Today we are introducing Vercel for Enterprise Apps and Agents, a platform that gives your entire company the ability to ship with AI safely, behind your access and security boundaries.
Over the past year, employees across Vercel shipped hundreds of agents and internal apps. Getting to production was the easy part, because we built them with eve on top of the Agent Stack and deployed them on Vercel.
The difficult questions came after those agents were being used by our employees across the company:
Who is allowed to use each agent?
How do we keep internal agents internal?
Which data and systems are agents allowed to touch?
Which models are agents using, and how much are they costing us?
Link to headingVercel for Enterprise Apps and Agents
We built Enterprise Apps and Agents to answer these questions for ourselves. It makes ownership, access, and security the defaults your builders inherit instead of the projects your platform team queues.
Link to headingVercel Passport: Keep internal apps and agents internal
The first agents we built were internal tools for our employees, not our end users, and that's a common starting point for many of our customers.
Vercel is the fastest way to publish software to the web, but that previously meant "internal" was a setting someone had to configure on every project. One employee forgetting to make one deployment private risked exposing access to sensitive company systems and data.
Vercel Passport puts every internal app and agent behind your identity provider by default, so you can control access with Okta, Microsoft Entra, Auth0, or any other OpenID Connect-compatible provider.
App and agent deployments are private from the moment they exist, access is authenticated against your employee identity, every entry is auditable, and admins set the policy centrally rather than relying on each builder to configure it correctly.
Link to headingVercel Connect: Give agents secure access to your systems
Passport governs who can access internal agents, but just as the employees who use them do, those agents need access to your data and systems. That business context makes them both useful and dangerous, because most agents are given long-lived credentials, sitting in environment variables, provisioned for everything the agent might need to do.
Vercel Connect consolidates OAuth, OIDC, and secret injection into one product that replaces those static keys. Instead of storing a secret, an agent requests short-lived credentials as it works. Tokens are granted per task rather than once and forever, and expire when the task is complete. Connect provides agents with secure access to Slack, GitHub, Snowflake, Salesforce, and Linear, as well as other systems accessible via OAuth or API.
Link to headingEnterprise Managed Users: Manage every builder from your identity provider
When everyone in the company is a builder, account sprawl is a silent failure mode. Seats appear to have been provisioned by no one, access lingers after someone changes teams or leaves, and there is no single record of who did what across the entire platform.
Enterprise Managed Users gives administrators full lifecycle control over every builder using Vercel. Built on SAML SSO and Directory Sync, it provisions seats automatically through your existing directory, so an account exists the moment your identity provider says it should and off-boarding removes access the moment the directory does.
Group-based access controls, deployment protection, and MFA enforcement on Vercel apply org-wide, and every action lands in a single audit trail. The identity system your company already runs, whether it is Okta or another SAML or OIDC provider, can now govern Vercel and v0, too.
Enterprise Managed Users is in Private Beta.
Link to headingDemocratize data with v0 and Snowflake
v0 is Vercel's AI app builder. You describe what you want, and it generates a working application. v0 now connects to Snowflake, so you can let anyone safely build data apps backed by your warehouse without an engineering ticket. Access to v0 and Snowflake is controlled through your IDP, so data stays internal. You decide who gets a seat, and apps can deploy directly to your Snowflake account.
Link to headingBring your own cloud on AWS
For large enterprise companies, the boundary question goes past private deployments. The workloads themselves have to run on infrastructure they control, inside an account the security team owns and audits.
With bring your own cloud (BYOC) on AWS, your compute, build artifacts, and run data inside your own AWS account and VPC, and Vercel runs the control plane on top of it. Your apps and agents reach private backends and internal systems the same way anything else in your AWS account does, and your source code never leaves your CI.
BYOC on AWS means your engineers keep the Vercel developer experience, and your security team keeps the network controls, audit evidence, and account it already owns. Bring your own cloud is in Private Beta on AWS.
Link to headingShip at the speed of AI, safely
Traditionally, ideas died in security review for good reason: the risk of a data breach wasn't worth the potential gain of innovation. Vercel Enterprise Apps and Agents builds safety controls into the platform and tools themelseves, meaning everyone in your company can ship apps and agents at the speed of their ideas, without your CISO losing sleep.
This is what building looks like when the safe path is the default:
Secure prototyping at scale: Anyone in the company can prototype with v0 on governed rails, so experimentation stops being a security exception and becomes the default way to explore work.
Domain experts building their own tools: The people closest to a problem build the thing that solves it instead of filing a ticket and waiting a quarter for someone else to.
An immediate graduation path to production: When a prototype proves it matters, engineering takes it into production on the same platform it was prototyped on, rather than rebuilding it from scratch or banning it outright.
Link to headingFAQ
What is Vercel for Enterprise Apps and Agents?
It is the platform for deploying, governing, and connecting the apps and agents your employees build, across the whole organization. It brings ownership, access control, identity, and security to everything your company ships, whether someone prototyped it in v0 or an engineering team built it from the ground up. The platform includes Vercel Passport, Vercel Connect, Enterprise Managed Users, and the option to run inside your own AWS account.
Do I need to use a particular framework to use Passport, Connect, and Enterprise Managed Users?
No. Passport, Connect, and Enterprise Managed Users govern anything you deploy to Vercel, regardless of how it was built. They apply to your existing projects the same way they apply to new ones.
Which identity providers and external services are supported?
Enterprise Managed Users works with Okta and any SAML or OIDC identity provider. Vercel Connect gives agents secure access to Slack, GitHub, Snowflake, Salesforce, and Linear, plus anything else reachable over OAuth or an API.
What is available today?
Vercel Passport and Vercel Connect are in Beta. Enterprise Managed Users and BYOC on AWS are in Private Beta.