diff --git a/apps/docs/content/docs/core/enterprise/audit-logs.mdx b/apps/docs/content/docs/core/enterprise/audit-logs.mdx
new file mode 100644
index 0000000..9dbd992
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/audit-logs.mdx
@@ -0,0 +1,44 @@
+---
+title: Audit logs
+description: Track user actions and changes for compliance and security
+---
+
+## What is logged
+
+Typical events include:
+
+- **Authentication** — Logins, logouts, failed attempts, SSO redirects.
+- **Users and access** — User creation, updates, deletion, role changes, invite/revoke.
+- **Resources** — Creation, update, and deletion of projects, applications, compose stacks, databases, domains, environment variables, and similar resources.
+- **Deployments** — Deploy triggers, rollbacks, and related actions.
+- **Settings** — Changes to organization, security, and whitelabel settings (where applicable).
+
+Each entry usually includes:
+
+- **Timestamp** (UTC)
+- **Actor** (user ID, email, or service account)
+- **Action** (e.g. `user.login`, `application.create`, `compose.deploy`)
+- **Resource** (type and identifier)
+- **Details** (e.g. old/new values or reason, when relevant)
+- **IP address** (when available)
+
+## Accessing audit logs
+
+1. Go to **Settings** → **Audit logs** (or **Organization** → **Audit logs** in Enterprise).
+2. Use filters by date range, user, action type, or resource.
+3. Export results (e.g. CSV or JSON) for external tools or compliance reviews.
+
+## Retention and storage
+
+- Retention period and storage backend (e.g. database, external logging) depend on your Enterprise agreement.
+- Configure retention and any archiving according to your compliance and security policies.
+
+## Compliance
+
+Audit logs help support:
+
+- **SOC 2** — Evidence of access control and change management.
+- **GDPR** — Documentation of access to and changes in personal data and configurations.
+- **Internal policies** — Review of who changed what and when.
+
+For retention, export formats, or integration with your SIEM or log pipeline, [contact us](https://dokploy.com/contact).
diff --git a/apps/docs/content/docs/core/enterprise/index.mdx b/apps/docs/content/docs/core/enterprise/index.mdx
new file mode 100644
index 0000000..dea8d39
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/index.mdx
@@ -0,0 +1,21 @@
+---
+title: Introduction
+description: Enterprise features for SSO, whitelabeling, and audit logs
+---
+
+
+## What's included
+
+- **Single Sign-On (SSO)** — Integrate with Auth0, Keycloak, or other OIDC/SAML providers.
+- **Whitelabeling** — Rebrand the UI with your logo, colors, and domain (self-hosted only).
+- **Audit logs** — Track user actions and changes for compliance and security.
+
+More Enterprise features are on the way. [Contact us](https://dokploy.com/contact) if you want early access or have specific requirements.
+
+## Contact us
+
+For pricing and to enable Enterprise features on your instance, get in touch with our team:
+
+**[Contact us →](https://dokploy.com/contact)**
+
+We'll help you configure SSO, whitelabeling, and audit logs for your organization.
diff --git a/apps/docs/content/docs/core/enterprise/license-keys.mdx b/apps/docs/content/docs/core/enterprise/license-keys.mdx
new file mode 100644
index 0000000..e967526
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/license-keys.mdx
@@ -0,0 +1,23 @@
+---
+title: License Keys
+description: Activate and manage your Enterprise license
+---
+
+To use Enterprise features (SSO, whitelabeling, audit logs, and more), you need a valid license issued by the Dokploy team.
+
+By default, all Dokploy instances run in the standard edition. If you are interested in switching to the Enterprise version, [contact us](https://dokploy.com/contact). Once you receive your license key, you can activate it in your instance.
+
+## Activating your license
+
+1. Go to **Settings** → **License** (or **Organization** → **License** in Enterprise).
+2. Enter your license key and click **Activate**.
+
+Your instance will then have access to Enterprise features for the duration of the license.
+
+## How validation works
+
+- The license is validated **every day** against our servers to verify that it is still valid.
+- The **only data** used for validation is the **IP address** of your server. We check it against our license server to confirm that the key is valid and active for that server.
+- No other data is sent or stored for license validation.
+
+If your server’s IP changes, or you have questions about your license, [contact us](https://dokploy.com/contact).
diff --git a/apps/docs/content/docs/core/enterprise/sso/auth0.mdx b/apps/docs/content/docs/core/enterprise/sso/auth0.mdx
new file mode 100644
index 0000000..b9078cf
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/sso/auth0.mdx
@@ -0,0 +1,44 @@
+---
+title: Auth0
+description: Configure SSO with Auth0
+---
+
+
+## 1. Create an application in Auth0
+
+1. Log in to the [Auth0 Dashboard](https://manage.auth0.com/).
