Run the approval workflow

Steps

1. 1First-time setup: go to /settings/policies and confirm which models employees are allowed to request. The default allowlist covers the major models; tighten it if your compliance team has banned anything.
2. 2Share the public request URL — /settings/links — with your team. Anyone with the link can submit a request without logging in.
3. 3An employee opens the link, describes the workload (e.g. 'Summarise customer support tickets'), and submits.
4. 4GreyScape's AI advisor scopes it — recommended model, estimated tokens/month, estimated $/month. The submitter sees this in real time.
5. 5The request lands at /finance/requests for admin review. Approve, reject, or send back with questions.
6. 6On approval: a service-account key is auto-provisioned on the right provider (OpenAI/Anthropic), scoped to the recommended model, with a budget cap. The submitter gets the key via email with one-time-view delivery.
7. 7Every step audit-logged at /settings/audit.

Watch-outs

• Auto-provisioning needs an admin key on file for the right provider. Without it, requests are approved manually and the requester gets a 'key will follow' note.
• The AI advisor is best-effort — it can recommend the wrong model if the workload description is vague. Encourage submitters to write 1-2 sentences of context.
• Approval routing into ServiceNow / Jira / Teams is a Pro-tier feature ('Coming soon'). For now, approvals happen inside GreyScape.