Skip to main content
Sign in →
SaaS

SaaS Quickstart

Get ShieldAgent monitoring your AI agents in under 5 minutes — no proxy to deploy, no infrastructure to manage.

01Sign up for ShieldAgent

Create your account at app.shieldagent.io/signup. Your workspace is provisioned instantly — no credit card required to start.

What you get

  • 1 tenant, multiple agents
  • Real-time audit dashboard
  • Pre-built policy templates
  • EU AI Act compliance reports

02Create your first tenant

A tenant is an isolated workspace for a team or project. In the dashboard, go to Settings → Tenants → New Tenant.

Namemy-team
Slugmy-team
RegionEU (default)

You can create multiple tenants to isolate different teams or environments (dev / staging / prod).

03Register your AI agent

Go to Agents → Register Agent. Give it a name and description. ShieldAgent generates an agent key — this is the credential your AI agent will use to authenticate with our proxy endpoint.

Agent namecoding-assistant
DescriptionVS Code Copilot integration
Agent keysa_live_••••••••••••••••

Copy the agent key now — it won't be shown again. You can rotate it any time from the agent settings.

04Point your agent at the ShieldAgent proxy

Update your AI agent's MCP configuration to route through ShieldAgent instead of connecting directly to your MCP server. The SaaS proxy endpoint is shown in the dashboard under Settings → Connection.

mcp-config.json

{
  "mcpServers": {
    "filesystem": {
      "url": "https://proxy.shieldagent.io/mcp",
      "headers": {
        "Authorization": "Bearer sa_live_YOUR_AGENT_KEY",
        "X-Upstream": "https://your-mcp-server.example.com"
      }
    }
  }
}

Replace sa_live_YOUR_AGENT_KEY with the key from Step 03 and X-Upstream with your actual MCP server URL.

05Watch events in the dashboard

As your agent makes tool calls, they appear in real time in the Events tab. Each entry shows:

  • The tool name and arguments (redacted per your DLP policy)
  • The policy decision: ALLOW / DENY / TRANSFORM
  • Risk score and which rule triggered
  • Latency added by the proxy (typically <2 ms)

No setup required — events stream automatically as long as your agent is routing through the proxy.

Deployment Options

ShieldAgent SaaS is the fastest path to protection. Compare with self-hosted options:

FeatureSaaSBYOC / Self-hostedOn-Prem
Setup time< 5 minutes30–60 minutes (Docker)Days (air-gapped)
Data residencyEU region (default)Your VPC / cloudFully on-prem
CustomizationConfig onlyFull (env vars + policy-as-code)Full (source available)
SLA99.9% uptime SLAYour infra SLAYour infra SLA
Pricing modelUsage-basedSelf-run costsContact us

Troubleshooting

Connection refused / ERR_CONNECTION_REFUSED

Cause: Proxy not reachable from your agent.

Fix: Verify your MCP config uses the proxy URL shown under Settings → Connection. Confirm outbound HTTPS to proxy.shieldagent.io on port 443 is allowed by your network.

401 Unauthorized

Cause: Agent key missing, incorrect, or revoked.

Fix: Copy the agent key from Settings → Agents and update the Authorization header in your MCP config. Agent keys are shown once at creation — rotate to get a new one.

Events tab empty after tool calls

Cause: Traffic is not routing through ShieldAgent.

Fix: Confirm your MCP config URL points to the ShieldAgent proxy, not directly to your MCP server. The X-Upstream header must be set to your actual MCP server URL.

Next Steps

Configure Agents

Shadow mode, approved tools, risk thresholds

Write Policies

Allow, deny, and transform rules in the UI

Compliance Reports

Generate EU AI Act / ISO 42001 evidence

Export Audit Trail

SIEM, S3, webhook export options