Enterprise Onboarding

Set up an enterprise Octomil organization from scratch.

Prerequisites

Octomil CLI installed: curl -fsSL https://octomil.com/install.sh | sh
Authenticated via octomil login

Step 1: Initialize the organization

octomil init "Acme Health" --compliance hipaa --region us

Organization created: org_7f8a9b0c
Name: Acme Health
Compliance: hipaa
Region: us
Role: owner

See Compliance for what each preset configures.

Step 2: Add team members

octomil team add alice@acme.com --role admin
octomil team add bob@acme.com --role member
octomil team add carol@acme.com --role admin

Each invite sends an email with a secure link (expires in 7 days). See Roles & RBAC for role details.

Step 3: Verify the team

octomil team list

Members:
  you@acme.com        owner    active
  alice@acme.com      admin    active
  carol@acme.com      admin    pending (expires 2026-02-26)
  bob@acme.com        member   active

Total: 4 members (3 active, 1 pending)
RBAC checkpoint: passed (2 admins, 4 members)

Enterprise organizations require at least 2 admin-or-higher accounts and 2 total members (the RBAC checkpoint).

Step 4: Set security policies

octomil team set-policy --require-mfa --auto-rollback

Flag	Description
`--require-mfa`	Require MFA for all users
`--auto-rollback`	Roll back deployments that exceed error thresholds
`--session-hours <n>`	Max session duration before re-auth
`--reauth-minutes <n>`	Inactivity timeout before re-auth
`--audit-retention-days <n>`	Days to retain audit logs
`--require-admin-approval`	Require admin approval for production deployments

Step 5: Create API keys

octomil keys create deploy-key --scope devices:write
octomil keys create ci-key --scope models:read

Keys are shown once — store them securely. See API Keys & Scopes for the full scopes table and usage examples.

Next steps

Federations — set up cross-organization collaborative training
Federated Training — run training across your federation
Compliance — HIPAA, GDPR, PCI, SOC 2 details
Roles & RBAC — role permissions and the RBAC checkpoint
API Keys & Scopes — scoped keys for devices, CI, and deploys
SSO + SCIM — enterprise identity providers
Rollouts — canary and progressive deployment

Troubleshooting

Invite not received — Check octomil team list for correct email. Invites expire in 7 days; re-invite with octomil team add.

RBAC checkpoint not passing — Need 2+ admin-or-higher accounts and 2+ total members.

Compliance preset not applying — Presets require owner or admin role. Apply during octomil init or from the compliance dashboard.

API key not working — Confirm the key has the required scope. devices:write keys cannot access model endpoints.

Session expired frequently — Compliance presets like hipaa and pci use 8-hour sessions with 30-minute reauth. Adjust with octomil team set-policy --session-hours <n>.

Prerequisites​

Step 1: Initialize the organization​

Step 2: Add team members​

Step 3: Verify the team​

Step 4: Set security policies​

Step 5: Create API keys​

Next steps​

Troubleshooting​