Skip to main content

Overview

Tools for IT and information governance teams to keep Nobly Insight safe, auditable, and well-run. Designed for the demands of regulated industries — finance, insurance, pension, and the public sector.

User and access management

  • User and group administration through a modern admin UI
  • Two-tier permission model: per-document-type rights (view, modify, delete, print, mail, and so on) layered with security keywords for record-level access
  • Permissions can be granted by role, organisational unit, or individual user
  • Single sign-on and just-in-time user provisioning from your identity provider (Microsoft Entra ID, Azure AD, or other OpenID Connect / OAuth 2.0 providers)
  • Attribute-level security restricts visibility and editing of individual fields on business objects

Audit and activity logging

LayerWhat is logged
Configuration auditEvery change to system configuration (document types, keyword definitions, user groups, settings) is logged with who, when, and what changed
Activity auditEvery read, write, print, mail, and delete on a document is recorded against the user
Workflow auditEvery workflow step a case passes through is recorded with timestamps and actors
Script auditEvery custom-script run is recorded with caller, inputs, and result
Logs are searchable and designed to meet financial-sector and public-sector audit requirements.

Health and observability

  • Real-time health checks for every component
  • Performance and usage metrics for capacity planning
  • Background job dashboard for AI indexing, security sync, retention, and other long-running tasks

Multi-tenant isolation

  • The same code base serves multiple organisations
  • Each tenant’s data, configuration, and AI indexes are fully isolated
  • Per-customer configuration means features can be enabled or tuned without redeploying
  • Per-customer feature flags allow new capabilities to be rolled out gradually and turned on or off per tenant

Security and compliance

Nobly Insight is designed for highly regulated industries.
  • Encryption at rest for all stored content
  • Encryption in transit (HTTPS/TLS) for every API call and user session
  • OpenID Connect / OAuth 2.0 for authentication and federation with corporate identity providers
  • Role-, document-type-, attribute-, and record-level access control with security keywords
  • Comprehensive audit logging of user actions and configuration changes
  • GDPR-friendly: redaction, retention, and data-subject access support
  • Sandboxed customisation: customer scripts cannot access the file system or break out of their execution boundary
  • Secret management: credentials for external system integrations are encrypted with strong, industry-standard encryption and never exposed to script authors
  • AI privacy: every AI feature runs on Nobly-owned infrastructure in the EU, on open-weight models, with no third-party AI subprocessors and no training on customer data — see Data and privacy

Deployment options

OptionDescription
Cloud-hostedRuns on managed cloud infrastructure with managed PostgreSQL and SQL databases, file storage, caching, and a managed event bus
Private cloud / on-premiseDeployable in customer-managed environments or hybrid setups
Continuous deliveryCustomer environments (Dev, Test, QA, Production) are managed through automated release pipelines
Versioned APIsBackwards-compatible versioning so integrations keep working across releases
AI inference is always served from Nobly-owned servers in EU co-location facilities, regardless of where the rest of the platform is hosted. See Infrastructure and models for details.

How we use AI

AI principles, data and privacy, and infrastructure for procurement and compliance review.

Extensibility

The script engine and REST API for extending and integrating Nobly Insight.