Secure Workspace Access (SSO, 2FA, API Keys)
Baseline controls
API key operations
Security review cadence
Related

Secure Workspace Access (SSO, 2FA, API Keys)

Baseline controls

Enforce strong account authentication and 2FA.
Configure SSO/SAML if your plan requires centralized identity.
Rotate API keys and webhook secrets on a schedule.
Remove stale members and inactive invites.

API key operations

Create keys only for required integrations.
Store once in secret manager.
Scope usage to required automation only.
Rotate immediately on exposure suspicion.

Security review cadence

Weekly: member and invite review.
Monthly: key rotation audit.
Quarterly: role and SSO policy review.

/user-guides/manual/workspace/security-and-compliance
/user-guides/manual/workspace/api-access-and-scopes

Set Default Workspace and Switch Context

Configure SAML SSO and SCIM