Onboarding Flows
Use this page to choose the shortest correct onboarding path for a new Keeptrusts user or team.
Choose the right flow
| Starting point | Best for | Main outcome |
|---|---|---|
| Console access | New users who need to inspect or manage the organization | Confirm organization access and reach the correct working surface |
| Application integration | Developers sending traffic through Keeptrusts | Create a request token and send the first governed request |
| Gateway setup | Teams running kt gateway run in their own environment | Register a runtime, connect it, and verify traffic |
| Team setup | Organizations onboarding multiple groups | Invite members, assign access, and clarify ownership |
Workflow map
Flow 1: Console access
Use this flow when the user starts from the Keeptrusts console.
- Open the console URL for the correct environment.
- Sign in with the identity method your organization supports.
- Open the account menu and confirm the organization name and ID.
- Open a few core pages such as Overview, Gateways, and History to verify the organization is the one you expect.
The shell does not display an environment or role label. Verify expected access by opening the permitted surfaces or checking the role assignment under IAM.
This flow is complete when the user can reach the expected organization without permission surprises.
Flow 2: Application integration
Use this flow when a developer needs to send governed requests from an application.
- Create or obtain the request token the application should use.
- Point the SDK or client at the Keeptrusts gateway URL instead of the upstream provider URL.
- Send a test request.
- Confirm the authenticated response succeeds, then find its request ID with
kt events tail --since 10m --jsonorGET /v1/events?since=10m. When history capture and control-plane delivery are enabled, also confirm the retained session context in History.
Use this flow for application traffic. Keep runtime tokens separate from ordinary request tokens.
Flow 3: Gateway setup
Use this flow when your team runs the gateway in its own environment.
- Install
kton the target machine. - Export the runtime connection variables your deployment needs.
- Start the gateway with
kt gateway run. - Confirm the runtime appears as healthy in Gateways.
- Send a representative request and confirm its request ID and outcome with
kt events tail --since 10m --jsonorGET /v1/events?since=10m. Check History only when conversation capture is enabled.
Use Install the Gateway and Quickstart if you need the exact bootstrap steps.
Flow 4: Team setup
Use this flow when more than one team or working group will use the organization.
- Invite the required members.
- Assign the least-privileged access each person needs.
- Decide who owns policy changes, inbox review, audit exports, and spend oversight.
- Verify each person can reach only the surfaces intended for their role.
This flow is complete when ownership is clear and the organization is usable without manual intervention.
Signs onboarding is complete
Treat onboarding as complete when all of the following are true:
- The right people can sign in to the right organization.
- At least one governed request has been sent successfully.
kt events tailor the Events API returns the matching request activity; capture-enabled flows also show session context in History.- The team knows which token or credential is used for request traffic versus runtime connectivity.
- Ownership for policy changes and investigations is clear.