Skip to main content
Work is organized as Company › Organization › Project (see Organization hierarchy). Guardians and credentials live inside projects. Creating an organization or project also auto-creates its roles — Owner / Viewer at the company level, and Owner / Admin / Member / Viewer at the organization and project levels. A higher-level role applies downward by default and can be overridden by assigning a specific role on a child resource. See roles.

Create an organization

From Organizations, choose New Organization, give it a name (unique within the company) and an optional description.
Create an organization

Create a project

On an organization card, choose New Project. Set a name (unique within the organization) and pick the Project Type:
TypeForManages
APIEmbedding the Guard APIAPI keys
Desktop AgentProtecting employees’ AI toolsControl Profiles, Agent Users
Choose the project type

Project type

The Project Type decides how this project is governed, and it is the most important choice you make here.
  • Chosen at creation, immutable. You select Desktop Agent or API once; it cannot be changed afterward.
  • Only enabled types appear. The dropdown shows only the types your company has turned on as features. If a type is missing, enable it in Company Settings first.
  • Per-type quota. Each type has its own project quota, set when the company is bootstrapped and editable in Company Settings — always within the system-wide allowance. When you reach a type’s quota, new projects of that type are blocked until you raise it or delete one.
  • A type can’t be turned off while a project of that type still exists — delete its projects first.
A project’s type cannot be changed after creation. Create a new project if you need the other type.
Both types share the same building block — every project has one or more Project Guardians that do the inspection — but differ in how they’re driven:
Desktop Agent projectAPI project
Driven byThe Desktop Agent on employee devicesYour application via the Guard API
CredentialCompany Access Key (per device)API keys (per caller)
Governs which servicesControl ProfilesWhatever your app sends
A Desktop Agent project automatically gets all of the company’s Control Profiles assigned by default when created. You can narrow that set later — assigning a profile to the project, and mapping it to a specific Guardian, are two separate steps with different permissions.
When a project is created, its Opticon Project Binding (for monitoring) is registered automatically; you can re-point it later in Project Settings.

Open a project

Opening a project shows its Guardians and actions: Create Guardian, Settings, and a link to Opticon. From here you register a Guardian.
Project detail page with the Create Guardian button highlighted