Getting Started

Workspace Onboarding

A guided setup wizard that walks your team through workspace configuration. Categorized steps, progress tracking, and skip options for optional items.

Step Categories

Setup

Core workspace configuration: name, plan, billing, and initial preferences.

Security

API key management, authentication setup, and access control configuration.

Compliance

Regulatory framework selection, policy template imports, and compliance goals.

Integration

Connect external services, configure webhooks, and set up SDK access.

Team

Invite team members, assign roles, and configure notification preferences.

Wizard Stages Overview

The onboarding wizard consists of five sequential stages. You can save progress at any point and resume later. Each stage has required and optional configuration steps.

GET /api/v1/onboarding/status

// Check onboarding progress
GET /api/v1/onboarding/status

{
  "ok": true,
  "data": {
    "workspaceId": "019ws-...",
    "completedStages": ["setup", "security"],
    "currentStage": "compliance",
    "progress": 0.4,
    "startedAt": "2026-02-10T09:00:00Z",
    "estimatedMinutesRemaining": 15
  }
}

Stage 1: Setup

Configure the fundamentals of your workspace: identity, region, billing, and API access.

Workspace Name & SlugRequired

Unique identifier used in URLs and API calls.

Data RegionRequired

Primary data residency: US, EU, APAC, or custom sovereign.

Billing PlanRequired

Select Free, Pro, Enterprise, or Government tier.

API Key GenerationRequired

Generate your first live and test API keys.

Custom DomainOptional

Map a custom domain for your workspace dashboard.

Logo & BrandingOptional

Upload workspace logo and configure badge colors.

POST /api/v1/onboarding/setup

POST /api/v1/onboarding/setup

{
  "workspaceName": "Acme Corp",
  "slug": "acme-corp",
  "region": "us-east-1",
  "plan": "enterprise",
  "generateApiKeys": true,
  "customDomain": "drd.acme.com"
}

// Response
{
  "ok": true,
  "data": {
    "workspaceId": "019ws-...",
    "apiKeys": {
      "live": "drd_live_sk_...",
      "test": "drd_test_sk_..."
    },
    "dashboardUrl": "https://app.drd.io/acme-corp",
    "nextStage": "security"
  }
}

Stage 2: Security

Harden your workspace with authentication, network controls, and cryptographic signing configuration.

SSO / SAML 2.0Optional

Connect Okta, Azure AD, Google Workspace, or any SAML 2.0 identity provider.

Multi-Factor AuthRequired

Enforce TOTP, WebAuthn, or hardware key MFA for all workspace members.

IP AllowlistOptional

Restrict API and dashboard access to approved CIDR ranges.

Signing KeysRequired

Configure Ed25519 or ML-DSA-65 keys for event signing and badge verification.

POST /api/v1/onboarding/security

POST /api/v1/onboarding/security

{
  "mfa": {
    "required": true,
    "methods": ["totp", "webauthn"]
  },
  "sso": {
    "provider": "okta",
    "metadataUrl": "https://acme.okta.com/app/.../sso/saml/metadata"
  },
  "ipAllowlist": ["10.0.0.0/8", "203.0.113.0/24"],
  "signingKey": {
    "algorithm": "Ed25519",
    "rotationDays": 90
  }
}

Stage 3: Compliance

Select the regulatory frameworks your organization must comply with. DRD automatically configures policies, retention rules, and audit settings based on your selections.

EU AI Act

AI governance, risk classification, transparency

ISO 42001

AI management system, responsible AI lifecycle

NIST AI RMF

Risk management, trustworthiness characteristics

SOC 2 Type II

Security, availability, processing integrity

GDPR

Data protection, right to erasure, consent management

FedRAMP

Federal cloud security, continuous monitoring

POST /api/v1/onboarding/compliance

POST /api/v1/onboarding/compliance

{
  "frameworks": ["eu-ai-act", "iso-42001", "soc2-type-ii"],
  "dataResidency": {
    "primary": "eu-west-1",
    "backup": "eu-central-1",
    "sovereignMode": false
  },
  "retention": {
    "eventLogDays": 2555,
    "contentFingerprintDays": 3650,
    "auditTrailDays": 2555
  },
  "auditSchedule": "quarterly"
}

Stage 4: Integration

Connect DRD to your existing infrastructure. Configure webhooks, SIEM exports, CI/CD pipelines, and third-party services.

Webhook EndpointsReceive real-time events at your HTTP endpoints with HMAC signature verification.
SIEM IntegrationExport audit logs to Splunk, Elastic, Datadog, or any SIEM via syslog or OTLP.
CI/CD PipelinesGitHub Actions, GitLab CI, or Jenkins steps for pre-deploy compliance checks.
Cloud StorageConnect S3, GCS, or Azure Blob for content ingestion and backup export.

POST /api/v1/onboarding/integrations

POST /api/v1/onboarding/integrations

{
  "webhooks": [
    {
      "name": "Slack Alerts",
      "url": "https://hooks.slack.com/services/...",
      "events": ["enforcement.*", "trust.degraded"]
    }
  ],
  "siem": {
    "type": "splunk",
    "hecUrl": "https://splunk.acme.com:8088",
    "hecToken": "your-hec-token",
    "index": "drd-events"
  },
  "cicd": {
    "provider": "github",
    "installationId": "12345678",
    "repos": ["acme/main-app", "acme/ml-models"]
  }
}

Stage 5: Team

Invite team members, assign roles, and configure granular permissions. DRD supports role-based access control with custom role definitions.

Role	Permissions	Use Case
Owner	Full access, billing, delete workspace	Account owner
Admin	All settings, invite users, manage agents	IT/Security leads
Operator	View dashboards, manage agents, review content	Day-to-day operations
Analyst	Read-only dashboards, export reports	Compliance auditors
Developer	API access, SDK integration, test mode	Engineering teams
Custom	Granular per-resource permission sets	Specialized roles

POST /api/v1/onboarding/team

POST /api/v1/onboarding/team

{
  "invitations": [
    {
      "email": "alice@acme.com",
      "role": "admin",
      "message": "Welcome to DRD! You have admin access."
    },
    {
      "email": "bob@acme.com",
      "role": "operator"
    },
    {
      "email": "carol@acme.com",
      "role": "analyst"
    }
  ],
  "defaultRole": "analyst",
  "ssoAutoProvision": true,
  "notifyVia": ["email", "slack"]
}

Onboarding Complete

After completing all five stages, your workspace is fully configured and ready for production. DRD runs a validation check to ensure all required settings are in place. You can re-run any stage at any time from the workspace settings.

SDK Usage

onboarding.ts

import { DRD } from '@drd/sdk';

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

// Get current progress
const progress = await drd.onboarding.getProgress();
console.log(progress.completedSteps);
console.log(progress.currentStep);

// Complete a step
await drd.onboarding.updateStepCompletion({
  stepSlug: 'configure-api-keys',
  completedSteps: [...progress.completedSteps, 'configure-api-keys'],
  currentStep: 'setup-webhooks',
});

// Skip an optional step
await drd.onboarding.skipStep({
  stepSlug: 'connect-slack',
  skippedSteps: [...progress.skippedSteps, 'connect-slack'],
});

Next Steps

Dashboard

Customize your workspace view

Learn more →

Monitoring

Set up agent monitoring

Learn more →

Compliance

Configure compliance policies

Learn more →

Getting Started

Quick start guide for new workspace setup

Learn more →