> ## Documentation Index
> Fetch the complete documentation index at: https://docs.oriant.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage AI tools with sanction state | Oriant

> Use sanction state to monitor, approve, or block each detected AI provider.

Open **AI Tools** to review the AI providers Oriant has detected for your
organization. Each provider has one sanction state; that state is the policy.
The list includes catalogued providers with activity and providers available in
the catalog before they have been observed on your fleet.

| State            | Behavior                                                         |
| ---------------- | ---------------------------------------------------------------- |
| **Unsanctioned** | The provider is monitored and traffic is allowed.                |
| **Sanctioned**   | The provider is approved and traffic is allowed.                 |
| **Blocked**      | The Agent rejects new HTTPS connections to the provider locally. |

Changes take effect when connected Agents refresh their configuration, normally
within about one minute. A blocked connection is recorded as a metadata rollup
with zero relayed bytes. The client application usually reports the rejected
connection as a network error.

<Note>
  Oriant does not have a separate policy editor. Set the provider's sanction state
  directly in **AI Tools**.
</Note>

## What the dashboard shows

Each provider row shows its name, user count, request count, latest activity,
recent activity by day, and blocked-attempt count. Use the three-state control
on the row to change the provider's policy. The **Users** view groups the same
rollups by stamped identity, so you can see which people reached each provider.

Blocked enforcement happens in the endpoint Agent. Oriant does not inspect or
rewrite the provider's page; the client application reports the rejected
connection as a network error.
