Workspace Controls

Allow safe reads. Ask before writes. Deny risky exports.

Controls give teams one place to set integration access, require approval for sensitive tool actions, and preserve security context around every agent run.

Get startedLearn More
Salesforce
Salesforce

CRM records, accounts, opportunities, contacts, and renewal notes.

Connection status
EnableDisable
All tools
Control access centrally by tool action.
Deny AllAsk AllAllow All
searchAccounts

Find accounts by owner, region, segment, renewal date, or health status.

DenyAskAllow
updateOpportunity

Prepare opportunity updates for stage, next step, and close date fields.

DenyAskAllow
exportContacts

Export contact records outside the workspace.

DenyAskAllow
controls-policy

Integration controls and security

Set integration access centrally, require approval for sensitive actions, and keep security posture attached to every workspace run.

Allow

Low-risk reads, searches, drafts, and summaries can run without interruption.

Ask

Sensitive sends, updates, exports, payments, and production actions require human review.

Deny

High-risk tools, data sources, and actions stay blocked until policy changes.

Security posture
Agent identity

Tie tool use to the agent, workspace, user, and approved account context.

Approval trails

Preserve who approved what, when the agent asked, and which action changed.

Audit visibility

Review tool calls, source reads, generated artifacts, and human decisions.

Data controls

Use deployment and retention options that match the workflow risk.

Control Capacity

Integration controls and security posture in one control plane

The control surface is built for operators who need AI work to expand while every connected-system action keeps its approval policy, audit trail, and security context intact.

Integration controls

Review connected systems, inspect tool-level permissions, and decide which actions can run automatically.

  • Connect 50+ applications
  • Control access centrally
  • Attach policy to each workspace

Allow, Ask, or Deny

Apply policy by tool action so sensitive writes, exports, deletes, and sends can require approval.

  • Allow approved reads
  • Ask before sensitive changes
  • Deny risky exports

Agent identity

Keep each run tied to the workspace, operator, connected system, and approval policy behind the action.

  • Operator attribution
  • Workspace-scoped credentials
  • Permission context retained

Approval trails

Capture approval decisions so teams can understand what ran, what paused, and what was blocked.

  • Approver decisions
  • Reason and timestamp capture
  • Escalation-ready history

Audit visibility

Give admins a clear record of tool calls, permission decisions, and connected-system activity.

  • Tool-call history
  • Permission state changes
  • Reviewable execution logs

Security posture

Preserve governance around connected tools without exposing one broad shared credential to every workflow.

  • Least-privilege access
  • Centralized permission review
  • Controlled system boundaries