more content

Author: waleedlatif1

apps/sim/content/blog/enterprise/index.mdx

@@ -1,23 +1,23 @@
 ---
 slug: enterprise
 title: 'Build with Sim for Enterprise'
-description: 'Access control, BYOK, self-hosted deployments, on-prem Copilot, SSO & SAML, whitelabeling, and flexible data retention—enterprise features for teams with strict security and compliance requirements.'
+description: 'Access control, BYOK, self-hosted deployments, on-prem Copilot, SSO & SAML, whitelabeling, Admin API, and flexible data retention—enterprise features for teams with strict security and compliance requirements.'
 date: 2026-01-23
 updated: 2026-01-23
 authors:
   - vik
-readingTime: 7
-tags: [Enterprise, Security, Self-Hosted, SSO, SAML, Compliance, BYOK, Access Control, Copilot, Whitelabel]
+readingTime: 10
+tags: [Enterprise, Security, Self-Hosted, SSO, SAML, Compliance, BYOK, Access Control, Copilot, Whitelabel, API, Import, Export]
 ogImage: /studio/enterprise/cover.png
 ogAlt: 'Sim Enterprise features overview'
 about: ['Enterprise Software', 'Security', 'Compliance', 'Self-Hosting']
-timeRequired: PT7M
+timeRequired: PT10M
 canonical: https://sim.ai/studio/enterprise
 featured: false
 draft: true
 ---
 
-We've been working with security teams at larger organizations to bring Sim into environments with strict compliance and data handling requirements. This post covers the enterprise capabilities we've built: granular access control, bring-your-own-keys, self-hosted deployments, on-prem Copilot, SSO & SAML, whitelabeling, and compliance.
+We've been working with security teams at larger organizations to bring Sim into environments with strict compliance and data handling requirements. This post covers the enterprise capabilities we've built: granular access control, bring-your-own-keys, self-hosted deployments, on-prem Copilot, SSO & SAML, whitelabeling, compliance, and programmatic management via the Admin API.
 
 ## Access Control
 
@@ -45,8 +45,8 @@ Restrict which workflow blocks appear in the editor. Disable the HTTP block to p
 
 Control access to platform capabilities per permission group:
 
-- **Knowledge Base** — Disable document uploads if RAG workflows aren't approved
-- **MCP Tools** — Block deployment of workflows as external tool endpoints
+- **[Knowledge Base](https://docs.sim.ai/blocks/knowledge)** — Disable document uploads if RAG workflows aren't approved
+- **[MCP Tools](https://docs.sim.ai/mcp)** — Block deployment of workflows as external tool endpoints
 - **Custom Tools** — Prevent creation of arbitrary HTTP integrations
 - **Invitations** — Disable self-service team invitations to maintain centralized control
 
@@ -72,13 +72,13 @@ A healthcare organization can use Azure OpenAI with their BAA-covered subscripti
 
 ![Self-Hosted Architecture](/studio/enterprise/self-hosted.png)
 
-Run Sim entirely on your infrastructure. Deploy with Docker Compose or Helm charts for Kubernetes—the application, WebSocket server, and PostgreSQL database all stay within your network.
+Run Sim entirely on your infrastructure. Deploy with [Docker Compose](https://docs.sim.ai/self-hosting/docker) or [Helm charts](https://docs.sim.ai/self-hosting/kubernetes) for Kubernetes—the application, WebSocket server, and PostgreSQL database all stay within your network.
 
 **Single-node** — Docker Compose setup for smaller teams getting started.
 
 **High availability** — Multi-replica Kubernetes deployments with horizontal pod autoscaling.
 
-**Air-gapped** — No external network access required. Pair with Ollama or vLLM for local model inference.
+**Air-gapped** — No external network access required. Pair with [Ollama](https://docs.sim.ai/self-hosting/ollama) or [vLLM](https://docs.sim.ai/self-hosting/vllm) for local model inference.
 
 Enterprise features like access control, SSO, and organization management are enabled through environment variables—no connection to our billing infrastructure required.
 
@@ -98,7 +98,7 @@ This is particularly relevant for organizations where the context Copilot needs
 
 ![SSO Configuration](/studio/enterprise/sso.png)
 
-Integrate with your existing identity provider through SAML 2.0 or OIDC. We support Okta, Azure AD (Entra ID), Google Workspace, OneLogin, and any compliant identity provider.
+Integrate with your existing identity provider through SAML 2.0 or OIDC. We support Okta, Azure AD (Entra ID), Google Workspace, OneLogin, Auth0, JumpCloud, Ping Identity, ADFS, and any compliant identity provider.
 
 Once enabled, users authenticate through your IdP instead of Sim credentials. Your MFA policies apply automatically. Session management ties to your IdP—logout there terminates Sim sessions. Account deprovisioning immediately revokes access.
 
@@ -130,8 +130,6 @@ This is useful for internal platforms, customer-facing deployments, or any scena
 
 Sim maintains **SOC 2 Type II** certification with annual audits covering security, availability, and confidentiality controls. We share our SOC 2 report directly with prospective customers under NDA.
 
-**GDPR** — Data Processing Agreements available for organizations handling EU personal data.
-
 **HIPAA** — Business Associate Agreements available for healthcare organizations. Requires self-hosted deployment or dedicated infrastructure.
 
 **Data Retention** — Configure how long workflow execution traces, inputs, and outputs are stored before automatic deletion. We work with enterprise customers to set retention policies that match their compliance requirements.
@@ -140,6 +138,36 @@ We provide penetration test reports, architecture documentation, and completed s
 
 ---
 
+## Admin API
+
+Manage Sim programmatically through the Admin API. Every operation available in the UI has a corresponding API endpoint, enabling infrastructure-as-code workflows and integration with your existing tooling.
+
+**User & Organization Management** — Provision users, create organizations, assign roles, and manage team membership. Integrate with your HR systems to automatically onboard and offboard employees.
+
+**Workspace Administration** — Create workspaces, configure settings, and manage access. Useful for setting up isolated environments for different teams or clients.
+
+**Workflow Lifecycle** — Deploy, undeploy, and manage workflow versions programmatically. Build CI/CD pipelines that promote workflows from development to staging to production.
+
+The API uses standard REST conventions with JSON payloads. Authentication is via API keys scoped to your organization.
+
+---
+
+## Import & Export
+
+Move workflows between environments, create backups, and maintain version control inside or outside of Sim.
+
+**Workflow Export** — Export individual workflows or entire folders as JSON. The export includes block configurations, connections, environment variable references, and metadata. Use this to back up critical workflows or move them between Sim instances.
+
+**Workspace Export** — Export an entire workspace as a ZIP archive containing all workflows, folder structure, and configuration. Useful for disaster recovery or migrating to a self-hosted deployment.
+
+**Import** — Import workflows into any workspace. Sim handles ID remapping and validates the structure before import. This enables workflow templates, sharing between teams, and restoring from backups.
+
+**Version History** — Each deployment creates a version snapshot. Roll back to previous versions if a deployment causes issues. The Admin API exposes version history for integration with your change management processes.
+
+For teams practicing GitOps, export workflows to your repository and use the Admin API to deploy from CI/CD pipelines.
+
+---
+
 ## Get Started
 
 Enterprise features are available now. Check out our [self-hosting](https://docs.sim.ai/self-hosting) and [enterprise](https://docs.sim.ai/enterprise) docs to get started.