What you can do
- Enforce organization‑wide policies for environments and agents
- Require SSO, configure session controls, and centralize identity
- Block risky operations with a command deny list
- Replace long‑lived secrets with OIDC for cloud/provider access
- Audit user and agent activity with logs
Components
- Policies: Standardize environments and agent behavior across projects
- Identity & SSO: Central authentication and access management
- OIDC: Short‑lived, claim‑based access to cloud resources
- Audit logs: Track actions for compliance and incident response
- Command deny list: Prevent disallowed commands from executing
Before you start
- Ensure you are an organization admin
- Choose an identity provider and decide SSO posture
- Connect runners to your organization
- Decide initial policy defaults and rollout scope (project vs organization)