Skip to main content
AI Governance is the control tower of your Prisme.ai environment. It allows administrators and IT leaders to monitor, secure, and govern the use of AI across all products and teams. You can manage:
  • Authentication and SSO providers
  • RBAC (role-based access control)
  • Workspace provisioning and quotas
  • Interface customization
  • User feedback and platform policies

Initialization

To enable AI Governance, you must generate a super admin token:
1

Step 1: Get your JWT token

Log in to Prisme.ai with a super admin account and retrieve your JWT from the access-token cookie.
2

Step 2: Generate the long-term token

Use the following command from inside the Prisme.ai internal network (or from a pod):
curl 'https://<API_URL>/v2/user/accessTokens' \
  -X POST \
  -H 'content-type: application/json' \
  -H "Authorization: Bearer <YOUR_JWT>" \
  --data-raw '{"name":"ai-governance","expiresAt":"2027-01-24T11:53:12.116Z"}'
3

Step 3: Inject the access token

In the AI Governance secrets, paste the token under the adminAccessToken field.
4

Step 4: Configure API access

Get your workspace ID from the browser and add:
WORKSPACE_OPS_MANAGER=https://<API_URL>/v2/workspaces/<WORKSPACE_ID>/webhooks/
This can be injected via Helm values under prismeai-console.workspace_ops_manager.

Interface Personalization

  • Go to Interface Customization
  • Update the logo, colors, and translations for all pages
  • Personalize sign-in / sign-up / forgot password texts
To customize login options, define the following environment variable in prismeai-console and prismeai-pages :
ENABLED_AUTH_PROVIDERS='[{ "name": "local" }, { "name": "custom", "label": { "fr":"Connexion avec custom", "en":"Connect with custom" }, "icon":"http://logo.png"}]'
You can mix local and SSO authentication options.You can also disable local signup with the following environment variable :
DISABLE_LOCAL_SIGNUP='true'
Also add this variable to prismeai-api-gateway to disable the corresponding API.

SSO Access

If you have your own SSO configured, you need to explicitly allow SSO authenticated users to access the Teams administration pages :
  1. Open Teams Service workspace
  2. Open Settings > Advanced
  3. Manage roles
  4. Add your SSO provider technical name after prismeai: {} at the very beginning :
authorizations:
  roles:
    editor: {}
    user:
      auth:
        prismeai: {}
        yourOwnSso: {}
Access to other pages from AI Governance itself will automatically be authorized based on users custom role in AI Governance workspace.

Roles and Permissions

AI Governance uses RBAC to manage platform access:
  • Assign the PlatformAdmin role to users for full control
  • Use PlatformManager to delegate governance tasks
  • Refine access to each product under the Roles tab
Default roles include Admin, Builder, KnowledgeAdmin, User, etc. To give a user access to AI Governance:
  1. Go to Users & Permissions
  2. Assign the PlatformManager role in the Manager column

Best Practices

Centralize Security

Use AI Governance to enforce consistent authentication and SSO across all products.

Granular Access Control

Customize RBAC to fit your organizational structure using role templates and groups.

Audit Everything

Combine Governance and AI Insights to trace user actions, model usage, and data access.

Govern by Group

Automate workspace provisioning per group using initializeGroupProducts.
I