Skip to main content

Onboarding Flows

Use this page to choose the shortest correct onboarding path for a new Keeptrusts user or team.

Choose the right flow

Starting pointBest forMain outcome
Console accessNew users who need to inspect or manage the organizationConfirm organization access and reach the correct working surface
Application integrationDevelopers sending traffic through KeeptrustsCreate a request token and send the first governed request
Gateway setupTeams running kt gateway run in their own environmentRegister a runtime, connect it, and verify traffic
Team setupOrganizations onboarding multiple groupsInvite members, assign access, and clarify ownership

Workflow map

Flow 1: Console access

Use this flow when the user starts from the Keeptrusts console.

  1. Open the console URL for the correct environment.
  2. Sign in with the identity method your organization supports.
  3. Open the account menu and confirm the organization name and ID.
  4. Open a few core pages such as Overview, Gateways, and History to verify the organization is the one you expect.

The shell does not display an environment or role label. Verify expected access by opening the permitted surfaces or checking the role assignment under IAM.

This flow is complete when the user can reach the expected organization without permission surprises.

Flow 2: Application integration

Use this flow when a developer needs to send governed requests from an application.

  1. Create or obtain the request token the application should use.
  2. Point the SDK or client at the Keeptrusts gateway URL instead of the upstream provider URL.
  3. Send a test request.
  4. Confirm the authenticated response succeeds, then find its request ID with kt events tail --since 10m --json or GET /v1/events?since=10m. When history capture and control-plane delivery are enabled, also confirm the retained session context in History.

Use this flow for application traffic. Keep runtime tokens separate from ordinary request tokens.

Flow 3: Gateway setup

Use this flow when your team runs the gateway in its own environment.

  1. Install kt on the target machine.
  2. Export the runtime connection variables your deployment needs.
  3. Start the gateway with kt gateway run.
  4. Confirm the runtime appears as healthy in Gateways.
  5. Send a representative request and confirm its request ID and outcome with kt events tail --since 10m --json or GET /v1/events?since=10m. Check History only when conversation capture is enabled.

Use Install the Gateway and Quickstart if you need the exact bootstrap steps.

Flow 4: Team setup

Use this flow when more than one team or working group will use the organization.

  1. Invite the required members.
  2. Assign the least-privileged access each person needs.
  3. Decide who owns policy changes, inbox review, audit exports, and spend oversight.
  4. Verify each person can reach only the surfaces intended for their role.

This flow is complete when ownership is clear and the organization is usable without manual intervention.

Signs onboarding is complete

Treat onboarding as complete when all of the following are true:

  • The right people can sign in to the right organization.
  • At least one governed request has been sent successfully.
  • kt events tail or the Events API returns the matching request activity; capture-enabled flows also show session context in History.
  • The team knows which token or credential is used for request traffic versus runtime connectivity.
  • Ownership for policy changes and investigations is clear.

Next steps