New compliance and administrative tools for ChatGPT Enterprise
Compliance API integrations, SCIM, and GPT controls to support compliance programs, data security, and user access at scale
Since we launched ChatGPT Enterprise last year, global organizations including the Boston Consulting Group, PwC, Los Alamos National Laboratory, Moderna, Lowe’s, BBVA, Western & Southern Financial Group, and many more have worked with OpenAI to securely enable their workforce with AI.
Today, we’re launching more tools to support enterprise customers with managing their compliance programs, enhancing data security, and securely scaling user access.
Programmatic control over workspace data to support compliance and data security
The new Enterprise Compliance API and eight integrations developed by leading eDiscovery and Data Loss Prevention (DLP) companies help ChatGPT Enterprise customers in regulated industries such as finance, healthcare, legal services, and government comply with logging and audit requirements.
With the API, workspace owners(opens in a new window) can efficiently audit and take action on their ChatGPT Enterprise workspace data. The API provides a record of time-stamped interactions, including conversations, uploaded files, workspace GPT configuration and metadata, memories, and workspace users. You can see the full list of permissions in our help center(opens in a new window).
Enterprise workspace owners can access the Enterprise Compliance API directly or can choose to use a third-party compliance integration to simplify the process of syncing ChatGPT Enterprise data. These new integrations offered by the following providers support a range of compliance-related activities, such as archiving, audit trails, data redaction and retention, and policy enforcement:
Integrations help ChatGPT Enterprise customers with:
Compliance programs: Support meeting requirements for regulations like FINRA, HIPAA, and GDPR
eDiscovery and legal holds: Preparing and maintaining data in the case of legal proceedings
Data Loss Prevention (DLP): Monitoring and deleting sensitive data such as Personally Identifiable Information (PII), Protected Health Information (PHI), or financial data
We’ll continue to collaborate with compliance providers to add more capabilities and integrations throughout the year.
Automated user management
Next week, we’ll roll out SCIM (System for Cross-domain Identity Management), enabling admins to sync their internal employee directories with their ChatGPT Enterprise workspace for programmatic provisioning and deprovisioning of user accounts. This ensures user access and information is consistently accurate and up-to-date across systems.
We’ll support custom SCIM and most company directories including Okta Workforce, Microsoft Entra ID, Google Workspace, and Ping.
SCIM is currently in beta, with broader availability coming next week. ChatGPT Enterprise customers can reach out to their OpenAI account team to learn more.
Expanded GPT controls
Enterprise workspace admins now have more precise control over GPTs—custom versions of ChatGPT configured with natural language instructions, knowledge via file uploads, and actions.
Previously, admins could only fully allow or block usage of GPT actions created in their workspace. We’ve added a new setting that lets workspace admins create an approved list of specific domains(opens in a new window) for more granular controls over actions. This ensures GPTs can interact with approved services while restricting other domains.
In addition to this new setting, Enterprise admins also have access to:
Group permissions(opens in a new window): Create and edit user groups to control GPT access and permissions more granularly within your workspace.
Comprehensive GPT settings(opens in a new window): Manage GPT sharing permissions, view the configuration of any GPT in your workspace, remove GPTs, transfer ownership, and set global GPT capabilities.
Third-party GPT controls(opens in a new window): Approve specific third-party GPTs in your workspace, or set global controls to allow or restrict all external GPTs.
GPTs provide more personalized outputs based on the knowledge and information users share and extend the power of ChatGPT by interacting with other systems. With these controls, Enterprise admins can ensure their workspace has safe access to the power of GPTs.
Supporting secure AI deployments at scale
We continue to invest deeply in enterprise security. In addition to these new tools, ChatGPT Enterprise offers robust data privacy, security, and admin controls, including:
No customer data or metadata is used for training models
Data encryption at rest and in transit
Custom data retention window
Single Sign-On (SSO) and domain verification
CCPA, CSA STAR, and SOC 2 Type 2 compliance
If you’re interested in ChatGPT Enterprise, please reach out to our team to learn how we partner with organizations on AI strategy, use case development, and workforce enablement. We’ve worked with hundreds of global enterprises to support effective AI deployments securely and at scale.
These tools are also available in ChatGPT Edu, an accessible option for universities to bring AI to campus at scale.