BerriAI / LiteLLM vs Portkey pricing: how do enterprise features like SSO/SCIM, audit logs, and support/SLA compare?
LLM Gateway & Routing

BerriAI / LiteLLM vs Portkey pricing: how do enterprise features like SSO/SCIM, audit logs, and support/SLA compare?

13 min read

For teams standardizing on an LLM gateway, it’s easy to focus on per-token costs and throughput while underestimating the impact of enterprise features like SSO/SCIM, audit logs, and support/SLA. In practice, these “non-functional” capabilities often determine whether your security, compliance, and platform teams will actually sign off on BerriAI / LiteLLM or Portkey for production use.

This guide walks through how BerriAI / LiteLLM and Portkey compare on pricing and enterprise readiness, with a specific focus on SSO/SCIM, audit logs, and support/SLA. It’s written from the perspective of engineering and platform teams evaluating which gateway will scale with a growing AI stack.

1. Quick overview: BerriAI / LiteLLM vs Portkey

Before diving into enterprise add‑ons, it helps to clarify what each tool is and how it’s typically used.

What BerriAI / LiteLLM is

  • LiteLLM is an open‑source Python library and proxy that exposes a single, OpenAI‑style API across dozens of providers (OpenAI, Anthropic, Azure, Google, etc.).
  • It’s backed by BerriAI, which offers:
    • A fully managed LiteLLM Cloud / Enterprise product
    • Hosted dashboards, rate limiting, caching, and observability
    • Enterprise add‑ons like SSO and advanced usage controls (in commercial tiers)

Teams often start with the open‑source LiteLLM router and then explore BerriAI’s paid tiers as usage grows and enterprise requirements appear.

What Portkey is

  • Portkey is a commercial‑first LLM gateway with:
    • A managed, multi‑provider router
    • Built‑in observability, prompt management, and eval tooling
    • Governance and security features targeted at larger organizations
  • There’s an SDK and proxy you can self‑host, but the primary focus is a hosted gateway with enterprise features from day one.

While LiteLLM grew from a library and community, Portkey is built from the ground up as a platform, which affects how pricing and enterprise features are structured.

2. Pricing basics: where costs actually show up

Exact price points for BerriAI / LiteLLM and Portkey evolve quickly, and each vendor tends to negotiate custom enterprise deals. Rather than quoting numbers that may be out of date, it’s more useful to understand how pricing is structured and where SSO/SCIM, audit logs, and support/SLA typically land.

BerriAI / LiteLLM pricing model

BerriAI usually offers:

  • Open‑source, self‑managed LiteLLM (free)

    • Cost is limited to your own infra (compute, storage, network).
    • No vendor fee, but no vendor‑backed SSO, SCIM, or enterprise support.

  • Hosted / Cloud plans
    Plans typically scale based on:

    • Volume (API calls/requests or token passthrough)
    • Feature tiers (governance, advanced analytics)
    • Number of seats or projects for dashboard access

Enterprise capabilities like SSO, SCIM, audit logs, and SLAs are usually gated behind Business or Enterprise tiers. That means:

  • Lower tiers: basic metrics, usage view, email support.
  • Upper tiers: advanced logs, SSO/SCIM, dedicated support and SLAs.

In other words, BerriAI monetizes enterprise features primarily at the top end.

Portkey pricing model

Portkey is typically priced as a managed enterprise gateway, with:

  • Usage‑based fees
    • Based on requests, tokens processed, or both.
    • Sometimes lower‑volume free tier or trial.
  • Plan tiers
    • Developer / Starter: core routing and metrics.
    • Team / Business: more observability, policies, and collaboration.
    • Enterprise: full security and governance suite, including SSO/SCIM and compliance‑grade logging.

Like BerriAI, Portkey generally reserves enterprise features—SSO/SCIM, advanced audit logs, and strict SLAs—for Enterprise plans. But because Portkey is commercial‑first, those features tend to be more prominent and bundled into enterprise pricing from the start, rather than added on later.

3. SSO/SCIM: identity and user lifecycle management

For many organizations, SSO and SCIM support is the first gate to clear before anything touches production.

SSO support: BerriAI / LiteLLM

  • Open‑source LiteLLM:
    • Does not ship with an SSO layer “out of the box.”
    • You’re responsible for securing access (API keys, VPNs, API gateways, or adding SSO on top using your own auth layer).
  • BerriAI’s hosted dashboards:
    • SSO (e.g., Okta, Azure AD, Google Workspace) is typically available in Business/Enterprise tiers.
    • There may be:
      • SAML or OpenID Connect integrations
      • Role‑based access control (RBAC) tied to identity provider groups

Impact:

  • If you’re comfortable self‑hosting and layering your own auth stack, LiteLLM itself doesn’t limit you.
  • If your team wants a turnkey managed dashboard with SSO, that’s usually a paid, higher‑tier feature from BerriAI.