+2. Go to **Applications** → **Applications** → **Create Application**.
+3. Choose **Regular Web Application** and create it.
+4. Note your **Domain**, **Client ID**, and **Client Secret**.
+
+## 2. Configure Dokploy
+
+1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
+2. Enable **SSO** and choose **OpenID Connect**.
+3. Enter:
+   - **Provider**: myorg-name-auth0 (Unique)
+   - **Issuer URL**: `https://YOUR_AUTH0_DOMAIN/` (Make sure add the trailing slash)
+   - **Domain**: `your-domain.com` (Your domain)
+   - **Client ID**: from Auth0 application
+   - **Client Secret**: from Auth0 application
+   - **Scopes**: openid email profile
+4. Save.
+
+## 3. Configure Auth0
+
+1. In your application, go to **Settings**.
+2. Set **Allowed Callback URLs** to your Dokploy URL, for example:
+   - `https://your-dokploy-domain.com/api/auth/callback/myorg-name-auth0`
+3. Set **Allowed Logout URLs** to:
+   - `https://your-dokploy-domain.com`
+4. Set **Allowed Origins** to:
+   - `https://your-dokploy-domain.com`
+5. Save changes.
+
+## Troubleshooting
+
+- **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Auth0 (including protocol and path).
+- **Invalid client** — Double-check Client ID and Client Secret, and that the application is a web application.
+- **Scopes** — Ensure Auth0 is configured to return `openid` and, if required, `email` and `profile`.
+
+For help with your setup, [contact us](https://dokploy.com/contact).
diff --git a/apps/docs/content/docs/core/enterprise/sso/index.mdx b/apps/docs/content/docs/core/enterprise/sso/index.mdx
new file mode 100644
index 0000000..99c12f0
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/sso/index.mdx
@@ -0,0 +1,15 @@
+---
+title: Single Sign-On (SSO)
+description: Configure SSO with Auth0, Keycloak, or other OIDC/SAML providers
+---
+
+# Single Sign-On (SSO)
+
+Enterprise supports Single Sign-On via OpenID Connect (OIDC) and SAML. You can use Auth0, Keycloak, or any compatible identity provider.
+
+Choose a provider below for step-by-step configuration:
+
+- **[Auth0](/docs/core/enterprise/sso/auth0)** — Cloud identity platform
+- **[Keycloak](/docs/core/enterprise/sso/keycloak)** — Open-source identity and access management
+
+For other OIDC/SAML providers, use the same endpoints and flow; [contact us](https://dokploy.com/contact) if you need help.
diff --git a/apps/docs/content/docs/core/enterprise/sso/keycloak.mdx b/apps/docs/content/docs/core/enterprise/sso/keycloak.mdx
new file mode 100644
index 0000000..20b76d2
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/sso/keycloak.mdx
@@ -0,0 +1,48 @@
+---
+title: Keycloak
+description: Configure SSO with Keycloak
+---
+
+## 1. Create a client in Keycloak
+
+1. Log in to your Keycloak Admin Console.
+2. Select your realm (or create one).
+3. Go to **Clients** → **Create client**.
+4. Set **Client ID** (e.g. `my-client-id`) and **Client type** to **OpenID Connect**.
+5. Set **Root URL** to your Dokploy base URL, e.g. `https://your-dokploy-domain.com`.
+6. Save.
+7. Open the client, set **Access type** to **confidential**, then open the **Credentials** tab and note the **Secret**.
+8. From **Realm settings** → **OpenID Endpoint Configuration**, note the **Issuer** (e.g. `https://keycloak.example.com/realms/your-realm`).
+
+## 2. Configure Dokploy
+
+1. In Dokploy, go to **Settings** (or **Organization** / **Security** in Enterprise).
+2. Enable **SSO** and choose **OpenID Connect**.
+3. Enter:
+   - **Provider**: my-client-id (Unique)
+   - **Issuer URL**: your Keycloak realm URL (e.g. `https://keycloak.example.com/realms/your-realm`)
+   - **Domain**: `your-domain.com`
+   - **Client ID**: my-client-id
+   - **Client Secret**: the secret from the Keycloak client Credentials tab
+   - **Scopes**: openid email profile
+4. Save.
+
+## 3. Configure Keycloak
+
+1. In your Keycloak client, go to **Settings**.
