System AI Credentials
System AI Credentials is the system-level page for managing global AI provider API keys. Credentials added here are scoped to the platform (not to any individual tenant) and serve as fallback providers when a tenant has no AI credentials of its own and the tenant’s AI policy allows fallback to system-level keys. System administrators use this page to add, test, enable, disable, and remove provider credentials for Anthropic, OpenAI, Google, Mistral, Cohere, Meta, and xAI.
This page is distinct from the tenant-level AI credentials page at Settings → AI → AI Credentials — those credentials are scoped to a single tenant. The credentials managed here are platform-wide and affect all tenants simultaneously.
Accessing the Page
Section titled “Accessing the Page”- Route:
/system-ai-credentials - Menu Path: Settings → System → AI Credentials
- Primary audience: System administrators only. Accessed via the system admin login at
system.portal.net— not the tenant portal.
What you can do here
Section titled “What you can do here”- View all configured system-level AI provider credentials displayed as cards with their provider name, enabled status, masked API key, and priority number.
- Add a credential for a new provider and set its API key, priority, and enabled state.
- Edit an existing credential to update its API key, priority, or enabled status. The provider cannot be changed after creation.
- Test a credential to verify the API key is valid and the provider is reachable.
- Delete a credential to permanently remove it from the platform.
- Enable or disable individual credentials without deleting them — disabled credentials are ignored during fallback resolution.
Common tasks
Section titled “Common tasks”- Open Settings → System → AI Credentials at
system.portal.net. - Click Add Credential to open the creation dialog.
- Select the AI provider and enter the API key. Set the priority (lower numbers are tried first) and confirm the enabled toggle is on.
- Click Add to save the credential.
- Click the Test button on the new card to verify the key works. A success notification confirms the credential is valid.
- If a credential needs to be temporarily suspended, click Edit and toggle Enabled to off, then save.
- The API key is never shown in full after saving. The list displays a masked version (e.g.,
sk-...xxxx) for identification. To replace a key, open the edit dialog and enter the new key — leave the field blank to keep the current key unchanged. - Priority determines which provider is selected first during fallback resolution. Lower numbers have higher priority. If two credentials share the same priority, the selection order is undefined.
- Only one credential per provider is allowed at the system level. The provider selector is disabled in edit mode.
- Deleting a system-level credential that is actively serving as a fallback for tenants will cause AI requests from those tenants to fail until a replacement is added or the tenants configure their own credentials.
- Treat these credentials as high-value secrets. They provide AI access for the entire platform. Store the raw keys in an approved secrets vault and never share them outside secure channels.
Creating a System AI Credential
Section titled “Creating a System AI Credential”Click Add Credential in the page header. A dialog opens with fields for the provider, API key, priority, and enabled state.
Fields
Section titled “Fields”| Field | Required | Type | Description | Default | Validation |
|---|---|---|---|---|---|
| Provider | Yes | Select | AI provider: Anthropic (Claude), OpenAI (GPT), Google (Gemini), Mistral AI, Cohere, Meta (Llama), xAI (Grok) | Anthropic (Claude) | One credential per provider; cannot be changed after creation |
| API Key | Yes | Password | Provider API key — stored encrypted; displayed only as a masked value after saving | — | Required on create; leave blank on edit to retain the existing key |
| Priority | No | Number | Provider selection order during fallback — lower numbers are selected first | 0 | 0–999 |
| Enabled | No | Toggle | Whether this credential is active and eligible for fallback use | On | — |
Steps:
- Click Add Credential in the top-right of the page.
- Select the Provider from the dropdown.
- Enter the API Key for that provider.
- Set the Priority if you have multiple providers and want explicit ordering.
- Confirm Enabled is toggled on.
- Click Add. The new credential card appears in the grid.
- Click Test on the card to verify the key is valid.
Editing a System AI Credential
Section titled “Editing a System AI Credential”Click the Edit (pencil icon) button on a credential card. The same dialog opens pre-filled with the current values.
Same fields as Creating. The Provider field is read-only after creation and cannot be changed. Leave the API Key field blank to keep the existing key; enter a new value to replace it.
Deleting a System AI Credential
Section titled “Deleting a System AI Credential”Click the Delete (trash icon) button on the credential card. A confirmation dialog appears before the credential is removed.
![Delete AI Credential confirmation dialog asking 'Are you sure you want to delete the [provider] credential? This action cannot be undone.'](/private-assets/portal-admin/settings/system-ai-credentials-delete-dialog.png)
- Click the Delete button on the target credential card.
- The confirmation dialog shows the provider name and warns that deletion is permanent.
- Click Delete to confirm — the card is removed from the grid and the credential is permanently deleted from the platform.
Note: Deleting a credential that is currently serving as the fallback provider for one or more tenants will break AI features for those tenants until a replacement is configured.
Related Pages
Section titled “Related Pages”- AI Credentials — tenant-level AI credential management (separate from this system-level page)
- AI Model Pricing — per-model pricing rates used when calculating AI usage charges
- Tenant Management — review individual tenant AI policies and whether fallback to system credentials is permitted