Enterprise · AI Fine-grained Access Control
Fine-grained AI access control for every agent and MCP server
Fine-grained permissions across six layers — visibility, contact rules, action limits, time windows, account scope, and data reduction. Scope a token to one folder, one verb, one expiry. Default-deny. Revocable in one call.
Three pillars of enterprise AI governance
Six-layer permission ladder
Visibility, contact rules, action limits, time windows, account scope, and data reduction. Each layer evaluates independently; all six must pass before a request reaches the model. No single misconfiguration grants broad access.
Scoped tokens, not raw OAuth
Mint a JWT scoped to one mailbox label, one Drive folder, one verb set, one expiry. The agent never holds your customer's Google or Microsoft refresh token. Revoke any token in a single call without touching the upstream provider.
Default deny, explicit allow
Every layer starts from "nothing allowed." A request only reaches the model if every layer explicitly permits it. New AI clients, new resources, and new actions are denied until you opt them in — not the other way around.
Compliance map
How AI access control helps you satisfy the controls your auditors read
| Requirement | What PortEden does | Evidence |
|---|---|---|
| SOC 2 CC6.1 / CC6.3 — Logical access controls & user access | Default-deny enforcement at every request. Per-AI-client and per-user audit of access decisions enables continuous CC6.1 evidence collection. | Default-deny PBAC · per-AI-client decision log |
| HIPAA §164.312(a)(1) — Access control | Unique user identification, automatic logoff (token expiry), encryption (TLS 1.3 + AES-256), and emergency access (break-glass with full audit trail). | Short-lived scoped JWTs · audited break-glass |
| GDPR Art. 32 / Art. 5(1)(f) — Integrity & confidentiality | Pseudonymization, encryption, and tested access-restoration procedures. Per-request access decisions support data subject access logs. | DPA · per-request decision log for DSAR evidence |
| ISO 27001 A.5.15 — Access control | Documented access-control policy expressed as code. Roles inherit from IdP via SCIM; reviews exportable as signed evidence. | Policy-as-code · signed access-review CSV |
| NIST 800-53 AC-3 / AC-6 — Access enforcement & least privilege | Six-layer enforcement engine evaluates every request. Privilege escalation requires explicit approval recorded in the audit trail. | Six-layer per-request enforcement · approval-trail audit |
| CCPA §1798.140(ag) — Service Provider obligations | Limited-purpose processing enforced by purpose attribute on every request. Data sale prohibited by default policy. | Purpose-attribute gating · default policy denies sale/sharing |
| CMMC 2.0 AC.L2 — Access control level 2 | Account management, separation of duties, and role-based access enforced at the AI/data boundary. Per-clearance-level policies for CUI. | Per-clearance-level policy bundles · separation-of-duties enforcement |
Built for procurement
DPA available
Subprocessor list
SIG / CAIQ pre-filled
Pen-test report on request
Book a demo
Talk to our enterprise team
30-minute discovery call. Bring your security questionnaire.
Frequently Asked Questions
How does PortEden's AI access control differ from OAuth scopes?
OAuth scopes are coarse — "read email," "write calendar." PortEden's scoped tokens are fine-grained: one mailbox label, one Drive folder, one date range, one set of HTTP verbs, one expiry, one AI client. The agent gets a short-lived JWT, not a refresh token. If the agent goes rogue you revoke one token, not a whole OAuth grant. The upstream provider's refresh token never leaves your perimeter.
Can I revoke an agent's access instantly?
Yes — a single API call revokes any token across every connected provider. The next request the agent makes gets denied at layer 1 with a per-request audit record. There is no propagation delay because revocation is checked on the request path, not via downstream cache invalidation.
Do you support break-glass / emergency access?
Yes. Break-glass tokens are time-bound (default 60 minutes), require dual approval, log every action with elevated retention, and trigger a SIEM alert. They're scoped exactly like normal tokens but inherit emergency policy bundles that bypass non-safety constraints (e.g., time-of-day restrictions). Auditors see every break-glass session as a distinct evidence item.
Can policies vary by AI vendor (Claude vs. ChatGPT vs. Copilot)?
Yes. AI client identity is a first-class attribute in the policy engine. You can require Claude for HIPAA workloads, deny ChatGPT for confidential resources, and route Copilot only through M365-tenanted data. Per-vendor MCP server identity, region, and model version are all available as policy inputs.
How granular can scopes get?
A scope can pin: which user's data, which integration (Gmail vs Outlook), which sub-resource (one folder, one label, one calendar), which actions (read but not send, list but not move), which date range, which AI client (Claude Desktop only), and which expiry. Combined, a single token can represent "read this Drive folder for this user from Claude Desktop only, today, between 9am and 5pm Pacific."
Does this work for MCP servers as well as REST API agents?
Yes. PortEden hosts MCP servers for Claude (Desktop and Web), ChatGPT (via Connectors), Cursor, and Gemini. Every MCP tool call traverses the same six-layer access control as a REST API call. Policies, redaction, and audit are uniform across surfaces — there is no MCP-only policy gap.
Ready to govern AI across your organization?
Book a discovery call. Bring your security questionnaire — DPA, subprocessor list, and pen-test summary available on request.