gbox
Vos données restent chez vous. Book a demo
← Back to the AI Box Multi-tenant

One box, multiple organisations

For mid-market groups with subsidiaries, multi-practice firms and ministries: isolate data per org while sharing the hardware. Separate RBAC, KBs and audit logs by construction.

Use cases

Why you need it

Multi-site mid-market groups
Holding + 3 subsidiaries on a single L Box: each subsidiary sees its own documents, never the siblings'. Savings: 3× vs 4 individual boxes.
Ethical walls
Law firms, consulting, audit: conflict-of-interest rules forbid crossing client matters. The Box enforces those walls technically, not by policy.
Infrastructure savings
One L at €38k for 4 entities is cheaper than 4 S at €12k each (= €48k). And one support contract for the central IT team to manage.
Architecture

How isolation actually holds

1
Separate Postgres schemas
Every org has its own dedicated Postgres schema for audit logs and Open WebUI sessions. No SQL join can cross orgs.
2
Ragnight / KB namespaces
Embeddings and chunks are scoped `org-<slug>`. Vector search filters at the engine level.
3
Authentik groups per org
Each user belongs to one and only one `gbox-org-<slug>` group. RBAC forbids switching between orgs.
4
Connectors scoped via ORG_SLUG
Each connector ingests sources for one specific org. No accidental cross-org ingestion.
CLI

Up and running in 4 commands

# Create a new org
$ gbox orgs create filiale-lyon "Filiale Lyon"
 Org 'filiale-lyon' created. KB namespace: org-filiale-lyon

# Run a connector scoped to an org
$ ORG_SLUG=filiale-lyon docker compose up -d connector-sharepoint

# List configured orgs
$ gbox orgs list
SLUG                    NAME                            CREATED
filiale-lyon            Filiale Lyon                    2026-05-05T10:23:00Z
holding-paris           Holding Paris                   2026-04-12T14:01:00Z
filiale-marseille       Filiale Marseille               2026-03-28T09:11:00Z

# Erase a user from an org (GDPR)
$ gbox erase --user alice@filiale-lyon.fr
Examples

Three multi-tenant deployments

Mid-market group
Industrial group · 4 subsidiaries
1 shared L Box. Each subsidiary sees its own quality procedures, supplier contracts, HR. Separate audit logs exported quarterly to each MD.
Law firm
3-department firm
Corporate / Litigation / Tax. Ethical walls per department. A Corporate associate cannot see Litigation matters even by technical accident.
Government
Ministry · 5 directorates
Air-gap mode. Each directorate has its namespace, audit log, users. Separate annual ANSSI audit per directorate, independently.

Got a multi-entity organisation?

30 minutes to walk through your topology (subsidiaries, departments, ethical walls). We come back with a costed isolation plan within one business day.

Discuss your topology