Subprocess logoSubprocess
Log In

Documentation

Security guardrails & troubleshooting

Map SSO/SAML/SCIM to Subprocess roles, enforce approvals for risky agent actions, and follow the troubleshooting checklist when a deployment pauses.

Identity guardrails

Subprocess treats SSO + SCIM as the source of truth. Enforce SAML for production tenants, restrict break-glass API tokens, and scope roles so operators only see the workspaces they own.

Step-up approval is triggered automatically when a deployment targets production or when an agent requests elevated network policies.

  • SAML metadata for prod + staging IdPs
  • SCIM sync cadence + webhook retries
  • Workspace pinning for regulated teams

Policy + approvals

Tie risky actions (deploy, drain, secret rotation) to approval workflows. Owners can require two-person review and export each decision to the immutable audit log.

Budget guardrails pair with runtime guardrails so platform and finance teams share one control surface.

  • Multi-step approvals with expiration
  • Slack/PagerDuty alert fan-out
  • Audit exports to S3/SIEM

Troubleshooting playbook

Use the deployment modal to confirm repo/CI/ticketing selections, then pivot into live logs. Integration statuses call out which connector is waiting or failed.

If a run stalls, retry from the task drawer—Subprocess replays the execution plan and re-runs CI/ticketing hooks with the same guardrails.

  • Log filters + downloadable transcripts
  • Task timeline with retries + approvals
  • Incident dashboard routed to chat/IR tools