: administrators can restrict which skills are visible to their users (e.g., hide consumer-facing skills for a professional-only workspace).

Implementation phases

Phase Duration Activities
1. Discovery Week 1 Requirements gathering; IT/security review; data residency selection; SSO IdP details; user count and role mapping
2. Configuration Weeks 2–3 Tenant provisioning; SSO setup and testing; SIEM integration; custom branding; skill library configuration; audit log verification
3. Pilot Weeks 3–4 5–15 pilot users (mix of power users and average users); use-case validation; feedback collection; training sessions
4. Full rollout Week 5–6 All-user provisioning (via SCIM or bulk import); firm-wide communication; optional live training sessions; CSM handover

Dedicated support

Enterprise customers receive:

  • Named Customer Success Manager (CSM): single point of contact for strategic questions, roadmap discussions, and escalation.
  • Named Technical Account Manager (TAM): for integration support, API questions, and incident escalation.
  • Enterprise SLA: 99.9% uptime SLA; P1 incidents (platform down) resolved within 4 hours; P2 incidents (significant feature degradation) resolved within 24 hours.
  • Priority support queue: tickets from enterprise customers are triaged and responded to within 4 business hours.
  • Executive business reviews (EBRs): quarterly reviews to discuss usage, ROI, and roadmap alignment.

Pricing

Enterprise pricing is custom and negotiated based on:

  • Number of seats.
  • Usage credit bundle.
  • Data residency region.
  • Support level.
  • Contract term (annual with multi-year discount available).

Self-serve pricing is listed on the pricing page. Enterprise pricing requires a sales conversation. See [[docs-billing-and-credits]] for plan tier context.

How to use this doc

Direct IT administrators, legal operations directors, and enterprise procurement teams here when they ask:

  • "What does your enterprise deployment look like?"
  • "Do you support SSO with Okta/Azure AD?"
  • "What is your SLA?"
  • "Can we host our data in Saudi Arabia?"
  • "How long does implementation take?"

For security questionnaires and RFPs, the sales team can provide a dedicated security questionnaire response document.

  • [[docs-audit-log-export]]
  • [[docs-data-residency-mena]]
  • [[docs-billing-and-credits]]
  • [[docs-dev-hub-api-reference]]