Product
Enterprise MCP, finally.
It's the moment you've been waiting for. The governance layer between your AI agents and everything they need to touch.
How it sits
Between your stack and the agents.
Identity goes in. Service calls come out. Logs go back.
Identity
Microsoft Entra, Okta, Google Workspace
Agents
Claude, OpenAI, Gemini, open source
your dedicated MCP
Services
Microsoft 365, GitHub, Atlassian, Slack, Notion
SIEM
Splunk, Sentinel, Chronicle
Modules
Six pieces. One platform.
IDP-driven access
Your IDP already knows who should do what. KAiZAI turns that into scope per agent, per service, down to the function. Want email read-only for some users and full send for others on the same integration? That's a single RBAC rule.
- Native support for Microsoft Entra, Okta, and Google Workspace
- Any other SAML 2.0 or OIDC provider also works
- IDP group membership drives access automatically
- Function-level scoping (read, write, destructive)
- Configurable session policy
Identity providers
Endpoint-ready MCP config
Pick the agent, copy the JSON, push it through your endpoint pipeline. The portal hands you a step-by-step runbook for whichever pipeline you already run, and OAuth signs users in on first tool use.
- Drop-in MCP config for Claude Desktop, Claude Code, Codex, Gemini CLI
- Step-by-step runbook for Intune, Jamf, Workspace ONE, and more
- OAuth sign-in on first tool use, no tokens to ship
- User-context delivery, no service-account juggling
- Device fingerprinting and concurrent-session detection
Endpoint-ready MCP config
Step 1 · Agent
Step 2 · MCP config
{
"mcpServers": {
"kaizai": {
"type": "http",
"url": "https://<tenant>.kaizai.io/mcp"
}
}
}Step 3 · Push via your pipeline
OAuth signs in on first tool use
Every action, attributable
Prompt, response, and tool call, tied to the user who issued them. Logging is toggleable per deployment so you capture what matters. If someone asks "who did what, when" six months from now, you have an answer.
- Full prompt and response capture, toggleable per deployment
- Searchable in the KAiZAI dashboard
- Forwards to Splunk, Sentinel, Chronicle
- Configurable retention and export
- DLP inspection available as an add-on
Audit log
Your dedicated MCP server
KAiZAI deploys a dedicated MCP instance for your organization. Nothing shared, nothing multi-tenant. You decide which tools and services it exposes, and any MCP-compatible agent can reach them.
- Dedicated instance per customer, not multi-tenant
- You control which tools and services are exposed
- Bring your own model: Claude, GPT, Gemini, or open source
- Works with any MCP-compatible agent or interface
- Policy enforced at the endpoint, not the agent
Your instance
yourcompany.kaizai.io
Your company's data, your company's database.
KAiZAI Marketplace
A centrally-managed marketplace of pre-built service integrations, maintained by KAiZAI. You pick which ones to enable and we keep each one current as APIs drift.
- Pre-built, tested, ready to enable in minutes
- Covers IT ops, DevOps, HR, and business apps
- Microsoft 365, Google Workspace, GitHub, Atlassian, Slack, Notion, and more
- KAiZAI maintains each integration as APIs shift
- New services ship into the marketplace continuously
The marketplace
Maintained by KAiZAI
Always-on central agents
Slack and Discord. Configured once by an admin, available to everyone inside their RBAC scope, logged the same as individual use.
- Slack and Discord
- Tenant-wide, admin-configured
- Runs inside the same RBAC policy
- Audit trail identical to individual use
- AI in the places your team already lives
Always-on channels
Always listening, always scoped.
On to the math.
Tier breakdown and a calculator on the pricing page. The full Q&A in the FAQ.