Skip to main content

July 18, 2024

New compliance and administrative tools for ChatGPT Enterprise

Compliance API integrations, SCIM, and GPT controls to support compliance programs, data security, and user access at scale

The image shows a soft-focus, abstract close-up of a curved pink petal or shape, blending gently into a light purple and pink background, creating a smooth, flowing effect with delicate color transitions.

Since we launched ChatGPT Enterprise last year, global organizations including the Boston Consulting Group, PwC, Los Alamos National Laboratory, Moderna, Lowe’s, BBVA, Western & Southern Financial Group, and many more have worked with OpenAI to securely enable their workforce with AI. 

Today, we’re launching more tools to support enterprise customers with managing their compliance programs, enhancing data security, and securely scaling user access.

Programmatic control over workspace data to support compliance and data security

The new Enterprise Compliance API and eight integrations developed by leading eDiscovery and Data Loss Prevention (DLP) companies help ChatGPT Enterprise customers in regulated industries such as finance, healthcare, legal services, and government comply with logging and audit requirements.

With the API, workspace owners(opens in a new window) can efficiently audit and take action on their ChatGPT Enterprise workspace data. The API provides a record of time-stamped interactions, including conversations, uploaded files, workspace GPT configuration and metadata, memories, and workspace users. You can see the full list of permissions in our help center(opens in a new window)

Enterprise workspace owners can access the Enterprise Compliance API directly or can choose to use a third-party compliance integration to simplify the process of syncing ChatGPT Enterprise data. These new integrations offered by the following providers support a range of compliance-related activities, such as archiving, audit trails, data redaction and retention, and policy enforcement:


Integrations help ChatGPT Enterprise customers with:

  • Compliance programs: Support meeting requirements for regulations like FINRA, HIPAA, and GDPR

  • eDiscovery and legal holds: Preparing and maintaining data in the case of legal proceedings

  • Data Loss Prevention (DLP): Monitoring and deleting sensitive data such as Personally Identifiable Information (PII), Protected Health Information (PHI), or financial data

We’ll continue to collaborate with compliance providers to add more capabilities and integrations throughout the year.

Automated user management

Next week, we’ll roll out SCIM (System for Cross-domain Identity Management), enabling admins to sync their internal employee directories with their ChatGPT Enterprise workspace for programmatic provisioning and deprovisioning of user accounts. This ensures user access and information is consistently accurate and up-to-date across systems. 

We’ll support custom SCIM and most company directories including Okta Workforce, Microsoft Entra ID, Google Workspace, and Ping.   

SCIM is currently in beta, with broader availability coming next week. ChatGPT Enterprise customers can reach out to their OpenAI account team to learn more.

The image shows a directory sync setup screen with options to select a provider: Okta, Entra ID (Azure AD), Google Workspace, CyberArk, JumpCloud, OneLogin, or Custom SCIM. It includes a search bar for finding providers.

Expanded GPT controls

Enterprise workspace admins now have more precise control over GPTs—custom versions of ChatGPT configured with natural language instructions, knowledge via file uploads, and actions. 

Previously, admins could only fully allow or block usage of GPT actions created in their workspace. We’ve added a new setting that lets workspace admins create an approved list of specific domains(opens in a new window) for more granular controls over actions. This ensures GPTs can interact with approved services while restricting other domains.

A demonstration of the process of approving domains for GPT actions, enabling and sharing the GPT.

In addition to this new setting, Enterprise admins also have access to:

GPTs provide more personalized outputs based on the knowledge and information users share and extend the power of ChatGPT by interacting with other systems. With these controls, Enterprise admins can ensure their workspace has safe access to the power of GPTs.

Supporting secure AI deployments at scale

We continue to invest deeply in enterprise security. In addition to these new tools, ChatGPT Enterprise offers robust data privacy, security, and admin controls, including:

  • No customer data or metadata is used for training models

  • Data encryption at rest and in transit

  • Custom data retention window

  • Single Sign-On (SSO) and domain verification

  • CCPA, CSA STAR, and SOC 2 Type 2 compliance

If you’re interested in ChatGPT Enterprise, please reach out to our team to learn how we partner with organizations on AI strategy, use case development, and workforce enablement. We’ve worked with hundreds of global enterprises to support effective AI deployments securely and at scale.

These tools are also available in ChatGPT Edu, an accessible option for universities to bring AI to campus at scale.