SSO support: Portkey

Portkey positions identity integration as a core enterprise capability:

  • SSO (e.g., Okta, Azure AD, Google, Auth0) is typically offered in:
    • Upper mid‑tier plans (Team/Business) or
    • Dedicated Enterprise tiers
  • Expect:
    • SAML or OAuth/OpenID‑based SSO
    • RBAC mapped to IdP groups (admins vs read‑only vs project‑level roles)

For teams planning centralized admin and fine‑grained access across many apps, Portkey’s approach tends to be more polished and documented because the platform is built with enterprise authentication as a baseline requirement.

SCIM for user provisioning: BerriAI vs Portkey

BerriAI / LiteLLM:

  • For open‑source LiteLLM:
    • SCIM is not applicable at the library level; there’s no user directory built into the proxy.
  • For BerriAI’s managed products:
    • SCIM (automatic provisioning/deprovisioning from your IdP) is commonly treated as an Enterprise‑only feature.
    • Many teams don’t need SCIM for small deployments, so it’s often optional until your user count or compliance standards demand it.

Portkey:

  • As a SaaS‑style gateway platform, Portkey is more likely to:
    • Provide SCIM integrations explicitly, especially for large customers.
    • Tie SCIM to role management and auditability so security teams can track who has access to what.
  • SCIM support is usually part of the Enterprise tier; you’ll need to confirm with Portkey whether it’s available in mid‑tier business plans.

Bottom line on SSO/SCIM:

  • If you have a security team that mandates IdP‑backed SSO and automated user lifecycle (SCIM) from day one:
    • Portkey is likely to feel more “ready‑made,” with a clearer SCIM and SSO story in its enterprise SKU.
  • If you prefer to:
    • Self‑host LiteLLM, and
    • Use your own auth proxy or API gateway
      then BerriAI / LiteLLM lets you control the stack, but you’ll architect SSO/SCIM yourself unless you upgrade to BerriAI’s enterprise offerings.

4. Audit logs: observability vs compliance‑grade logging

All LLM gateways need some level of request tracing to debug latency and failures. But audit logs for compliance are more stringent: who did what, when, with which permissions, and what data moved where.

BerriAI / LiteLLM audit capabilities

Open‑source LiteLLM:

  • Offers:
    • Basic request/response logging if you enable it.
    • Integration with logging backends like:
      • CloudWatch, Datadog, Grafana, or your own log sink
    • Model‑level metrics (latency, error rates) through middleware or proxies.
  • However:
    • Audit trails in the compliance sense (e.g., mapping actions to authenticated users with immutable logs) must be implemented by you.
    • The OSS router doesn’t enforce a standardized “audit protocol”—you design it around your auth system.

BerriAI hosted / enterprise:

  • Typically includes:
    • Centralized dashboards with per‑request traces, errors, and latency metrics.
    • Usage logs by API key, project, or environment.
  • Higher tiers (Business/Enterprise) increasingly offer:
    • Immutable audit logs for security/compliance usage:
      • Who created/rotated API keys
      • Configuration changes (rate limits, routing rules, allowed models)
      • User access events (logins, role changes)
  • Export options:
    • Ability to ship logs into SIEMs (Splunk, Datadog, Sumo Logic) or cloud logging services.
    • For compliance, exportability is crucial so that your SOC team can run queries and set alerts.

In short, BerriAI gives you flexible logging with the OSS router and upgrades to enterprise‑grade audit trails via its paid products.

Portkey audit capabilities

Portkey emphasizes observability and governance as core value props. Expect:

  • Detailed request traces:
    • Full request/response metadata
    • Model, provider, latency, tokens, and error codes
  • User‑ and workspace‑level audits:
    • Which user called which endpoint
    • Changes to:
      • Projects, prompts
      • Routing rules and provider configs
      • API keys and access policies
  • Compliance‑friendly logs:
    • Often designed for SOC/ISO/HIPAA/GDPR‑conscious workflows
    • Clear separation between operational metrics versus security audit events
  • SIEM integration:
    • Log export to Datadog, Splunk, Elastic, or cloud logging.
    • Webhooks for alerts on sensitive events (e.g., policy changes, suspicious traffic patterns).

At the Enterprise tier, Portkey tends to offer more opinionated, “out‑of‑the‑box” audit and governance features tailored to large orgs that need to pass vendor security assessments.

