Overview
Paladin is Opal’s platform for building access understanding agents that evaluate whether access and its surrounding policies are appropriate. Paladin agents operate like senior security engineers, gaining context from your organization’s knowledge bases and communications. Paladin enables you to scale your security function’s practices and understanding, bringing a security evaluation at machine speed to operations focused on business enablement. With Paladin, you no longer have to choose between approving quickly and approving carefully. The Paladin platform can be used by your organization to create agents for your use cases, each with their own guidelines, connectors and goals.Use Cases
Paladin can be applied to multiple use cases:| Use Case | Status | Description | Docs |
|---|---|---|---|
| Access Requests | Available | Assign Paladin to an approval stage as a sole or advisory reviewer. | Access Requests |
Safety
Paladin agents operate as Opal Service Users, bringing them under the control of our authorization and auditing systems.Authorization
Paladin agents operate within Opal’s authorization system. This means their access can be controlled using: We recommend assigning your Paladin agents the Read-Only Admin role, which gives them enough context to make decisions while limiting their actions to the specific operation being performed.Auditing
As service users, all actions Paladin agents take are audited the same way a human user’s actions are audited. Audit logs are available under Events and can be streamed to other systems via Events Streaming. Paladin agents also maintain an audit log of:- Inputs provided to them
- All tool calls made to Opal and external systems
- Their internal thought process
- Their final outputs provided before actions are taken
Connectors
Paladin’s access to your external systems is gated by connectors. Paladin agents cannot read or write from an external system unless specifically authorized to do so as part of their configuration.Slack for Agents
Paladin’s Slack for Agents is a separate Slack app distributed by Opal. Slack for agents allows Paladin agents to:- Read messages in public and private (if invited) slack channels
- (Optional) Join public slack channels, as long as the slack channel is not externally connected.
Notion Documents
Paladin can, if configured, connect to Notion to read documents under the top-level page it is granted access to.Ticketing Integrations
Paladin can, if configured, read any ticket in your connected ticketing systems, such as Linear.Create a Paladin Agent
- In Opal, navigate to Configuration > Service Users and create a service user that will represent your agent.
- Configure the agent’s name, owner group and role(s).
- Configure an automation, select the trigger for your use case and select “Use AI Agent” as the automation action.
-
Select the available connectors that you want the agent to use. If any connector is unavailable, you can configure it in the next step.
-
(If required) Configure any required connectors under Configuration -> Service Users -> Your Service User -> Automations. If the integration for a connector is not already set up, you can do so now by clicking on a greyed-out connector.