+2. Set **Valid redirect URIs** to your Dokploy callback URL, for example:
+   - `https://your-dokploy-domain.com/api/auth/callback/my-client-id`
+3. Set **Valid post logout redirect URIs** to:
+   - `https://your-dokploy-domain.com`
+4. Set **Allowed Origins** to:
+   - `https://your-dokploy-domain.com`
+5. Save changes.
+
+## Troubleshooting
+
+- **Redirect URI mismatch** — Ensure the callback URL in Dokploy matches exactly what is configured in Keycloak (including protocol and path). Use the same **Provider** value in the path (e.g. `.../api/auth/callback/myorg-name-keycloak`).
+- **Invalid client** — Double-check Client ID and Client Secret, and that the client is enabled and set to confidential access.
+- **Scopes** — Ensure the client is configured to request `openid` and, if required, `email` and `profile`.
+- **Attribute mapping** — If user email or name is missing, map Keycloak attributes (e.g. email, preferred_username) in Dokploy if your setup supports it.
+
+For help with your setup, [contact us](https://dokploy.com/contact).
diff --git a/apps/docs/content/docs/core/enterprise/sso/meta.json b/apps/docs/content/docs/core/enterprise/sso/meta.json
new file mode 100644
index 0000000..4104d0a
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/sso/meta.json
@@ -0,0 +1,7 @@
+{
+	"title": "SSO",
+	"pages": [
+		"auth0",
+		"keycloak"
+	]
+}
diff --git a/apps/docs/content/docs/core/enterprise/whitelabeling.mdx b/apps/docs/content/docs/core/enterprise/whitelabeling.mdx
new file mode 100644
index 0000000..64c69b7
--- /dev/null
+++ b/apps/docs/content/docs/core/enterprise/whitelabeling.mdx
@@ -0,0 +1,37 @@
+---
+title: Whitelabeling
+description: Rebrand Dokploy with your logo, colors, and domain
+---
+
+
+## What you can customize
+
+- **Logo** — Header and login logo.
+- **Favicon** — Browser tab icon.
+- **Colors** — Primary color and accent (e.g. buttons, links).
+- **Custom domain** — Serve the app from your own domain (e.g. `deploy.yourcompany.com`).
+
+## Configuration
+
+Whitelabel settings are managed in the Enterprise admin area (or via environment variables, depending on your deployment).
+
+1. Go to **Settings** → **Whitelabel** (or equivalent in your Enterprise setup).
+2. Upload your **logo** (recommended: SVG or PNG, transparent background).
+3. Upload your **favicon** (e.g. ICO or PNG).
+4. Set **primary color** and **accent color** (hex codes).
+5. If using a custom domain, configure your reverse proxy (e.g. Traefik, Nginx) and DNS to point to your Dokploy instance, and set the **base URL** in Dokploy to match.
+
+## Custom domain
+
+1. Create a CNAME (or A) record pointing your domain to the server or load balancer where Dokploy runs.
+2. Configure TLS (e.g. Let's Encrypt) on your reverse proxy for that hostname.
+3. In Dokploy, set the **Application URL** (or equivalent) to `https://your-domain.com`.
+4. Restart or reload Dokploy so it uses the new base URL for redirects and links.
+
+## Best practices
+
+- Use high-resolution logos (e.g. 2x) for sharp display on retina screens.
+- Keep primary and accent colors accessible (sufficient contrast for text and buttons).
+- Test login and main flows after changing logo and colors to ensure nothing is broken or hard to read.
+
+For help enabling or configuring whitelabeling, [contact us](https://dokploy.com/contact).
diff --git a/apps/docs/content/docs/core/meta.json b/apps/docs/content/docs/core/meta.json
index e38c917..14a6fa6 100644
--- a/apps/docs/content/docs/core/meta.json
+++ b/apps/docs/content/docs/core/meta.json
@@ -48,11 +48,17 @@
 		"remote-servers/deployments",
 		"remote-servers/security",
 		"remote-servers/validate",
+		"---Advanced---",
+		"cluster",
+		"---Enterprise---",
+		"enterprise/index",
+		"enterprise/license-keys",
+		"enterprise/sso",
+		"enterprise/whitelabeling",
+		"enterprise/audit-logs",
 		"---Guides---",
 		"guides/cloudflare-tunnels",
 		"guides/tailscale",
-		"guides/ec2-instructions",
-		"---Advanced---",
-		"cluster"
+		"guides/ec2-instructions"
 	]
 }