Access Control

Scoped Access for Every Team

Give contractors, partners, and external teams visibility into their AI agents — and only their agents.

The Problem: All-or-Nothing Access

When you bring in external developers or contractors who use AI coding agents, you face a dilemma:

  • Give them full access — They see every server, task, and terminal session across your entire organization
  • Give them no access — They can't monitor their own agents, and you become the bottleneck for every status update

Neither option works. You need scoped visibility.

Projects as Scope Boundaries

Orchestratia uses Projects to isolate teams. Each project contains:

  • A set of registered servers (with registration tokens scoped to the project)
  • Tasks that belong to the project
  • Sessions running on project servers
  • Activity feed filtered to project events

When a contractor logs in, they only see their project's resources. Your internal servers, tasks, and terminal output remain invisible to them.

Registration Tokens

To onboard a new server to a project, you generate a one-time registration token. The contractor installs the agent daemon, uses the token to register, and their server appears in their project — nowhere else.

No shared credentials, no manual configuration, no access creep.

Project Isolation

Each project is a visibility boundary. Teams only see their own servers, tasks, and output.

Registration Tokens

One-time tokens scoped to a project for secure server onboarding.

Multi-Team Support

Run multiple projects simultaneously with independent agent fleets.

Scoped Dashboards

Dashboard, kanban, and activity feed automatically filter by project scope.

Set up project-scoped access

Create a project, generate tokens, and onboard your first external team.