Summary on audit logs:

  • BerriAI / LiteLLM:
    • OSS primitive logging + custom integrations.
    • More structured audit capabilities unlocked on paid hosted tiers.
  • Portkey:
    • Strong focus on baked‑in observability and governance.
    • Typically more turnkey for teams that need auditable changes and user‑level trails right away.

5. Support and SLAs: how production‑ready are they?

Support and SLAs decide how comfortable you’ll feel routing mission‑critical workloads through a third‑party gateway.

BerriAI / LiteLLM support and SLAs

Open‑source LiteLLM:

  • Community‑driven support:
    • GitHub issues
    • Discord/Slack communities (if available)
  • No formal uptime guarantee or response‑time SLA.
  • Great for:
    • Early experimentation
    • Startups with strong infra teams

BerriAI hosted / enterprise:

As you move into paid tiers, support tends to step up significantly:

  • Standard / Business plans:
    • Email or in‑app support
    • Business‑hours availability
    • Faster bug triage for issues impacting many users
  • Enterprise plans:
    • Contractual uptime SLAs (e.g., 99.9%+ for gateway availability; exact numbers depend on contract)
    • Priority support:
      • Dedicated Slack channel or similar
      • Named technical account manager (TAM) for larger contracts
      • Escalation paths for incident response
    • Assistance with:
      • Scaling and routing strategies
      • Security reviews and architecture questions
      • Onboarding and training for your teams

Performance and support quality can be highly tailored. Enterprises often negotiate custom SLAs and response windows (e.g., 1‑hour response for critical incidents).

Portkey support and SLAs

Portkey, built as a commercial platform, usually has a more formalized support ladder:

  • Developer / Starter tiers:
    • Documentation, community/forum access
    • Email support with best‑effort response
  • Business tiers:
    • Business‑hours support with faster response
    • Possibly shared Slack channels or scheduled check‑ins
  • Enterprise tier:
    • Contractual SLAs:
      • Uptime guarantees for the gateway
      • Response‑time commitments for urgent issues
    • Integration support:
      • Help with connecting multiple model providers
      • Guidance on routing policies, caching, and scaling
    • Security/compliance support:
      • Security questionnaires
      • Architecture reviews to satisfy internal risk teams

Because Portkey’s core product is a hosted, production‑grade gateway, its revenue depends heavily on reliability; that tends to push their SLA and incident‑response maturity higher, particularly in the enterprise tier.

Support/SLA comparison:

  • BerriAI / LiteLLM:
    • Self‑hosted: you’re on your own technically, but with community backing.
    • Managed: can match enterprise requirements, especially in top tiers, often with strong technical involvement from the core team.
  • Portkey:
    • Support model is baked into the platform offering; enterprise‑grade SLAs are core to the commercial story.
    • More of a “you’re buying a reliability and governance layer” vs “you’re adopting a flexible library with optional managed support.”

6. How pricing and enterprise features interact in practice

For both BerriAI / LiteLLM and Portkey, pricing is less about raw dollars per token and more about what bundle of features you unlock at each tier. Enterprise features like SSO/SCIM, audit logs, and support/SLA often determine where you land.

Typical progression with BerriAI / LiteLLM

  1. Prototype stage

    • Use open‑source LiteLLM in your backend or infra.
    • No vendor invoice; you pay only for underlying model providers.
    • Identity and logging:
      • API keys or internal auth
      • Basic logs to your existing stack

  2. Team / internal production stage

    • Explore BerriAI’s hosted dashboards for:
      • Centralized usage insights
      • Team collaboration
    • Add on:
      • Basic SSO if available in mid‑tier plan
      • More structured usage visibility

  3. Enterprise stage

    • Upgrade to Business/Enterprise:
      • SSO with IdP integration (Okta/Azure AD/Google)
      • SCIM for provisioning
      • Advanced audit logs and configuration history
      • Formal support/SLA for uptime and incident response
    • Pricing:
      • Higher per‑request or platform fee
      • But often more economical if you’re already comfortable running part of the stack yourself and only need them to host the gateway and analytics.

Typical progression with Portkey

  1. Evaluation / PoC

    • Start on a low‑volume/developer tier with:
      • Routing across providers
      • Basic observability
    • No enterprise SSO or SCIM yet, but operationally you get a taste of the gateway.

  2. Team / early production

    • Move to a Business tier:
      • Richer observability and tracing
      • More robust support (faster email or chat)
      • Possibly SSO (depending on Portkey’s current packaging)

  3. Enterprise adoption

    • Full Enterprise plan:
      • SSO + SCIM across your org
      • Compliance‑grade audit logs
      • Strong SLAs and dedicated support
    • Pricing:
      • Higher base/platform fee + usage component
      • Designed for organizations that want a single, well‑governed entry point to all LLM providers.

