AssetZentri · For IT, Security, Finance & ESG Leadership

The problems your tools can't see — solved on one governed record.

Most platforms hand you another dashboard. AssetZentri unifies every asset — hardware to LLMs — into one authoritative record, then reads it through six governance lenses and acts on what it finds. This guide is organised around the problems each domain solves, the value it returns, and the five operating principles it runs on.

See how it works Book a demo
The platform at a glance

Six governed domains. One record. One engine that acts.

Every domain reads from the same authoritative asset record — so a fix in one is evidence in another. The core strength is asset management and the governance layers built on it.

Domain 01 CORE

Asset Management

One registry for hardware, software, peripherals, cloud & AI — lifecycle, custody, SAM reconciliation and a live fleet map.

HardwareSoftwareSoftware IntelligenceSAMDevice Mapping
Domain 02 NEW

AI & LLM Governance

Approve, budget & bill the providers, models, agents & keys you consume — with token budgets that enforce themselves.

LLM ProvidersAI ModelsAPI KeysAI AgentsToken Budgets
Domain 03

SaaS & Spend

Discover every SaaS app, track subscriptions & contracts, allocate to the GL, and recover 15–25% of wasted licences.

SaaS DiscoverySubscriptionsSpend DashboardGL SyncRenewals
Domain 04 CORE

Identity & Access

Reviews, just-in-time access, SoD, privilege drift & a one-click kill switch — full IGA, no separate suite.

Access ReviewsJITSoDPrivilege DriftKill Switch
Domain 05 CORE

Compliance & GRC

Continuous, evidence-backed compliance across frameworks incl. India DPDP, SEBI, RBI & IRDAI, with cross-mapping.

FrameworksEvidenceFindingsCross-FrameworkAudit Logs
Domain 06

Vendor & Contract

Vendor registry, contract repository, and AI that reads the fine print — scoring T&C risk 0–100 with renewal briefs.

Vendor RegistryContractsT&C ScannerRenewal BriefsBreach Feed
The engine ZentriPulse reads across all six domains and turns findings into action — detect → propose → approve → execute → log. Beyond the six lenses sit Sustainability & ESG, an asset-linked Tickets desk, and multi-tenant MSP controls.
How AssetZentri works

Five operating principles

Every feature in this guide is an expression of these five tenets. They are what make the value statements that follow true — not slogans, but the way the platform is built.

01

One record, every lens

Priority-based dedup merges 15+ sources into a single authoritative asset. All six domains read the same atom, so work done once counts everywhere.

1,760 assets · 2,339 device-software links · 0 parallel spreadsheets
02

See what no single log shows

Five-channel discovery — agent, IdP, network, email/OAuth, browser — surfaces the shadow estate SSO alone misses, including shadow AI.

2,325 apps cataloged · 598 SaaS · 2,306 pending the SSO never reported
03

Record → action

ZentriPulse doesn't just flag. It proposes the fix and, on your approval, executes it in a sandbox and logs it. A system of action, not another alert.

detect → propose → approve → execute → log
04

Govern by construction

Every change is HMAC-signed and immutable; SAM runs nightly; ToS acceptance and AI calls land on an append-only ledger; evidence maps across frameworks.

cross-framework mapping · auto-evidence · nightly reconciliation runs
05

Sovereign by default

India-first frameworks alongside the global ones; per-tenant self-hosted LLM keeps data in-boundary; shared benchmarks are k-anonymous by design.

SEBI · RBI · IRDAI · DPDP · in-boundary LLM · k-anonymity k≥10
Domain 01 · Asset Management CORE

You can't govern, cost or secure what you can't count.

Assets are scattered across Intune, Azure AD, JumpCloud, OpenAudit and spreadsheets that disagree. AssetZentri makes one authoritative record per asset — hardware to LLMs — then proves your licence position and surfaces the spend to reclaim.

