# Cakewalk for Admins Admins own governance. You decide which Connections are available, which Agents are approved, who can use them and what those Agents are allowed to do. *** ### ❓ **Why use Cakewalk?** Admins use Cakewalk to govern AI Agents the same way they govern human access. It gives you: * **Org-wide visibility** into every Agent, every session and every tool call. * **Dynamic Agent Context**: each Agent starts every task with no access. Cakewalk grants tools just-in-time, scopes them to the task and releases them when the task ends. * **Real-time enforcement** through deterministic Policies. Match on action type, Connection risk and HRIS attributes (department, title, location, user category). * **Day-one coverage** with four Default Policies, tunable per action type. * **Audit Log** with one event per tool call: audit-ready evidence for compliance and incident review. *** ### 🛠 **Everyday workflows** #### **Org setup** * Set the org basics: name, domain and SSO provider. * Bring in your team: sync Users from your HRIS or IdP, or add them manually. * Choose your Connections and Agents: sync from Google Workspace, or pick them manually from Cakewalk's supported lists. :bulb: *Why this matters:* A clean setup means employees land in a fully populated product on day one. *** #### **Connection management** * Build the company Connection catalog: which third-party apps Agents are allowed to access (Slack, GitHub, Linear, Jira). * See which Users have connected to each app and what their Agents have done there. * Open a Connection to investigate sessions, revoke a User's credential or remove the Connection from governance. :bulb: *Why this matters:* The Connection catalog defines where Agents are allowed to act. Adding a Connection puts that app under governance. Removing it cuts Agent access at the gateway. *** #### **Agent management** * Discover which Agents your team is running (Cursor, Claude, Copilot, ChatGPT). The catalog populates automatically as employees connect their Agents through Cakewalk. * See per-Agent activity: how active each one is, which Users are running it and which Connections it touches. :bulb: *Why this matters:* The catalog is your live view of which Agents are running through the gateway. Cakewalk governs every Agent automatically from the first tool call. *** #### **Policies** * Four Default Policies ship the moment you sign up, so every tool call is governed automatically. Adjust any if your risk posture differs. * Author Custom Policies for nuance: match on action type, Connection properties or HRIS attributes (e.g., engineers get one rule, contractors another). * Three authoring modes: Generate with AI from plain language, visual builder for guided authoring or code for complex logic. :bulb: *Why this matters:* The four Default Policies give you governance from day one. Custom Policies add nuance, and they always take priority over Defaults. See [Policies](/docs/ai-agent-access/concepts/policies.md) for full evaluation rules. *** #### **Users** * See the Agents acting on each employee's behalf and the Connections those Agents touch. * HRIS attributes (department, title, location, user category) sync in automatically from your HRIS or IdP. They're the inputs every Policy match starts from. * Open any User to investigate their Agent activity in detail or revoke a credential per Connection. :bulb: *Why this matters:* Cakewalk reads HRIS attributes as policy inputs. When a User's department or title changes in HRIS, the right Policies follow automatically. *** #### **Agent Activity** * Watch the org-wide stream of every Agent session, with filters for Agent, User, Connection, status and date range. * Open any session to see every tool call, the Policies that evaluated and the request/response payloads. * Triage denials, investigate a User or spot-check an Agent from the same surface. :bulb: *Why this matters:* Agent Activity is your audit trail. Every tool call has an audit event showing which Policy fired, what inputs matched and what the outcome was. That's the evidence security teams need to demonstrate AI governance to auditors and customers. *** ### 👉 **Where to go next** * Configure your org: [Admin Setup](/docs/ai-agent-access/introduction/get-going-with-agent-access/admin-setup.md). * Understand the model: [The Three Actors](/docs/ai-agent-access/concepts/the-three-actors.md), [Policies](/docs/ai-agent-access/concepts/policies.md), [The MCP Gateway](/docs/ai-agent-access/concepts/the-mcp-gateway.md). * Compare Admin and employee surfaces: [Cakewalk for Employees](/docs/ai-agent-access/introduction/cakewalk-for-employees.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.cakewalk.security/docs/ai-agent-access/introduction/cakewalk-for-admins.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.