Sim Enterprise provides advanced features for organizations with enhanced security, compliance, and management requirements.
Access Control
Define permission groups to control what features and integrations team members can use.
Features
- Allowed Model Providers - Restrict which AI providers users can access (OpenAI, Anthropic, Google, etc.)
- Allowed Blocks - Control which workflow blocks are available
- Platform Settings - Hide Knowledge Base, disable MCP tools, disable custom tools, or disable invitations
Setup
- Navigate to Settings → Access Control in your workspace
- Create a permission group with your desired restrictions
- Add team members to the permission group
Users not assigned to any permission group have full access. Permission restrictions are enforced at both UI and execution time.
Single Sign-On (SSO)
Enterprise authentication with SAML 2.0 and OIDC support for centralized identity management.
Supported Providers
- Okta
- Azure AD / Entra ID
- Google Workspace
- OneLogin
- Any SAML 2.0 or OIDC provider
Setup
- Navigate to Settings → SSO in your workspace
- Choose your identity provider
- Configure the connection using your IdP's metadata
- Enable SSO for your organization
Once SSO is enabled, team members authenticate through your identity provider instead of email/password.
Self-Hosted Configuration
For self-hosted deployments, enterprise features can be enabled via environment variables without requiring billing.
Environment Variables
| Variable | Description |
|---|---|
ORGANIZATIONS_ENABLED, NEXT_PUBLIC_ORGANIZATIONS_ENABLED | Enable team/organization management |
ACCESS_CONTROL_ENABLED, NEXT_PUBLIC_ACCESS_CONTROL_ENABLED | Permission groups for access restrictions |
SSO_ENABLED, NEXT_PUBLIC_SSO_ENABLED | Single Sign-On with SAML/OIDC |
CREDENTIAL_SETS_ENABLED, NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED | Polling Groups for email triggers |
DISABLE_INVITATIONS, NEXT_PUBLIC_DISABLE_INVITATIONS | Globally disable workspace/organization invitations |
Organization Management
When billing is disabled, use the Admin API to manage organizations:
# Create an organization
curl -X POST https://your-instance/api/v1/admin/organizations \
-H "x-admin-key: YOUR_ADMIN_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "My Organization", "ownerId": "user-id-here"}'
# Add a member
curl -X POST https://your-instance/api/v1/admin/organizations/{orgId}/members \
-H "x-admin-key: YOUR_ADMIN_API_KEY" \
-H "Content-Type: application/json" \
-d '{"userId": "user-id-here", "role": "admin"}'Workspace Members
When invitations are disabled, use the Admin API to manage workspace memberships directly:
# Add a user to a workspace
curl -X POST https://your-instance/api/v1/admin/workspaces/{workspaceId}/members \
-H "x-admin-key: YOUR_ADMIN_API_KEY" \
-H "Content-Type: application/json" \
-d '{"userId": "user-id-here", "permissions": "write"}'
# Remove a user from a workspace
curl -X DELETE "https://your-instance/api/v1/admin/workspaces/{workspaceId}/members?userId=user-id-here" \
-H "x-admin-key: YOUR_ADMIN_API_KEY"Notes
- Enabling
ACCESS_CONTROL_ENABLEDautomatically enables organizations, as access control requires organization membership. - When
DISABLE_INVITATIONSis set, users cannot send invitations. Use the Admin API to manage workspace and organization memberships instead.