Keyless employee access to AI providers
Engineers live in coding agents like Claude Code and Codex, backed by Vertex AI and AWS Bedrock. Instead of long-lived API keys that leak into dotfiles and CI secrets, NetBird ties access to groups in your identity provider.

One private endpoint, every provider behind it
Engineers point Claude Code, Codex, or any other agent at a single NetBird base URL.

How it works
Connect your identity provider
NetBird syncs users and groups from Okta, Entra ID, Google Workspace, or any OIDC IdP — your existing org structure becomes the source of truth for who can reach what.
Get a private endpoint
Agent Network gives you a private endpoint inside your network. It's reachable only when users are connected to NetBird and authenticated through your IdP, never from the public internet.
Add your providers behind it
The endpoint is a secure access layer in front of your backends. Add Anthropic, OpenAI, Vertex AI, and Amazon Bedrock — or an existing gateway like LiteLLM. Teams keep using one endpoint while you manage routing centrally.
Authorize by group, not by key
NetBird's policy engine maps groups from your IdP to the providers it may reach. Set token and dollar budgets per policy, and optionally pass user or group identity upstream for full attribution.
Point your agent at the endpoint
Engineers configure Claude Code, Codex, or any other tool with the base URL NetBird provides — no key to paste. They connect, the tunnel opens, and they're working. Remove them from the IdP group and access drops within seconds.
Why engineering teams switch
No keys to leak
Nothing long-lived lands on a laptop, in a dotfile, or in a CI secret. There is no shared key to exfiltrate, and nothing to rotate when someone leaves.
Onboard and offboard instantly
Access follows IdP group membership. Joiners get reach the moment they're in the group; leavers lose it the second they're out — no ticket, no cleanup.
Real attribution
Costs and usage map to people and teams instead of one anonymous key, so you can see who spent what across Claude Code, Codex, Vertex AI, and Bedrock.
Policy and limits in one place
Token and dollar caps, model allow-lists, and audit logging live on the network policy — consistent across every provider, streamed to your SIEM.