Skip to main content
Admin-managed sharing is available to workspace administrators from the Governance area.
Admin-managed sharing lets you lock an agent’s access list so only admins can change it. Owners and editors can still open the agent and see who has access, but sharing controls in the builder become read-only. All sharing changes are made in Governance instead.

When to use it

Turn on admin-managed sharing when you need to:
  • Enforce who can use a business-critical or sensitive agent
  • Prevent owners from broadening access without review
  • Keep sharing decisions auditable in one place
  • Hand off ownership of sharing to a compliance or security team while leaving the agent owner in charge of configuration

What changes for owners and editors

When admin-managed sharing is on:
  • The sharing dialog in the agent builder shows a banner explaining that an admin manages access
  • Existing users, groups, and workspace-wide access stay visible as a read-only list
  • Owners and editors cannot add people, change roles, or remove access from the builder
  • Admins continue to manage the access list from Governance
Turning the toggle off restores normal sharing behavior, and owners and editors can manage access from the builder again.

How to turn on admin-managed sharing

  1. Go to Governance → Agents and open the agent
  2. Open the Sharing tab
  3. Toggle Admin-managed sharing on
While the toggle is on, use the same Sharing tab to add or remove users, groups, and workspace access. Toggle it off to return control to the agent’s owners and editors.
Use admin-managed sharing alongside verified status for agents your organization depends on. Verification signals quality to users, and admin-managed sharing keeps access aligned with your policies.