Skip to content
Arbitex Docs

Self-Serve Onboarding

This guide walks through the full onboarding flow for a new Arbitex organization: account creation, plan selection, provider connection, policy configuration, and first request. Complete each step in order.

Step 1: Create your account

Section titled “Step 1: Create your account”

Option A: Email and password (native account)

Section titled “Option A: Email and password (native account)”
  1. Navigate to the Arbitex sign-up page.
  2. Enter your email address, username, and password.
    • Password requirements: minimum 8 characters, at least one uppercase letter, at least one number.
  3. Click Create account.
  4. Verify your email address by clicking the link in the confirmation email.

Option B: Single sign-on (SSO)

Section titled “Option B: Single sign-on (SSO)”

If your organization uses Entra ID, click Sign in with Microsoft on the login page. JIT provisioning creates your account automatically on first login using your Microsoft identity. Your org admin must have configured Entra ID OIDC integration before this option is available — see SSO Configuration Guide.

After account creation

Section titled “After account creation”

Your account is created with the USER role. If you are setting up a new organization, contact your platform operator or Arbitex support to have your account promoted to ADMIN. All subsequent steps require admin access.

Step 2: Select a plan

Section titled “Step 2: Select a plan”
  1. After logging in, navigate to Settings → Billing.
  2. Review the available plans and select the one appropriate for your organization.
  3. Enter payment information and confirm the subscription.

Your plan determines:

  • Request throughput limits (requests per minute)
  • Model access tier (which providers and models are available)
  • Outpost deployment eligibility (hybrid or on-premises deployments)
  • Data retention period for audit logs

Plan details and current tier limits are shown in Settings → Billing → Plan details.

Step 3: Connect your first provider

Section titled “Step 3: Connect your first provider”

Arbitex proxies AI requests to one or more upstream providers. Connect at least one provider before making requests.

  1. Navigate to Settings → Providers.

  2. Click Add Provider.

  3. Select the provider type (OpenAI, Anthropic, Azure OpenAI, or others in your plan).

  4. Enter the required credentials:

    ProviderRequired fields
    OpenAIAPI key
    AnthropicAPI key
    Azure OpenAIEndpoint URL, API key, deployment name

  5. Set the provider to Active.

  6. Click Save.

Arbitex tests connectivity when you save. If the connection fails, verify your credentials and network configuration.

To configure multiple providers and fallback routing, see Provider management.

Step 4: Configure your first policy

Section titled “Step 4: Configure your first policy”

A policy controls what requests are allowed, blocked, or modified as they pass through Arbitex. If you make no changes, the default behavior is ALLOW — all requests from authenticated users pass through without restriction.

For most organizations, the first policy step is applying a compliance bundle or creating a basic custom rule.

Option A: Apply a compliance bundle

Section titled “Option A: Apply a compliance bundle”

If your organization is subject to a regulatory framework (HIPAA, PCI-DSS, GDPR, etc.), apply the corresponding bundle pack:

  1. Navigate to Settings → Policies → Policy Packs.
  2. Locate the bundle for your framework (e.g., HIPAA Bundle).
  3. Toggle it to Active.

The bundle’s rules are now applied to all requests from your organization. Bundle packs are read-only and managed by Arbitex.

Option B: Create a custom policy pack

Section titled “Option B: Create a custom policy pack”
  1. Navigate to Settings → Policies → Policy Packs.
  2. Click New Policy Pack.
  3. Enter a name (e.g., Default Org Policy) and click Create Pack.
  4. Navigate to Settings → Policies → Rules.
  5. Select your new pack and click Add Rule.
  6. Configure a rule:
    • Name: e.g., “Block SSN in input”
    • Direction: input
    • Conditions: entity_types: ["SSN"]
    • Action: BLOCK
    • Message: “Requests containing Social Security Numbers are not permitted.”
  7. Click Save.

For a full explanation of conditions, actions, and combining algorithms, see Policy Engine user guide.

Add your pack to the policy chain

Section titled “Add your pack to the policy chain”

Rules in a pack are only evaluated if the pack is part of the active policy chain:

  1. Navigate to Settings → Policies → Chains.
  2. Select the Org chain.
  3. Click Add Pack.
  4. Select your new pack and set its sequence position.
  5. Click Save.

Step 5: Create your API key

Section titled “Step 5: Create your API key”

Requests to Arbitex are authenticated with an API key. Create one to use in your integration:

  1. Navigate to Settings → API Keys.
  2. Click Create API key.
  3. Enter a name (e.g., Development) and set the scope and expiration.
  4. Click Create.
  5. Copy the key value — it is shown once and cannot be retrieved afterwards.

For full API key management including rotation and revocation, see API key management.

Step 6: Make your first request

Section titled “Step 6: Make your first request”

With a provider connected, a policy active, and an API key in hand, send your first request through Arbitex.

Chat completions endpoint

Section titled “Chat completions endpoint”
Terminal window
curl -X POST https://api.arbitex.ai/api/chat/completions \
  -H "Authorization: Bearer <your_api_key>" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [
      { "role": "user", "content": "Summarize the benefits of AI governance." }
    ]
  }'

The request is evaluated against your active policy chain before being forwarded to the provider. The response is returned in OpenAI-compatible format.

If you receive a 401 Unauthorized, verify that your API key is active and correctly formatted in the Authorization header.

If you receive a 403 Forbidden with a policy block message, a policy rule is blocking the request. Check your policy chain configuration in Settings → Policies.

OpenAI SDK compatibility

Section titled “OpenAI SDK compatibility”

Arbitex is compatible with the OpenAI Python and Node.js SDKs. Change only the base_url to point at Arbitex:

from openai import OpenAI


client = OpenAI(
    api_key="<your_arbitex_api_key>",
    base_url="https://api.arbitex.ai/api"
)


response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Hello"}]
)
print(response.choices[0].message.content)

For migration details, see OpenAI SDK migration guide.

Next steps

Section titled “Next steps”

After completing onboarding:

  • Add users — invite team members or configure SCIM provisioning to sync from your IdP. See User & group management.
  • Configure SSO — enable Entra ID OIDC or SAML 2.0 for your organization. See SSO Configuration Guide.
  • Set up groups — create groups and assign policy rules per group. See Groups & RBAC.
  • Enable audit logging — configure log retention and export for compliance. See Audit log export.
  • Connect SIEM — forward audit events to Splunk, Sentinel, or another SIEM. See SIEM integration guide.
  • Hybrid deployment — deploy an Outpost for on-premises or air-gapped environments. See Outpost deployment guide.

Troubleshooting

Section titled “Troubleshooting”
SymptomLikely causeResolution
401 Unauthorized on API callInvalid or expired API keyVerify key value and status in Settings → API Keys
403 Forbidden with block messagePolicy rule blocking the requestReview active policy chain in Settings → Policies
Provider connection test failsIncorrect credentials or network restrictionVerify API key and endpoint URL; check firewall rules
SSO login failsOIDC not configured or IdP misconfigurationVerify environment variables per SSO Configuration Guide
SCIM provisioning errorsInvalid or rotated SCIM tokenRotate token and update IdP SCIM configuration

See also

Section titled “See also”