Skip to main content

Internal User Self-Serve

Allow users to create their own keys on Proxy UI.​

  1. Add user with permissions to a team on proxy

Go to Internal Users -> +New User

  1. Share invitation link with user

Copy the invitation link with the user

info

Use Email Notifications to email users onboarding links

  1. User logs in via email + password auth
info

LiteLLM Enterprise: Enable SSO login

  1. User can now create their own keys

Allow users to View Usage, Caching Analytics​

  1. Go to Internal Users -> +Invite User

Set their role to Admin Viewer - this means they can only view usage, caching analytics


  1. Share invitation link with user

  1. User logs in via email + password auth

  1. User can now view Usage, Caching Analytics

Available Roles​

Here's the available UI roles for a LiteLLM Internal User:

Admin Roles:

  • proxy_admin: admin over the platform
  • proxy_admin_viewer: can login, view all keys, view all spend. Cannot create/delete keys, add new users.

Internal User Roles:

  • internal_user: can login, view/create/delete their own keys, view their spend. Cannot add new users.
  • internal_user_viewer: can login, view their own keys, view their own spend. Cannot create/delete keys, add new users.

Advanced​

Setting custom logout URLs​

Set PROXY_LOGOUT_URL in your .env if you want users to get redirected to a specific URL when they click logout

export PROXY_LOGOUT_URL="https://www.google.com"

Set max budget for internal users​

Automatically apply budget per internal user when they sign up. By default the table will be checked every 10 minutes, for users to reset. To modify this, see this

litellm_settings:
  max_internal_user_budget: 10
  internal_user_budget_duration: "1mo" # reset every month

This sets a max budget of $10 USD for internal users when they sign up.

This budget only applies to personal keys created by that user - seen under Default Team on the UI.

This budget does not apply to keys created under non-default teams.

Set max budget for teams​

Go Here

All Settings for Self Serve / SSO Flow​

litellm_settings:
  max_internal_user_budget: 10        # max budget for internal users
  internal_user_budget_duration: "1mo" # reset every month

  default_internal_user_params:    # Default Params used when a new user signs in Via SSO
    user_role: "internal_user"     # one of "internal_user", "internal_user_viewer", "proxy_admin", "proxy_admin_viewer". New SSO users not in litellm will be created as this user
    max_budget: 100                # Optional[float], optional): $100 budget for a new SSO sign in user
    budget_duration: 30d           # Optional[str], optional): 30 days budget_duration for a new SSO sign in user
    models: ["gpt-3.5-turbo"]      # Optional[List[str]], optional): models to be used by a new SSO sign in user


  upperbound_key_generate_params:    # Upperbound for /key/generate requests when self-serve flow is on
    max_budget: 100 # Optional[float], optional): upperbound of $100, for all /key/generate requests
    budget_duration: "10d" # Optional[str], optional): upperbound of 10 days for budget_duration values
    duration: "30d" # Optional[str], optional): upperbound of 30 days for all /key/generate requests
    max_parallel_requests: 1000 # (Optional[int], optional): Max number of requests that can be made in parallel. Defaults to None.
    tpm_limit: 1000 #(Optional[int], optional): Tpm limit. Defaults to None.
    rpm_limit: 1000 #(Optional[int], optional): Rpm limit. Defaults to None.

  key_generation_settings: # Restricts who can generate keys. [Further docs](./virtual_keys.md#restricting-key-generation)
    team_key_generation:
      allowed_team_member_roles: ["admin"]
    personal_key_generation: # maps to 'Default Team' on UI 
      allowed_user_roles: ["proxy_admin"]