PlainID’s LangChain Authorizer brings policy-based decisioning to each stage of the LLM workflow, enabling you to restrict which prompts users are allowed to submit, control which documents users are authorized to retrieve from vector stores and Redact sensitive output fields based on dynamic entitlements.
By externalizing access decisions into PlainID’s centralized Policy framework, enterprises can maintain consistency with existing security and compliance practices without hardcoding rules into the application.
Ensure your PlainID Environment supports Policies that enforce prompt evaluation, data access, and output redaction before beginning. For a complete walkthrough example, including a guide on how to set up these Policies, see the LangChain Authorizer Use-case.
Refer to our overview of the Langchain Authorizer for more information.
Follow these steps to implement the PlainID Langchain Authorizer in your AgenticAI Application:
PlainIDPermissionsProvider
- Use the PlainIDPermissionsProvider to retrieve user entitlements and expose them to guardrail components in your LangChain workflow. This enables Policy-based filtering and output redaction based on user identity and context.
PlainIDPermissionsProvider is a class retrieves user entitlements from the PlainID Policy Decision Point (PDP) and makes them available to the guardrail components.
from langchain_plainid import PlainIDPermissionsProvider
permissions_provider = PlainIDPermissionsProvider(
base_url="https://plainid.example.com",
client_id="CLIENT_ID",
client_secret="CLIENT_SECRET",
entity_id="USER_ID",
entity_type_id="User"
)
Parameters
| Parameter | Description |
|---|---|
base_url |
The base URL used by the LangChain Authorizer to evaluate Policies. |
clientId |
The Client ID used by the LangChain Authorizer to authenticate with the PlainID. |
clientSecret |
The Client Secret used to authenticate with the PlainID. |
entityId |
The unique identifier of the identity (e.g., user ID) making the LangChain request. |
entityTypeId |
The Identity Template (e.g., User, ServiceAccount) associated with the entityId. Required if a full user object is not provided. |
Note: The Categorizer and Anonymizer components utilize this internally for PlainID integration.
Guardrail 1: Prompt Categorization in PlainID
Before processing a user query, validate whether the user is authorized to ask about the topic by classifying the prompt and checking it against PlainID Policies.
LLM-Based Prompt Classification
The PlainIDCategorizer acts as a pre-query enforcement layer. It uses the LLMCategoryClassifierProvider to map prompts to semantic categories (e.g., billing, security, product_support) using an underlying LLM (e.g., Ollama, OpenAI).
This abstraction supports both local and API-based language models and enables model-agnostic prompt categorization. The resulting category is then validated against the Policies configured in PlainID.
Note: Use high-quality models for more accurate classification results.
To classify the prompt:
2) Set up your language model for prompt classification and response generation.
from langchain_community.llms import Ollama
llm = Ollama(model="llama3", temperature=0)
Note: You can use any supported model, not just LLaMA. Choose one that fits your performance and privacy requirements. The categorization result highlight depends on the LLM used.
- Enforce Prompt Categorization in your application code:
from langchain_plainid.classification import LLMCategoryClassifierProvider
from langchain_plainid import PlainIDCategorizer
# Step 1: Initialize the LLM-based classifier
classifier = LLMCategoryClassifierProvider(llm=my_llm)
# Step 2: Initialize the categorizer
categorizer = PlainIDCategorizer(
classifier_provider=classifier,
permissions_provider=permissions_provider
)
# Step 3: Categorize and authorize the prompt
try:
category = categorizer.invoke(prompt)
print(f"[Gate 1: ALLOWED] Query categorized as '{category}', proceeding.")
except ValueError as e:
print(f"[Gate 1: DENIED] {e}")
print("→ Response:\nYou’re not authorized to ask about these topics.")
Guardrail 2: Defining Access Policies in PlainID
- Define Access Control in PlainID
ThePlainIDRetrieverenforces fine-grained access control during vector store searches by injecting dynamic filters based on user context and PlainID Policies. This prevents unauthorized access to documents, even when results are semantically relevant.
For example, a support analyst located in the EU may only retrieve documents tagged with region=eu-central, even if U.S. documents match the query intent.
LangChain integrates with vector databases such as Chroma, FAISS, and Weaviate to perform semantic searches across embedded documents. These documents must be enriched with structured metadata (e.g., region, topic) to enable Policy-based filtering.
⚠️ Note: LangChain’s query filter translator supports a subset of vector stores. Compatibility should be validated per use case. Tested with Chroma and FAISS.
- Enforce Data Retrieval Filtering (Guardrail 2) in your application code:
from langchain_community.vectorstores import Chroma
from langchain_core.documents import Document
from langchain_core.embeddings import FakeEmbeddings
from langchain_plainid import PlainIDRetriever
from langchain_plainid.providers import PlainIDFilterProvider
# Step 1: Define your vector store
docs = [...] # Pre-tagged documents with metadata like 'region', 'topic'
vector_store = Chroma.from_documents(documents=docs, embedding=FakeEmbeddings())
# Step 2: Initialize the filter provider
filter_provider = PlainIDFilterProvider(
base_url="https://plainid.example.com",
client_id="plainid-client",
client_secret="plainid-client-secret",
entity_id="user-id",
entity_type_id="User"
)
# Step 3: Wrap the retriever with policy enforcement
policy_enforced_retriever = PlainIDRetriever(
vectorstore=vector_store,
filter_provider=filter_provider
)
# Step 4: Execute a query
filtered_docs = policy_enforced_retriever.invoke("Show me outage reports in Europe")
Guardrail 3: Define Output Redaction in PlainID
Prevent unauthorized exposure of sensitive or personally identifiable information (PII) in model-generated responses using the PlainIDAnonymizer. This component masks or encrypts output fields based on user-specific entitlements, even if generated by the model.
The PlainIDAnonymizer inspects the final output and dynamically applies redaction rules—masking or encrypting specified fields—based on Policies defined in PlainID. This acts as a final guardrail, ensuring sensitive content does not reach unauthorized users regardless of what the LLM produces.
- Anonymize Sensitive Output in your application code:
from langchain_plainid import PlainIDAnonymizer
# Initialize the anonymizer with a permissions provider
plainid_anonymizer = PlainIDAnonymizer(
permissions_provider=permissions_provider,
encrypt_key="your_encryption_key" # Optional, only required if using ENCRYPT
)
# Redact sensitive fields in the model's answer
final_output = plainid_anonymizer.invoke(answer)
By integrating the PlainID LangChain Authorizer, developers can implement robust, policy-based access control throughout their AI workflows. This framework ensures that interactions with LLMs and data retrieval processes adhere strictly to defined security and compliance standards, preventing unauthorized access to information and functionalities. The three guardrails—Prompt Categorization, Data Retrieval Filtering, and Output Redaction—provide a comprehensive solution for securing AI applications.
For a practical demonstration of these capabilities and a detailed walkthrough of a real-world implementation, refer to the Langchain Authorizer Use-case documentation .