Skip to content

Brain for your team.

A shared knowledge base with a built-in MCP server. ChatGPT and Claude read it. Single sign-on, SCIM provisioning, role-based folder access, and a per-team audit log come with it. The same simple product, ready for the company that runs security review on the tools its team adopts.

Talk to us See pricing

Who this is for

Companies past the indie stage where IT or security reviews the tools the team adopts. Small engineering organizations standardizing on a shared AI context. Agencies and consultancies who hold client knowledge and need a clear audit trail. If your team is choosing between Notion-with-MCP and a purpose-built knowledge base, this page is for you.

The four questions a security reviewer asks

Who can sign in. Who can see what. Who provisioned them. What did they do. All four are answered inside the same knowledge base the rest of your team already uses.

Roles and permissions

Every team has owners and members. Owners manage the team, invite people, set defaults, transfer ownership, and read the audit log. Members read, write, and organize the shared folders they have access to. Each folder can also override the team-wide role with its own. Viewer, editor, or admin. The role cascades to every sub-folder unless an inner folder overrides it.

That cascade is what makes it usable on day two. Give the whole team write access to Runbooks. Then tighten Runbooks/Production secrets to a single admin. No rebuilding the folder tree.

Read the teams and sharing docs

SAML single sign-on

Plug Hjarni into any SAML 2.0 identity provider. Okta, Microsoft Entra, Auth0, OneLogin, or your own. Hjarni publishes service-provider metadata at a stable URL. The connector accepts the common attribute name variants for email and name claims. Users are provisioned on first login.

Pin a team to a single email domain if you want. Enforce SSO and password or OAuth logins are refused.

Read the SSO docs

SCIM provisioning

Generate a SCIM 2.0 bearer token from the team settings and hand it to your IdP. Hjarni auto-creates user accounts and adds them to your team when they're assigned the application. Deactivation in the IdP removes the team membership immediately. SCIM Users is fully supported. Filter queries work on userName, externalId, and emails. The token digest is stored, never the token itself. You can rotate it at any time.

Configure SCIM

Team audit log

Notes and folders read, created, updated, moved, or deleted. Members invited, removed, and role-changed. Ownership transferred. Public links toggled. Folder-level instructions updated. The log captures these actions whether they happened in the web app, the REST API, the built-in MCP server, a public-link read, or SCIM provisioning. Folder paths are snapshotted on the event, so the log stays readable even after a folder is renamed or deleted.

The audit log is owner-only. Team members see a disclosure banner so they know it exists.

Read the audit log docs

How a deployment looks

  1. You email us and we turn on SSO, SCIM, and the audit log for your team.
  2. You configure the SAML connection in your IdP using Hjarni's published metadata URL.
  3. You generate a SCIM token in the team settings and paste it into your IdP.
  4. You assign the app to the right groups; users land in Hjarni on first login.
  5. You set team-wide and per-folder roles. The audit log starts recording from day one.

Enabling these features is currently done by us, not a self-serve toggle. Most setups are a single call.

Simple on purpose, even here

  • No on-prem or self-hosted. Hjarni runs as a hosted service. If a self-hosted deployment is a hard requirement, talk to us first.
  • No bundled AI. Your team brings its own ChatGPT or Claude subscription. No per-message billing, no token caps, no AI surprises on the invoice.
  • No SCIM group sync yet. SCIM Users provisioning works today. Group-to-role sync is on the roadmap. For now, roles are set inside Hjarni.
  • No enterprise procurement theater. One contract, one invoice, one URL. The product your engineers see is the product your CFO pays for.

One brain. Every teammate. Every AI.

Everything on the small-teams page still applies. Shared folders that ChatGPT and Claude read. Folder-level AI instructions. A decision log your new hires can ask questions of. SSO, SCIM, roles, and the audit log are not a different product. They are the controls IT signs off on, wrapped around the same knowledge base.

Give your team's AI a memory.

Talk to us See pricing

Common questions

Common questions

How do we turn on SSO, SCIM, and the audit log?

Email evert@hjarni.com from a team owner account. Most teams are set up the same day.

Which identity providers are supported?

Any SAML 2.0 IdP. We have customers on Okta, Microsoft Entra, Auth0, and OneLogin. The SSO docs include the field locations for each.

What's in the audit log?

Note and folder reads, creates, updates, deletes, and moves. Member invites, removals, and role changes. Ownership transfers and public-link changes. The same log captures these whether they came through the web app, the REST API, the MCP server, a public-link read, or SCIM provisioning and deprovisioning.

Does SCIM sync groups to roles?

Not yet. SCIM Users provisioning works today. Group-to-role mapping is on the roadmap. Roles are set inside Hjarni.

Where does Hjarni run?

Hjarni is a hosted service. We don't offer self-hosted today. If it's a hard requirement, talk to us before you commit.

Write once. You both remember.

Free to start. No credit card required.

Give your AI a memory

Works with Claude and ChatGPT today. Gemini coming soon.