Skip to content

Multi-Tenant Architecture Governance, by Workspace

Complete workspace isolation. Per-workspace identity, branding, AI configuration, and billing. Built for enterprises with distinct business units and for consultancies serving multiple clients on a single platform.

Start FreeRequest a Demo

Isolation Is a Foundation, Not a Feature

Multi-tenancy is often retrofitted onto single-tenant applications, with subtle leaks lurking in queries that forgot to scope by tenant. For architecture data — strategy decisions, threat models, vendor evaluations — a single leaked query is a serious incident.

cajeX is multi-tenant by construction. Every record carries a composite partition key that includes the workspace ID. Every query routes through workspace-aware middleware that enforces scoping before the database is touched. There is no code path where a query can return rows from a different workspace.

On top of the data layer, AI provider credentials are isolated too. Each workspace stores its own API keys encrypted at rest with per-workspace AES-GCM-256 keys. There is no shared credential surface across workspaces.

Eight Tenancy Capabilities

Everything you need to run cajeX as a single workspace, or as dozens of isolated workspaces under one organisation.

Workspace Isolation

Complete data isolation via composite partition keys and workspace-aware middleware — every query is scoped to a single workspace. AI provider API keys are encrypted at rest with per-workspace AES-GCM-256 keys.

Onboarding Wizard

Guided setup for new workspaces — organisation details, plan selection, initial team invitations, and first-run defaults.

Custom Branding

Upload your workspace logo and configure brand colours to match your organisation's identity across the app.

Identity Providers

Social Login (Google, GitHub, Apple) and Magic Link on all standard plans. Enterprise SSO with OIDC, SAML, SCIM provisioning, and Single Logout — Entra ID natively supported, plus any OIDC-compliant provider (Okta, Auth0, etc.) on Enterprise plans.

Member Management

Token-based invitations with accept/revoke flow, bulk invite capabilities, role assignment, and ownership transfer.

Billing & Subscriptions

Per-seat billing via Stripe across Free, Basic, Pro, Team, and Enterprise tiers, with automatic seat counting and per-workspace AI usage tracking.

Data Export

Async data export of your workspace members and projects to cloud storage. Download as JSON with a presigned one-click link (CSV format coming soon).

Workspace Purge & Retention

Soft delete with a 30-day recovery window and scheduled purge. Restore your workspace anytime before permanent deletion.

Identity Provider Deep Dive

cajeX supports the identity stack you already use — from one-click social login on standard plans to full enterprise SSO with SCIM provisioning.

Standard plans

One-click social login on Free, Basic, Pro, and Team plans. No identity provider configuration required.

  • Google
  • Apple
  • GitHub
  • Magic Link

Enterprise SSO

Centralised identity for Enterprise workspaces. Automatic user lifecycle management via SCIM, group-based role mapping, and SLO so user offboarding propagates instantly.

  • Microsoft Entra ID (native)
  • Any OIDC provider (Okta, Auth0)
  • SAML 2.0
  • SCIM 2.0 provisioning
  • Single Logout

Single Workspace or Multiple?

Both models are first-class in cajeX. Choose based on whether you need shared standards across your organisation, or distinct governance per business unit.

Single workspace

You're one organisation with one architecture team applying one set of standards. Different teams or business units can share the workspace using role-based access and project tagging.

Typical examples

  • Mid-market companies
  • Single-tenant enterprises
  • Startup engineering teams

Multiple workspaces

You serve multiple clients with separate governance standards (consultancies), or you operate distinct business units with materially different architecture practices (large enterprises, holding companies).

Typical examples

  • Architecture consultancies (one workspace per client)
  • Holding companies with separate operating businesses
  • Enterprises running multiple acquisition entities
See the canonical use-case pages: Architecture Consultancies and Enterprise Architecture Teams.

Per-Workspace AI Configuration

Each workspace is its own AI tenant. You configure the model, provider, credentials, and budget independently — no shared keys, no shared quotas, no cross-workspace AI leakage path.

  • Different model per workspace. Run Claude in your main workspace, run a different model in a client-facing or experimental workspace.
  • Per-workspace API key encryption. Each workspace's credentials are encrypted at rest with its own AES-GCM-256 key.
  • Per-workspace quotas. Set token budgets per workspace; the platform tracks usage by model, task, and day. Hit a quota and that workspace pauses AI features — others continue uninterrupted.
  • Disable AI per workspace. Regulated workspaces can turn off AI features entirely — every other governance module still works. See AI Co-Worker.

Frequently Asked Questions

What is workspace isolation in cajeX?
Every workspace has its own data partition. Queries are scoped to a single workspace via composite partition keys plus workspace-aware middleware, so no query can return data from another workspace. AI provider API keys are encrypted at rest with per-workspace AES-GCM-256 keys. There is no shared key, no cross-workspace data leakage path.
Does cajeX support SCIM for user provisioning?
Yes, on Enterprise plans. SCIM 2.0 provisioning automates user lifecycle — when your identity provider adds, updates, or deactivates a user, cajeX mirrors the change. Group-based role mapping lets you assign cajeX roles based on IdP group membership.
Can different workspaces use different AI models?
Yes. Each workspace configures its own AI provider, model, and API credentials. You can run Claude in one workspace and a different model in another. API keys are encrypted per workspace, so there is no shared credential surface.
How does per-seat billing work across multiple workspaces?
Each workspace is billed independently. Seats are counted automatically per workspace; adding a member mid-cycle is prorated. Workspaces can be on different plan tiers — a consultancy might run their internal workspace on Team and each client workspace on Basic.
What happens when a user belongs to multiple workspaces?
Each workspace membership is a separate billing seat. The user can switch between workspaces from the app; permissions are evaluated independently per workspace. Single Sign-On (on Enterprise) signs the user in across all workspaces they have access to.
Can I migrate from a single workspace to multiple later?
Yes. Workspace data is fully exportable as JSON. You can spin up a new workspace, import the relevant subset, and reassign members — or run them in parallel during the migration. cajeX has no architectural lock-in around the single-workspace decision.

Set Up Your First Workspace

Start free, no credit card required. Add more workspaces as your organisation or client roster grows.

Start Free View Pricing