HardwareSoftwareSoftware IntelligenceSAM ReconciliationSoftware-Device MappingPeripheralsOthersEnrollment Tokens
Problems → value

What it solves for IT

The problem
Intune says one thing, Azure AD another, the spreadsheet a third — nobody can give the board one number they trust.
What AssetZentri does
Priority-based dedup merges 15+ sources into one record per asset, the most authoritative source winning per field — the estate becomes 1,760 assets with 0 conflicts.
Unified Registry · Discovery & Sync
The problem
You pay for software nobody runs and can't prove your licence position — an audit finds shelfware and under-licensing at once.
What AssetZentri does
SAM Reconciliation runs nightly (1,400+ items/run), true-ups entitlements to real installs, and quantifies 1,536 under-licensed items and $116,950 of risk — plus the 15–25% to reclaim.
SAM Reconciliation Engine
The problem
You know a title is installed but not what's inside it — which CVEs it carries, whether it's past end-of-life, when it renews.
What AssetZentri does
Software Intelligence normalises 2,325 products, matches SBOM, CVE and EOL, and tracks renewals to the day — "3 expiring within 30 days", with -37d overdue badges.
Software Intelligence · Software-Device Mapping
1,760
Assets on one record
Deduplicated from every source — one number anyone can quote.
15+
Discovery sources
Agent, MDM, IdP, network, email, browser — no rip-and-replace.
$116,950
Licence risk surfaced
Under-licensed exposure quantified by the SAM engine.
2,339
Software-device links
Every install mapped; 8 approved, 1,716 under review.
Principles at work01 · One record02 · See what's hidden04 · Govern by construction

Figures are from a representative reference tenant shown in-product — replace with your own before publishing.

Domain 02 · AI & LLM Governance NEW

Treat AI like an asset — tracked, budgeted, accountable.

LLM keys get spun up with no owner or risk class, AI spend runs unbounded, and autonomous agents act with permissions nobody records. AssetZentri governs the AI you consume as tracked assets — with budgets that enforce themselves.

LLM ProvidersAI ModelsAPI KeysAI AgentsToken BudgetsBilling Sync
Problems → value

What it solves for AI & platform owners

The problem
Teams provision providers, models and keys with no inventory, owner or risk class — nobody can say what AI touches your data.
What AssetZentri does
Registers every provider, model, agent and key. Models carry a risk classification and data-access policy; keys get a full lifecycle — provision → rotate → expire → revoke.
LLM Providers · AI Models · API Keys
The problem
AI spend is unbounded and unattributed — the first time you notice is the bill, with no idea which team caused it.
What AssetZentri does
Token Budgets set quotas per team, project or agent; BudgetGuard auto-downgrades or freezes at the cap; Billing Sync imports real usage from OpenAI, Anthropic, AWS, Azure, Google.
Token Budgets · BudgetGuard · Billing Sync
The problem
Regulated data can't be shipped to public APIs, and "trust us" isn't an audit answer for what the AI decided.
What AssetZentri does
The AI Agents inventory tracks permissions, risk levels and lifecycle; a per-tenant self-hosted LLM keeps data in-boundary; every AI decision lands on an append-only ledger.
AI Agents · Per-tenant LLM · Ledger
Every
Provider, model, agent, key
One registry for all AI assets, with risk class and lifecycle.
Auto
Spend enforcement
BudgetGuard caps the bill per user and asset before the call goes out.
5
Billing sources synced
OpenAI, Anthropic, AWS, Azure, Google — reconciled.
100%
Decisions traceable
Every AI action on an append-only ledger.
Principles at work01 · One record04 · Govern by construction05 · Sovereign by default
Domain 03 · SaaS & Spend

Find every app, manage every contract, recover the waste.

Half your SaaS never touches SSO, seats sit unused, spend is invisible to finance, and contracts auto-renew before anyone checks. AssetZentri discovers the full SaaS estate and turns it into a managed, GL-aligned spend you can cut.

SaaS DiscoverySaaS CatalogSubscriptionsContractsSpend DashboardGL / Accounting SyncRenewal Briefs
Problems → value

What it solves for finance & IT ops

The problem
You can only govern what SSO sees — and most SaaS never gets there. Shadow apps grow invisibly until one is a problem.
What AssetZentri does
Five-channel discovery surfaced 598 SaaS apps and a 2,306-deep pending queue (OpenAI, Atlassian, Ngrok…) — each risk-scored to approve, ignore or reject.
SaaS Discovery · Shadow IT
The problem
Duplicate tools, unused seats and over-provisioned plans bleed budget — and finance can't see it by department.
What AssetZentri does
Surfaces unused/duplicate apps and right-sizes them to recover 15–25% of spend; the Spend Dashboard tracks $2,089,250 with budget-vs-actual and GL allocation for finance.
Spend Dashboard · License Optimization · GL Sync
The problem
A contract auto-renews next Tuesday on terms nobody re-read, and you've lost the leverage to renegotiate.
What AssetZentri does
Renewal Briefs flag everything expiring in 30 days with the usage to renegotiate from, and subscription tracking catches tier changes automatically.
Renewal Briefs · Subscriptions · Contracts
598
SaaS apps discovered
Across 5 channels — the estate SSO-only tooling never sees.
15–25%
Spend recoverable
From unused, duplicate and over-provisioned licences.
$2.09M
Spend under management
Tracked, GL-allocated, budget-vs-actual.
30-day
Renewal radar
No auto-renewal sneaks through unreviewed.
Principles at work02 · See what's hidden03 · Record → action04 · Govern by construction

Figures are from a representative reference tenant shown in-product — replace with your own before publishing.

