Getting started

Creating a workspace

A workspace is Vigilo's tenancy boundary. Every certificate, change, asset, incident, task, audit row, vendor, and risk in Vigilo belongs to exactly one…

Last updated

Overview

A workspace is Vigilo's tenancy boundary. Every certificate, change, asset, incident, task, audit row, vendor, and risk in Vigilo belongs to exactly one workspace. Users can belong to many workspaces with different roles in each, but data never leaks across boundaries — row-level security enforces that at the Postgres layer, not just in application code.

Creating a workspace takes about a minute. Vigilo seeds it with sane defaults: a default approval policy, an empty service catalog, the standard role set, and a "Welcome" announcement. Everything is fully editable from settings later.

Why it exists

The workspace boundary lets one Vigilo instance serve multiple business units, multiple customers, or multiple environments (e.g. "Acme — production" vs "Acme — staging") without any of them seeing each other's data. It also makes pricing simple — every plan limit (members, monitored hosts, integrations) is expressed per workspace. If you ever need to split a team off into its own org, you migrate one workspace, not a tangle of permission rules.

Key concepts

  • Workspace name — The human-readable label. Shows up in the switcher, the email subject lines, and the audit log. Renameable.
  • Workspace slug — The URL-safe identifier used in /ws/<slug>/... and in API paths. Lower-case, hyphenated, 3-30 characters. Cannot be changed after creation without admin intervention, because deep links carry it.
  • Owner role — The user who creates the workspace becomes its first owner. Owners can do everything admins can, plus billing actions and workspace deletion. There must always be at least one owner — promoting another user before stepping down is enforced by the API.
  • Plan — Each workspace has a plan (free, starter, pro, enterprise). The plan controls hard limits like member count, monitored hosts, scan frequency, retention window, and which integrations are available.
  • Seeded defaults — On creation, Vigilo writes a default approval policy ("any one approver"), a default freeze window calendar (empty), default RBAC mappings, a default playbook ("notify on incident open"), and a welcome announcement.

Common workflows

1. Create a workspace

Sign in, then either:

  • If you have no memberships, you'll be auto-redirected to /workspaces/new.
  • Otherwise, click the workspace switcher in the sidebar and choose "Create new workspace".

Fill in:

  • Name — e.g. "Acme Corp"
  • Slug — auto-generated from the name; you can override it. Must be unique across the Vigilo instance.
  • Plan — defaults to free for self-serve sign-ups. Enterprise plans are provisioned by the platform admin.

Click Create. Vigilo provisions the workspace, makes you the owner, runs the seed migrations, and redirects you to /ws/<slug> (the dashboard).

2. Rename a workspace

Settings → General → Workspace name → Save. The slug stays the same.

3. Change the workspace plan

Settings → Plan → Upgrade or Contact sales. Plan changes take effect immediately for soft limits; hard limits (e.g. enabling SCIM) require a Celery task to reconcile and may take up to 30 seconds.

4. Transfer ownership

Settings → Members → find the user → Make owner. You can have multiple owners — the original creator stays an owner until they're explicitly demoted, so a team is never accidentally locked out.

5. Delete a workspace

Settings → Danger zone → Delete workspace. You'll be asked to type the slug to confirm. The workspace is soft-deleted for 30 days (recoverable by a platform admin), then permanently purged. All audit rows are exported to cold storage before purge if compliance retention is configured.

Permissions & gating

Action Roles allowed
Create workspace Any authenticated user
Rename workspace admin, owner
Change plan owner
Invite/remove member admin, owner
Transfer ownership owner
Delete workspace owner

See Roles & RBAC for the full role-to-permission matrix.

Troubleshooting

  • "Slug already taken." — Slugs are unique across the entire Vigilo instance, not just your team. Pick a different one or prefix it with your org name (acme-staging rather than staging).
  • "I can't create more workspaces." — Free-plan users are limited to two workspaces. Upgrade, or ask a platform admin to lift the limit.
  • "Settings → Plan is greyed out." — Plan changes are owner-only. Ask an owner of the workspace.
  • "I lost ownership and now I'm locked out of settings." — Ask another owner to re-promote you. If there are no other owners, contact your platform admin — they can intervene via Django admin.
  • "After creating, the dashboard is empty." — That's expected. Add a certificate or invite a teammate to seed the activity feed.

Related articles