7. Choosing between them: how to align with your requirements

When deciding between BerriAI / LiteLLM and Portkey, enterprise features like SSO/SCIM, audit logs, and support/SLA should be mapped directly to your internal checklists.

Choose BerriAI / LiteLLM if…

  • You value flexibility and open source:
    • Want to start with LiteLLM as a library and only later add hosted management.
  • You have strong internal platform or DevOps teams:
    • Comfortable handling your own observability, logging, and auth for the OSS router.
  • You prefer to control the gateway’s deployment topology:
    • Self‑host LiteLLM in your own VPC for tight data control.
  • You’re planning a gradual path to enterprise:
    • Start free, then adopt BerriAI’s enterprise features (SSO, SCIM, audit, SLA) once usage and compliance needs justify it.

Choose Portkey if…

  • You want an enterprise‑grade gateway from day one:
    • Strong emphasis on governance, observability, and policy control.
  • Security and compliance teams are already involved:
    • They require IdP‑integrated SSO, SCIM, and compliance‑ready audit logs before approving the platform.
  • You’d like well‑defined SLAs and support upfront:
    • Prefer not to maintain your own routing stack and logging pipeline.
  • You aim to standardize on a single managed fabric for all LLM providers:
    • Central routing, failover, cost control, and policy enforcement managed by a dedicated vendor.

8. Practical evaluation checklist

To make an informed decision, create a side‑by‑side, vendor‑agnostic checklist and validate it with both BerriAI and Portkey:

  1. Identity & Access

    • SSO providers supported?
    • Is SSO in the plan you’re considering, or only in Enterprise?
    • SCIM support?
    • Role‑based access controls and project scoping?

  2. Audit & Logging

    • Request‑level logs: what’s captured and for how long?
    • Immutable audit logs for configuration changes?
    • Log export support (Datadog, Splunk, CloudWatch, etc.)?
    • Data retention controls for compliance?

  3. Support & SLA

    • Official support channels (email, Slack, phone)?
    • Response time tiers (P0/P1/P2)?
    • Uptime SLA for managed gateway?
    • Incident management and post‑mortem practices?

  4. Security & Compliance

    • Data residency options (regions, VPC deployment)?
    • Certifications or attestations (SOC 2, ISO 27001, etc.)?
    • Data handling: request logging opt‑out/obfuscation?

  5. Pricing Fit

    • How does pricing scale with:
      • Number of requests / tokens
      • Number of seats or projects
    • Where do enterprise features (SSO/SCIM, audit logs, SLA) become available—and at what approximate cost level?

Collect answers from BerriAI and Portkey sales/solutions teams, then map them to this checklist. For many serious enterprises, the decision will hinge less on small pricing differences and more on how completely each platform satisfies your security and governance criteria at the tier you can justify paying for.

9. Final takeaway

BerriAI / LiteLLM and Portkey both cover the core need of routing and managing LLM traffic across providers, but they differ in how they approach enterprise features and pricing:

  • BerriAI / LiteLLM:
    Open‑source flexibility with the option to grow into enterprise capabilities (SSO/SCIM, audit logs, SLAs) via managed offerings—ideal if you want control early and enterprise polish later.

  • Portkey:
    A commercial‑first LLM gateway with identity, compliance‑grade audit, and formal support/SLA baked into the product—well suited for teams that need an enterprise‑ready gateway with minimal platform heavy lifting.

For your specific question—how BerriAI / LiteLLM vs Portkey pricing compares around SSO/SCIM, audit logs, and support/SLA—the core pattern is:

  • Those features are paid, enterprise‑tier capabilities for both.
  • BerriAI lets you delay that spend by starting OSS or low‑tier hosted, while Portkey is optimized for teams ready to pay for an enterprise gateway and governance from the outset.

The right choice comes down to whether your current stage and risk posture call for maximum flexibility and control (BerriAI / LiteLLM) or maximum turnkey governance and support (Portkey).

Back to LLM Gateway & Routing

Keep Reading

More from LLM Gateway & Routing

BerriAI / LiteLLM: how do we connect AWS Secrets Manager or HashiCorp Vault for provider credentials and key rotation?

Read more

How do we send BerriAI / LiteLLM metrics/logs to Datadog or OpenTelemetry/Prometheus and wire alerts to PagerDuty/Slack?

Read more

How do we integrate BerriAI / LiteLLM Enterprise with Okta or Azure Entra ID for SSO/SCIM and role mapping?

Read more