Bifrost Enterprise Gateway

Bifrost Enterprise builds on the open-source Bifrost AI Gateway with the reliability, security, and governance capabilities required to run AI in production at organizational scale. Every OSS feature ships in Enterprise - plus high-availability clustering, predictive load balancing, identity federation, role-based access control, audit-grade compliance logging, and private-network deployment options.

Try Enterprise free

Start a 14-day free trial. No credit card required.

Book a demo

Walk through Enterprise capabilities with a Bifrost engineer.

Built on open source

Bifrost Enterprise is a strict superset of the open-source gateway. Every provider, integration, plugin, and SDK supported in OSS works identically in Enterprise - no migration, no re-integration, same config.json schema. Enterprise adds the capabilities organizations need at scale.

1. Observe & audit

Before anything else, make sure you can see traffic, exports, and incident-grade audit trails. Production trust starts with visibility.

Audit Logs

Immutable, timestamped audit trails for every configuration change. SOC 2, GDPR, HIPAA, ISO 27001 friendly.

Log Exports

Automated export of request logs and telemetry to S3, GCS, BigQuery, and other data lakes.

Datadog Connector

Native Datadog APM, LLM Observability, and metrics integration with full request tracing.

2. Identity

Federate user identity through your existing IdP so accounts, groups, and lifecycle state stay in sync.

User Provisioning (OIDC)

OIDC login with directory-based user and group sync for lifecycle management.

Connect your identity provider

Okta

OIDC login with Okta plus 24-hour background user sync.

Microsoft Entra

Azure AD / Entra ID with GCC High and DoD cloud support.

Keycloak

Self-hosted identity with OIDC login and Admin REST API backed sync.

Zitadel

Cloud-native identity with first-class user grants and project mapping.

Google Workspace

Workspace directory federation with Application Default Credentials inheritance.

3. Safety

Apply content guardrails so unsafe input and output are caught before they reach your models or your users.

Guardrails

Content safety with AWS Bedrock Guardrails, Azure Content Safety, Google Model Armor, CrowdStrike AIDR, GraySwan, and Patronus AI.

Out-of-the-box building blocks:

Secrets detection

Catch API keys, credentials, and tokens in prompts and completions before they leave your perimeter.

Custom regex

Define organization-specific patterns for redaction or rejection.

4. Policy

Decide what each user is allowed to do with the gateway: which providers, which models, what budgets, which MCP tools.

Access Profiles

Reusable provider, model, budget, and rate-limit policies. Auto-allocate virtual keys to users at scale.

MCP Tool Groups

Curated bundles of MCP tools attachable to virtual keys, teams, customers, users, providers, or API keys.

5. Access

Define who can configure the gateway, and limit which rows each operator can see in the dashboard.

Advanced Governance

Hierarchical governance across teams, customers, and business units, layered on top of OSS governance.

Role-Based Access Control

Custom roles with fine-grained permissions across every Bifrost resource.

Data Access Control

Row-level scope (own / team / all) so different operators see only what their role entitles them to.

6. Deploy at scale

Once policy and access are wired up, move from a single-node install to a clustered, geo-redundant production deployment.

Clustering

High-availability clustering with automatic service discovery, gossip-based state sync, and zero-downtime rolling deployments.

Adaptive Load Balancing

Predictive scaling with real-time provider health monitoring; traffic shifts automatically to the fastest available upstream.

In-VPC Deployments

Deploy entirely within your private cloud with no traffic crossing public network boundaries.

Cloud-specific deployment guides

AWS

Deploy on EKS or ECS with IRSA / IAM Task Roles for cloud-native authentication.

GCP

Deploy on GKE with Workload Identity for keyless service account access.

Azure

Deploy on AKS with Azure Workload Identity Federation.

On-Premise

Air-gapped or self-hosted deployments with Docker credentials.

7. Extend

For workflows the built-in features don’t cover, write a custom plugin.

Writing Go Plugins

Build native plugins for organization-specific workflows and business logic.

Security & compliance

Security Posture

Encryption at rest and in transit, vulnerability scanning, dependency management, and secure defaults.

Stay current

Release cadence

How Enterprise releases are versioned and shipped.

Migration guides

Step-by-step upgrade instructions for major versions.

Next steps

New to Bifrost entirely? Start with the open-source quickstart to get the gateway running locally before layering Enterprise on top.
Already running OSS in production? Skip to Audit Logs and User Provisioning to begin the upgrade path.
Evaluating? Read the Security Posture, then book a demo.