Tenet keeps the record when people don’t.

How Tenet works

What does event-driven lifecycle orchestration actually do?

Frequently asked

Questions VP People, CIOs, and CISOs ask before signing

How is Tenet different from Stitchflow?

Tenet is built for the 500-5,000 employee mid-market with shadow-AI discovery and state-privacy audit trails as first-class capabilities, priced for dept-head purchase ($500-2,000/mo entry), while Stitchflow is moving upmarket with an IT-first UX and enterprise pricing. Both orchestrate SaaS lifecycle across HRIS and IAM, but Tenet's spine is the audit line — every provision, revocation, and shadow-AI tool detection produces a record a state-privacy regulator can read, and VP People + CISO share one view instead of Stitchflow's IT-centric console.

What is the smallest company that actually needs Tenet?

Roughly 100 employees with more than 20 SaaS apps per person, or any company where an employee departure triggers a manual checklist across more than 5 systems. Below that threshold, spreadsheets still scale. Above it, the probability of a 90-day-old ghost account rises sharply, and that single ghost account is the fact pattern every state-privacy and EU AI Act audit begins with.

Does Tenet work with my HRIS — Rippling, BambooHR, Workday, or Gusto?

Yes, Tenet reads lifecycle events from Rippling, BambooHR, Workday, and Gusto at launch, with ADP, Deel, Justworks, and UKG on the 2026 roadmap. Tenet is designed as the unbundled orchestration layer that sits above your HRIS — you do not switch HRIS to adopt Tenet, and Tenet never tries to replace payroll, benefits, or time tracking. HRIS stays your system of record for people; Tenet becomes your system of record for what those people can access.

How does Tenet's shadow-AI audit trail satisfy EU AI Act and state privacy law requirements?

Tenet records every shadow-AI tool discovered in employee workflows, every provisioning and revocation event, and every policy decision as an immutable audit entry in a format that exports to the evidence templates expected under EU AI Act (effective August 2026), ISO 42001, NIST AI RMF, and state privacy laws including CCPA-CT and CPRA. The audit format is citizen-request-ready — when a former employee exercises access or deletion rights, Tenet produces the per-subject trail in minutes instead of the week most orgs currently budget. Regulated customers can also export to their existing GRC tooling (Vanta, Drata, Secureframe) via webhook.

Why not just use Okta Workflows to build this ourselves?

Okta Workflows is a toolkit; Tenet is a product. Teams that build lifecycle orchestration on top of Okta Workflows typically dedicate one to three IAM engineers to ongoing maintenance — and the flows still do not produce shadow-AI discovery, state-privacy audit formats, or a VP People view out of the box. Tenet plugs into Okta (reading SCIM, writing back provisioning) without replacing it, so existing Okta investment stays productive while the custom flows get retired over 30 to 60 days.

How does Tenet secure the access tokens it holds for our 40+ SaaS apps?

Tenet stores OAuth and API credentials in a per-tenant encrypted vault (AES-256 at rest, TLS 1.3 in transit), with every credential scoped to the minimum permission the integration requires and rotated on customer-configurable schedules. The platform is SOC 2 Type II (audit in progress, expected Q3 2026), runs on SOC-2-compliant cloud infrastructure, and isolates tenant data at the database and object-storage layer so a single-tenant compromise cannot cross into another customer. No customer employee PII is used to train models, and full penetration test reports are available under NDA for buyers in diligence.

What does Tenet cost, and why is the wedge priced at $500-1,000/mo?

Entry pricing starts at $500/mo for up to 100 employees (offboarding-only wedge), $1,000/mo for 100-500 employees (offboarding + provisioning across 10 apps), and scales to $2,000-5,000/mo for the 500-5,000 employee full-lifecycle tier. The offboarding-only entry price is deliberately positioned below the discretionary budget threshold for a VP People or CISO, so adoption does not require a full procurement cycle — most customers expand into the full-lifecycle tier within 90 days once the audit value becomes visible. Enterprise tier (5,000+ employees) is quoted based on scope.

When should a company NOT buy Tenet?

Skip Tenet if you have fewer than 100 employees, use fewer than 10 SaaS apps per person, and have no upcoming state-privacy or AI-governance audit on the horizon — a spreadsheet with a 30-day review cadence still works at that scale. Also skip Tenet if your org has already committed to a full SailPoint IGA rollout with dedicated identity engineering; Tenet does not compete with enterprise IGA, it fills the mid-market gap where IGA is overkill and spreadsheets are under-built. Tenet's sweet spot is the 500-5,000 employee band where shadow AI, layoff-cycle ghost accounts, and state privacy laws all hit at once.