Domain 04 · Identity & Access CORE

Least privilege, enforced — and a kill switch for the worst day.

Standing admin rights accumulate, leavers keep access for days, and reviews are rebuilt from spreadsheets every cycle. AssetZentri delivers full identity governance from the same record — no separate IGA suite.

IdP IntegrationAccess ReviewsAccess RequestsJust-in-TimeSoDPrivilege DriftAnomaly DetectionKill SwitchOffboarding
Problems → value

What it solves for security & the CISO

The problem
Standing admin rights pile up, toxic combinations go unnoticed, and privilege creep is invisible until an incident.
What AssetZentri does
Enforces just-in-time access, SoD rules and privilege-drift detection (0 violations, 0 drift when clean), with peer-group anomaly detection on top.
JIT · SoD · Privilege Drift · Anomaly Detection
The problem
Offboarding leaves orphaned grants for days, and access-review certification is a spreadsheet chore every audit.
What AssetZentri does
Playbook offboarding revokes in parallel — minutes not hours; access reviews certify in days not weeks with AI-assisted suggestions and auto-revocation.
Offboarding Automation · Access Reviews
The problem
When something goes wrong, you need to cut access everywhere at once — and most tools can't.
What AssetZentri does
A one-click kill switch revokes across all connected IdPs, OAuth tokens and SaaS in parallel, with an impact preview — plus time-boxed break-glass access.
Kill Switch · Break-glass
JIT
+ SoD + drift
Full IGA without buying a separate identity suite.
Days
Not weeks — access reviews
AI-assisted certification with auto-revocation.
Minutes
Not hours — offboarding
Parallel revocation across every connected system.
1-click
Kill switch
Emergency revocation across HW, SaaS and IdP at once.
Principles at work02 · See what's hidden03 · Record → action04 · Govern by construction
Domain 05 · Compliance & GRC CORE

Stop rebuilding the audit. Prove it continuously.

A Western, point-in-time baseline doesn't satisfy Indian regulators, and evidence collected for one framework is wasted on the next. AssetZentri monitors controls continuously and maps one evidence set across every framework you answer to.

FrameworksFindingsEvidenceCross-FrameworkAudit LogsReportsStakeholder ReportsGovernance Map
Problems → value

What it solves for compliance & GRC

The problem
Indian regulators expect sovereign, continuous controls — a borderless SOC 2 baseline doesn't cover SEBI, RBI, IRDAI or DPDP.
What AssetZentri does
Continuous monitoring across 6 frameworks incl. SEBI, RBI, IRDAI and DPDP alongside the global standards — sovereign by default, not bolted on.
Frameworks · Compliance Score
The problem
Every audit is rebuilt from scratch in spreadsheets, and evidence gathered for one framework can't be reused for the next.
What AssetZentri does
Auto-collected Evidence attaches to controls; Cross-Framework mapping lets you prove once and count everywhere; Findings track gaps to resolution.
Evidence · Findings · Cross-Framework
The problem
You can't prove a control wasn't tampered with, and there's no clean before/after trail of who changed what.
What AssetZentri does
HMAC-signed, immutable Audit Logs capture every change with before/after values; Reports and Stakeholder Reports turn it into audit- and board-ready output.
Audit Logs · Reports · Governance Map
6
Frameworks, India-ready
SEBI, RBI, IRDAI, DPDP alongside global standards.
Continuous
Not point-in-time
Controls monitored as you operate, evidence collected live.
Once
Prove, count everywhere
Cross-framework mapping removes duplicate audit work.
HMAC
Signed, immutable logs
Tamper-evident records with before/after values.
Principles at work02 · See what's hidden04 · Govern by construction05 · Sovereign by default
Domain 06 · Vendor & Contract

Nobody reads the 40-page T&C. AssetZentri's AI does.

Contracts auto-renew on terms no one read, vendor exposure is invisible until a breach, and agreements are scattered across inboxes. This domain scores the fine print, watches for breaches, and keeps every contract in one place.

