AI Agent Trust & Governance
Arcade Enterprise: how do I request dedicated tenant isolation, audit logs, and RBAC?
6 min read
Most teams reach for Arcade Enterprise when they need stronger isolation, governance, and compliance controls than the standard tiers provide. Dedicated tenant isolation, audit logs, and role-based access control (RBAC) are all part of the Enterprise plan—this FAQ walks through what they are, when you need them, and how to request them.
Quick Answer: Dedicated tenant isolation, audit logs, and RBAC are included in Arcade’s Enterprise plan. To get access, talk to our team via the Enterprise demo form or contact us at contact@arcade.dev, and we’ll scope your requirements, upgrade your account, and turn on Enterprise controls for your tenant.
Frequently Asked Questions
What do I get with Arcade Enterprise (tenant isolation, audit logs, RBAC, SSO/SAML)?
Short Answer: Arcade Enterprise gives you a dedicated tenant, full audit logging and compliance reporting, role-based access control, and SSO/SAML on top of the core MCP runtime and tool execution.
Expanded Explanation:
On Growth and lower tiers, tenants run in shared infrastructure and focus on getting your agents from “chat to action” quickly. Enterprise is where we layer on the governance and isolation that security teams expect for production AI agents operating on real data: dedicated tenant isolation, detailed audit logs, RBAC, and SSO/SAML.
These controls are specifically designed for multi-user agents that act across systems like Gmail, Google Calendar, Slack, GitHub, Salesforce, and HubSpot. Enterprise makes sure those actions happen in an isolated environment, with clear authorization boundaries, traceability, and identity integration.
Key Takeaways:
- Dedicated tenant isolation moves you off shared infrastructure and into your own isolated environment.
- Enterprise unlocks audit logs, RBAC, SSO/SAML, and compliance reporting in addition to everything in Growth.
How do I request dedicated tenant isolation, audit logs, and RBAC?
Short Answer: Request Enterprise by booking a demo or reaching out to contact@arcade.dev; we’ll confirm your requirements, map your usage to Enterprise pricing, and enable a dedicated tenant with audit logs and RBAC for your account.
Expanded Explanation:
These capabilities are part of the Enterprise plan and aren’t toggles you can flip inside the dashboard on self-serve tiers. Because they touch infrastructure, identity, and governance, we run a short scoping process: understand your deployment model (cloud, VPC, on-prem, air-gapped), your expected usage, and your security requirements. Once that’s done, we provision your Enterprise tenant, configure access controls, and coordinate any required SSO/SAML setup.
If you’re already on Growth and are hitting plan limits or security requirements (e.g., you need audit logs for every tool execution), the same Enterprise flow applies—we’ll transition you with minimal downtime and keep your MCP servers and tools aligned.
Steps:
- Contact Arcade:
- Fill out the Enterprise demo form on arcade.dev or
- Email contact@arcade.dev with your use case and “Enterprise” in the subject.
- Share requirements:
- Highlight that you need dedicated tenant isolation, audit logs, and RBAC, plus any deployment or compliance constraints.
- Provision & enable:
- Arcade provisions your Enterprise tenant, turns on audit logging and RBAC, and helps you wire up SSO/SAML (if needed) before you cut over production workloads.
How is Enterprise different from Growth or other tiers?
Short Answer: Growth gets you shared infrastructure and core runtime features; Enterprise adds dedicated tenant isolation, audit logs, RBAC, SSO/SAML, and custom SLAs on top of that.
Expanded Explanation:
All plans share the same core idea: an MCP runtime that lets multi-user agents take real actions safely. The difference is what happens around that runtime. On lower tiers, you get shared infrastructure, GitHub Discussions or email support, and transparent usage-based pricing. On Enterprise, you get a dedicated tenant, enhanced governance and security controls, and a support model tuned for production-critical workloads.
Enterprise is also where volume pricing across usage metrics, dedicated account representation, and custom SLAs live. If you’re shipping an internal assistant that touches sensitive systems or multiple teams, Enterprise is the tier designed for that reality.
Comparison Snapshot:
- Growth (and below):
- Shared infrastructure
- Core MCP runtime and tools
- Email support & standard SLA
- Enterprise:
- Dedicated tenant isolation
- Audit logs, RBAC, SSO/SAML
- Volume pricing, dedicated account rep, custom SLA
- Best for:
- Teams running production, multi-user agents at scale, with strict security, compliance, or governance requirements.
What does dedicated tenant isolation mean in practice?
Short Answer: Dedicated tenant isolation means your Arcade runtime runs in its own isolated tenant instead of shared infrastructure, giving you clearer security boundaries and compliance posture.
Expanded Explanation:
In a shared environment, tenants are logically separated but share underlying infrastructure. With Enterprise, your Arcade tenant is dedicated—isolated from other customers at the infrastructure level. This matters when your security team asks where your agents run, how data is contained, and how you prove separation of duties.
Because Arcade is the MCP runtime between AI and action, tenant isolation is about more than data at rest. It’s about isolating tool execution environments (e.g., Gmail, Slack, Salesforce tools), auth flows, and configuration from other tenants, while still giving you the full developer experience with SDKs, MCP servers, and tools.
What You Need:
- An Enterprise plan scoped with Arcade (including estimated volume and deployment model).
- Any internal requirements your security/compliance team has (e.g., VPC peering, on-prem or air-gapped deployments) to inform how we provision your dedicated tenant.
How do audit logs and RBAC help with governance and compliance?
Short Answer: Audit logs give you a trace of what agents and tools did; RBAC defines who in your organization can configure, deploy, and manage those agents and tools.
Expanded Explanation:
Production agents aren’t “fun demos”—they’re multi-user systems acting across real business tools. When a security or compliance team asks “who authorized this tool?” or “who changed this agent’s configuration?”, you need answers that don’t live in a prompt.
Enterprise audit logging gives you visibility into key events: auth flows, tool execution, configuration changes, and more—so you can review, investigate, and report on agent behavior. RBAC then defines which humans can create MCP servers, manage tools, adjust auth policies, or access logs. Together, they turn Arcade from an experimentation environment into something your security team can sign off on.
Why It Matters:
- Impact on risk: You can demonstrate exactly what agents did, when, and under whose authorization—critical for regulated industries or internal security reviews.
- Impact on operations: RBAC stops “everyone is an admin” sprawl and lets you separate roles (e.g., infra, security, builders) across your Arcade deployment.
Quick Recap
Dedicated tenant isolation, audit logs, and RBAC are Enterprise features designed for teams running serious, multi-user agents on real systems. They move you off shared infrastructure, give you traceability for every critical action, and let you control who can configure and govern your MCP runtime. To get them, you don’t toggle a setting—you request Arcade Enterprise, scope your requirements with the team, and get a dedicated tenant with the controls your security and compliance functions expect.