Enterprise

Collector management for regulated
and large-scale teams.

SSO, RBAC, approval workflows, and audit log export — on top of the same hosted OpAMP control plane. Govern thousands of collectors without owning the infrastructure that runs them.

Talk to sales See plans

10k+

Collectors per workspace

99.9%

Control plane SLA

SAML

SSO + SCIM provisioning

∞

Audit retention via export

Built for enterprise

The controls regulated teams need.

SSO & SCIM

SAML and OIDC for sign-in. SCIM 2.0 for provisioning. JIT user creation, group-based role mapping, and de-provisioning the same minute someone leaves.

Advanced RBAC

Granular roles per workspace, environment, and config. Read-only auditors. Rollout operators scoped to a label set. Custom roles when the standard four aren't enough.

Approval workflows

Configurable approval thresholds per environment. Reuse CODEOWNERS. Audited break-glass for incidents. Slack-based approval signoff.

Audit log export

Every action — sign-in, config edit, rollout, approval, role change — streams to your SIEM via webhook or to S3 in JSONL. Tamper-evident with HMAC signing.

Data residency

Pin your workspace to US, EU, or AP regions. Collector self-telemetry stays in-region. We never see your application telemetry — full stop.

Dedicated support & SLA

Named technical contact. Shared Slack channel. 99.9% uptime SLA on the control plane. Quarterly fleet operations review with our team.

Granular control

Permissions that match how
platform teams really work.

Auditors read everything. Operators roll out within their environment. SREs break glass — and leave a record when they do.

workspace · roles

Role	Inventory	Edit config	Roll out	Approve	Manage roles
Auditor	read	—	—	—	—
Operator · staging	read	staging	staging	—	—
Operator · production	read	prod	prod (with approval)	codeowners	—
SRE on-call	read	all	break-glass	all	—
Workspace admin	read	all	all	all	yes

Trust posture

What we do — and don't — touch.

We're early and we'd rather be precise than performative. Here's the actual scope of what flows through our systems.

WHAT WE SEE

Collector identity, version, capabilities, heartbeat
Effective configuration the collector self-reports
Optional collector self-telemetry (queue depth, drops, errors)
Audit events — sign-in, edit, rollout, approval

WHAT WE NEVER SEE

Your application logs, metrics, traces, or spans
Telemetry payloads of any kind
Anything outside the OpAMP control channel

Compliance attestations and a security review packet are available on request — we'll tell you exactly where each control stands today rather than printing a logo wall.

PILOT · LATE 2025

"We had 1,800 collectors across four regions and zero idea which config was actually running on most of them. Monitor-only mode let us start telling the truth on day one — without changing how telemetry got to our backend."

— Platform Engineering Lead · Fortune 500 retailer

Bring governance to your collector fleet.

Talk to us about workspace setup, SSO, audit export, and SLA. Most enterprises are running in production within four weeks.

Talk to sales Request security packet

Collector management for regulatedand large-scale teams.