Administrator Guide
Operate Argy securely: IAM, governance (approvals), quotas, audit logs, and deployments.
This guide summarizes the core administration domains in Argy, aligned with the platform's governance-by-design approach.
Identity & Access (IAM)
- Passwordless-first authentication: WebAuthn/Passkeys (primary), Magic Link (fallback).
- Enterprise federation: OIDC and SAML 2.0.
- Device Flow (RFC 8628) for agents and terminals.
- SCIM for automated user and group provisioning.
Roles & permissions (RBAC)
Argy provides role-based access control. Typical roles include:
PLATFORM_ADMINPLATFORM_ENGINEERPLATFORM_PMPLATFORM_USERCOMPLIANCE_APPROVER
Governance & approvals
Argy supports approval policies that trigger human review for sensitive actions.
- Actions: Create, Update, Delete, Deploy, Publish
- Resources: Module, Project, Deployment, Policy
- Required approvals: 1 to 10
- Auto-approve: Yes / No
- Status: Active / Inactive
Workflow:
- Request → Waiting → Approved (execution) or Rejected (with optional comment)
- Notifications via email and Slack/Teams
- Full audit trail for every decision
Quotas & usage
LLM usage is governed through:
- Monthly token allocations by plan
- Quotas per organization/team
- Real-time dashboard (consumption, blocked requests, cost per 1K tokens)
- Alert thresholds (e.g., 80% warning, 90% critical)
Token add-ons can be purchased in 100K-token increments.
Audit logs
- Every action is logged (who/what/when/resource)
- Minimum retention: 90 days, exportable as CSV
- Correlation IDs support distributed tracing and investigations
Deployment models
- SaaS: AKS (West Europe), managed by Argy
- Hybrid: SaaS control plane + self-hosted execution agents
- On‑prem: Kubernetes deployment in your environment (LLM Gateway on-prem available as Enterprise add-on)
Recommended next reads: Security Model and Deployment Guide.