System Context

The system context view answers the broadest question: who interacts with Swiss AI Hub, and what external systems does it integrate with? It is C4 Level 1 — the platform appears as a single box, with no internal detail. The point is to draw a clean boundary: everyone and everything that talks to the platform appears here; everything inside it is deferred to the Containers view.

Read it as two rings around the central system. Above are the people who use the platform, each in a distinct role with a distinct surface. Around the edges are the external system categories the platform integrates with — and a key idea of Swiss AI Hub is that these are pluggable capabilities, not fixed vendor choices. The platform ships preconfigured with sensible defaults but federates, routes, or adapts to whatever conforming implementation a customer brings.

Actors

Enterprise User — Any tenant member. Covers both regular users and tenant administrators, who share the same surface (Admin UI + OpenWebUI + Main API) with feature visibility gated by tenant-scoped roles.
System Administrator — Cross-tenant platform admin. Holds the AIHubSysAdmin realm role; uses the separate sysadmin plane (sysadmin.${DOMAIN}) to manage tenants, user-tenant assignments, and platform-level configuration.
Collaboration Channel User — Subset of tenant users who interact with Swiss AI Hub agents from collaboration channels (Slack, Teams, Webex, email) rather than the dedicated web UI.
Platform Operator — Platform DevOps / SRE engineer. Holds the AIHubDeveloper realm role; consumes observability and operational surfaces (Dagster, Langfuse, Attu, Backup, SeaweedFS Filer).

External integrations

Each external box represents a pluggable integration capability, not a specific vendor. The platform ships preconfigured for the examples listed but supports any conforming implementation through its respective gateway / adapter:

Identity Provider — Federated into our Keycloak realm via OIDC/SAML. Examples: Entra ID, Okta, on-prem LDAP/AD, Google, GitHub.
LLM Provider — Configured per-deployment in the internal LiteLLM gateway. All tenants in a deployment share the same model roster. Examples: Swiss LLM Cloud, OpenAI, Anthropic, Azure OpenAI, Gemini.
Document Source — Synced via Rclone (70+ supported backends) or direct integration. Examples: SharePoint (direct MS Graph), OneDrive, Google Drive, Azure Blob, S3, Dropbox.
Collaboration Platform — Routed via the Microsoft Agents SDK. Examples: Slack, Microsoft Teams, Webex, email.
Observability Sink — Customer-managed trace/log receiver via OTEL exporter. Examples: SigNoz, Grafana Cloud, Honeycomb.
Notification Target — One-way alert destination via Apprise (80+ supported targets). Examples: Slack channels, Discord webhooks, email, PagerDuty.
External MCP Tools — Customer-exposed MCP servers consumed by agents as tools. Examples: domain-specific APIs, internal CRMs, ticketing systems.

For deeper integration mechanics, see the Container view where each external category maps to specific containers that bridge it.

Introduction: The Swiss AI Hub Vision

Why Swiss AI Hub

Quick Start: Your First 30 Minutes

Platform Architecture

Deployment Guide

Monitoring & Alerting

Identity Provider Setup

Microsoft Entra ID

Agents

Data pipelines

Knowledge management

Chat Interface

Access Management

Auditing & Observability

Language models

Memory

Multi-tenancy

Slack & Teams Integrations

API

Security

Compliance and regulations

Quick Start

Building Agents

Building Pipelines

Building Processes

Advanced SDK Topics

Features

Contributing

Using AI to Contribute

Certification

API Reference

Troubleshooting

Glossary

Keycloak Configuration

Pipeline

Sources

System Context

Actors

External integrations

Monitoring & Alerting

Identity Provider Setup

Microsoft Entra ID

Sources

System Context ​

Actors ​

External integrations ​

System Context

Actors

External integrations