Local email/password authentication stays available in Community. Enterprise will add stricter password and identity-provider policies.

View and manage basic session behavior. Enterprise policies will add forced re-authentication, maximum session lifetimes, and force-logout controls.

Connect Sally to a company identity provider, configure IdP metadata, enable SSO, and optionally enforce SSO while keeping a break-glass superadmin account.

Control who can start agent workflows, allowed local runtimes, approval requirements, and workflow concurrency limits.

Require 2FA for admins or all users, set grace periods, and reset recovery paths.

Control API and MCP key creation, expiry, rotation, and admin-only restrictions.

Search and export security-relevant activity such as role changes, membership changes, login events, and agent connections.