Anyone in your organization can build a dashboard or internal tool in an afternoon with
AI. Deloc Enterprise is the control plane that makes that safe: who can publish, who can
view, what goes live, and a complete record of all of it.
Everything in Team, plus the governance features below. Custom pricing — no per-viewer fees, ever.
Viewers and publishers sign in with the corporate accounts they already have. Nobody creates a Deloc password, and nobody keeps access after they leave.
Full OIDC SSO with Okta, Microsoft Entra, or any OIDC-compatible identity provider.
Okta and Entra App Gallery integrations — your IT team configures Deloc like any other sanctioned app.
Conditional access, MFA, and session policies enforced by your IdP apply to every Deloc app automatically.
Email domain restriction remains available per app for lighter-weight gating.
Lifecycle
SCIM 2.0 provisioning
User access is driven by your directory, not by invites and offboarding checklists.
Provision publishers and viewers automatically from your IdP groups.
Deactivate someone in your directory and their Deloc access ends with it — no orphaned accounts.
Role assignment (admin, publisher, viewer) mapped from your IdP.
Change control
Approval-gated deploys
AI-assisted building means anyone can ship an internal tool in minutes. Enterprise makes sure what ships is what you reviewed.
Every deploy is staged, never live, until an admin approves it.
Reviewers preview the exact staged build — the same bytes that will go live, not a description of them.
The currently-live version keeps serving untouched until approval; rejection discards the staged build with zero impact.
Automated security review runs on every deploy: phishing patterns, crypto-miners, unsafe scripts, external form targets.
Signed deploy manifests record full provenance — who deployed what, from where, and when.
Governance
Admin console for the whole organization
One place to see and control everything your organization has published.
Complete inventory of every app in the org — owner, status, size, traffic, visibility.
Kill switch: disable any app instantly, org-wide.
Deploy-approval queue, member management, and org settings in one console.
Role-based access control with least-privilege defaults.
Compliance
Full audit log with export
Every administrative action, deployment, and access change is recorded — and your compliance tooling can consume it.
Org-wide audit trail covering deploys, approvals, role changes, app lifecycle, and access events.
Export as JSON or CSV for compliance review.
Webhook streaming delivers audit events to your SIEM as they happen.
Security
A structurally smaller attack surface
Deloc serves static files only. There is no server-side execution in published apps — which removes the class of vulnerabilities that makes internal tools an IT liability.
No servers to patch, no runtimes to CVE-chase, no databases exposed by a hobby dashboard.
Platform and published content live on separate domains (deloc.dev vs deloc.app) for complete cookie and origin isolation.
Content scanning on upload, file-type allowlisting, and hardened server-side Actions for the cases that need API calls.