Security & Compliance

SSO, directory sync, audit logs, retention, sensitive content, and the security scanner.

• Identity and access (SSO)

  SAML/OIDC via Clerk, domain verification, sessions, and organization identity configuration.

  8 min

• SCIM and directory sync

  Clerk Directory Sync for production; legacy SCIM endpoints and limitations.

  7 min

• Group role mapping and directory rules

  Map IdP groups to workspace roles; attribute-based assignment and provisioning rules.

  6 min

• Audit logs

  Immutable audit events at organization and workspace scope, export, and common action types.

  6 min

• Retention and legal hold

  Retention days for prompts, runs, and audit logs; manual runs and scheduled cron.

  6 min

• Sensitive content controls

  DLP-style pattern detection, blocks on save/run/export, and org sensitive-content settings.

  5 min

• Security scanner

  Scan prompts for injection, leakage, and safety risks before publish—with streaming results and Refine handoff.

  7 min