Enterprise scheduling infrastructure

Your whole organization, bookable and compliant. Deploy on our infrastructure or yours.

How does Temporal Cortex meet enterprise compliance requirements?

Temporal Cortex is designed for SOC 2 Type II compliance with audited security controls, offers HIPAA BAA for healthcare scheduling, and supports Single Sign-On via SAML and OIDC with providers including Okta, Azure AD, and Google Workspace.

SOC 2

Type II Compliance

Audited security controls for data protection and availability.

HIPAA

BAA Available

Business Associate Agreement for healthcare scheduling workflows.

SSO

SAML / OIDC

Single sign-on with your identity provider. Okta, Azure AD, Google Workspace.

Can I self-host Temporal Cortex?

Yes. Temporal Cortex supports full self-hosted deployment — your data never leaves your environment. Deploy with Docker Compose for single-machine setups or Terraform modules for production-grade infrastructure on AWS, GCP, or Azure.

Docker Compose

Single-machine deployment for smaller teams. API, MCP server, database, and portal in containers.

Terraform Modules

Production-grade infrastructure on AWS, GCP, or Azure. Auto-scaling, monitoring, and backup included.

What enterprise features does Temporal Cortex offer?

Temporal Cortex Enterprise includes multi-user organization management, admin-provisioned Agent Skills and policies, data residency options (US/EU), audit log export with SIEM integration, and dedicated infrastructure with SLA and priority support.

✓ Multi-user organization + seat management

✓ Admin-provisioned Agent Skills + policies

✓ Data residency options (US / EU)

✓ Custom data retention policies

✓ Audit log export + SIEM integration

✓ Dedicated infrastructure option

✓ Volume booking pricing (negotiated)

✓ SLA + priority support

How does the security architecture work?

Temporal Cortex uses defense-in-depth: API key authentication with SHA-256 hashing, a content sanitization firewall that strips prompt injection attempts, and caller-based policy enforcement that evaluates every request against configurable rules.

Auth

API Key Authentication

Keys follow the format sk_live_<prefix>_<base64url>. Server stores SHA-256 hashes only — raw keys are never persisted. Prefix enables key identification without exposure.

Safety

Content Sanitization Firewall

Every request passes through a content policy evaluator that strips zero-width Unicode characters, detects role reassignment attempts, and enforces configurable rules. High-priority conflicts are never overridable. Sanitization runs before any tool execution (fail-fast).

Data

Encryption & Isolation

Calendar data encrypted in transit (TLS 1.3) and at rest. Self-hosted deployments: your data never leaves your infrastructure. Cloud deployments: tenant isolation with per-organization database schemas.

Stack

Platform Architecture

cortex-api (Axum) + cortex-mcp (MCP server) + PostgreSQL + portal (Next.js). Written in Rust for memory safety and deterministic performance. 510+ Rust tests, 9,000+ property-based tests, 42 JS tests, 30 Python tests.

Frequently asked questions

Is Temporal Cortex SOC 2 compliant?

Temporal Cortex is designed for SOC 2 Type II compliance. The platform includes audited security controls for data protection and availability, API key authentication with SHA-256 hashing, content sanitization firewall, and caller-based policy enforcement. Enterprise customers receive compliance documentation and audit support.

Can I self-host Temporal Cortex?

Yes. The open-source npm binary runs entirely on your machine with no external dependencies. For enterprise self-hosted deployments with the full platform stack (API server, MCP server, database, and portal), we provide Docker Compose configurations for single-machine deployments and Terraform modules for production-grade infrastructure on AWS, GCP, or Azure.

Does Temporal Cortex support SSO and SAML?

Yes. Enterprise deployments support Single Sign-On via SAML and OIDC protocols. Temporal Cortex integrates with identity providers including Okta, Azure AD (Microsoft Entra), and Google Workspace. SSO is available on the Enterprise tier.

What data residency options are available?

Enterprise customers can choose data residency in the United States or European Union. Self-hosted deployments give full control over data location. Custom data retention policies and audit log export to your SIEM are also available on the Enterprise tier.

Open source core Technical deep-dive Compare to alternatives Documentation

Let's talk about your requirements

Tell us about your team size, compliance needs, and deployment preferences. We'll design a solution that fits.