Who to involve
Dedicated instance administrator
This person will be the primary administrator of your Unstructured account. They handle initial account setup, user management, and day-to-day platform configuration. You will need to provide their name and email address to Unstructured at the start of onboarding.Cloud infrastructure engineer
This person performs the technical configuration required to establish private connectivity between your environment and your dedicated instance. They need hands-on access to your cloud account and the ability to make network and DNS changes. AWS — they may need to be able to:- Create and manage VPC Endpoints and security groups
- Create and configure Route 53 Private Hosted Zones and DNS records
- Create and manage Private Endpoints
- Create and manage Private DNS Zones
IAM or security engineer
If you plan to connect the platform to your data sources — for example, S3 buckets or Azure Blob Storage — someone will need to configure the roles and policies that grant the platform the necessary access. AWS — they may need to be able to:- Create and manage IAM roles and policies
- Update S3 bucket policies if cross-account access is required
- Assign RBAC roles to Unstructured’s service principal on the relevant resources
Security and compliance reviewer
Certain changes required to securely connect your environment to your dedicated instance may require security review or change management approval. Loop this person in early so approvals do not block progress. See What may require security review below. Common titles: Information Security Engineer, Security Architect, Compliance Officer, CISO or delegateWhat to prepare before onboarding
Before onboarding begins, Unstructured will ask you to provide the following information to provision your dedicated instance.| Information Required | Description |
|---|---|
| Name of administrator | Primary administrator of the account (others can be added later) |
| Admin email address | Email address of the primary administrator |
| Cloud provider | AWS or Azure |
| Cloud region | See supported cloud providers and regions |
| Desired URL | With private connectivity: <companyname>.privatelink.unstructuredapp.io — Without private connectivity: <companyname>.unstructuredapp.io |
| VLM provider | Anthropic, Bedrock, OpenAI, Azure OpenAI, etc. |
| VLM models | For example, Claude Sonnet 4.5, GPT-4o, or Gemini 2.0 Flash |
| Embedding models | For example, Titan or Granite. Ensure that you select the correct dimensions. |
| Desired connectors | The data sources and destinations you plan to connect to the platform. This helps Unstructured plan connectivity requirements according to your prioritized use cases. |
What may require security review
The following items commonly require review or change management approval in enterprise organizations. Identify sign-off owners before onboarding starts.| Item | Why it may require review |
|---|---|
| Private endpoint or VPC Endpoint connectivity | Establishing a private network connection to an external account or subscription is a network boundary change that may require network or security team approval. On AWS this involves creating VPC Endpoints; on Azure it involves creating or approving Private Endpoint connections. |
| DNS configuration changes | Adding private hosted zones or modifying DNS records often requires change management approval in regulated environments. |
| IAM or RBAC role changes for data source access | Granting any external system access to storage or data services typically requires security team review. On AWS this involves IAM policy and role changes; on Azure it involves RBAC role assignments to Unstructured’s service principal. |