Vendor RegistryContract RepositoryT&C Risk ScannerRenewal BriefsBreach FeedVendor SpendPolicy Comparison
Problems → value

What it solves for procurement & risk

The problem
No one reads the terms of service, so you don't know which vendor owns your data or can change terms unilaterally.
What AssetZentri does
The T&C Risk Scanner reads the fine print and scores each vendor 0–100 across data ownership, sharing, termination and liability — flagging 7 high-risk apps in this estate.
T&C Risk Scanner · Policy Comparison
The problem
Contracts live in inboxes, renew silently, and you've no view of total vendor exposure or recent breaches.
What AssetZentri does
A contract repository with version history, Renewal Briefs that prevent costly auto-renewals, and breach-feed monitoring that tells you the moment a vendor is compromised.
Contract Repository · Renewal Briefs · Breach Feed
The problem
You negotiate blind — no consolidated view of who you buy from or how much each relationship costs.
What AssetZentri does
A vendor registry ties each vendor to its products, relationship status and spend analysis — leverage for the next negotiation, all from the same record.
Vendor Registry · Vendor Spend
0–100
T&C risk score
AI-read across ownership, sharing, termination, liability.
7
High-risk apps flagged
Risky contract terms surfaced before they bite.
Live
Breach-feed monitoring
Know the moment a vendor is compromised.
One
Contract repository
Versioned, searchable, renewal-aware.
Principles at work02 · See what's hidden03 · Record → action04 · Govern by construction

Figures are from a representative reference tenant shown in-product — replace with your own before publishing.

Beyond the six lenses

Sustainability & ESG — from the same inventory

The record that governs IT also defends your ESG numbers — Scope 3 carbon, certified disposal and disclosure packs that reconcile, with no second dataset.

The problem
Scope 3 IT carbon is estimated on spreadsheets with no provenance — it won't survive assurance.
What AssetZentri does
Carbon Accounting computes stacked Scope 3 CO₂e by asset class (use-phase, waste, SaaS) — every number carries its source, confidence and pinned assumption-set version.
Carbon Accounting
The problem
Retired hardware walks out carrying data and disposal liability, with no certificate trail.
What AssetZentri does
E-Waste & Disposal logs each disposal with a wipe certificate and recycling rate; the Disposal Marketplace matches assets to certified partners and auto-attaches the certificate (e.g. C3-2026-123).
E-Waste & Disposal · Disposal Marketplace
The problem
CSRD, GRI, SEC, TCFD and an insurer's risk file each seem to need their own dataset — and the numbers never agree.
What AssetZentri does
Framework Reports generate CSRD/ESRS, GRI, SEC, TCFD, ISO 14001 from one canonical dataset; Insurance Export ships a per-asset risk dataset; Market Intel shares only k-anonymous aggregates (k≥10).
Framework Reports · Insurance Export · Market Intel
The engine across all six domains

ZentriPulse turns the record into resolution.

Legacy tools stop at the alert. Because ZentriPulse reads one complete record across all six domains, it ranks the risks and savings that matter — then closes the loop, with you in control at every step.

01 Detect

Cross-domain

A signal no single tool sees — an unused licence on a device with a risky T&C and an orphaned grant.

02 Propose

Drafts the fix

Ranks it by cost and risk and drafts the remediation — reclaim, revoke, rotate, renegotiate.

03 Approve

You decide

Nothing acts alone. You approve, defer or dismiss — human-in-the-loop by design.

04 Execute

Sandboxed

On approval, caged agents carry it out behind in-boundary LLMs and a kill switch.

05 Log

Append-only

Every action recorded immutably — instant evidence for the next audit.

Human-in-the-loop kill switch Per-tenant / self-hosted LLM Append-only audit ledger · BudgetGuard
The same record powers the day-to-day

And it runs the desk, too

Tickets

An asset-linked service desk — tickets auto-collect system info (hostname, serial, OS, model) and tie to the device, so every issue already knows its context.

MSP & multi-tenant

Row-level tenant isolation, automated provisioning and per-tenant config let MSPs serve every client from one console — no per-client tool stack.

Zero-trust foundation

mTLS device identity, field-level encryption, 5-tier RBAC and TOTP MFA — the platform is built to the controls it audits you against.

See it on your estate

One record. Six lenses. Then it solves itself.

The fastest way to understand AssetZentri is to connect the tools you already run, watch the registry build itself, and see ZentriPulse rank what to fix first.

Book a demo Explore the platform