home

Developer resources

ReltioProductsDeveloper resourcesRolesApplicationsObjectives
ReltioProductsDeveloper resourcesRolesApplicationsObjectives

Unify and manage your data

Show Contents

thumbnailDeveloper resources

Reltio AgentFlow™ at a glance

AgentFlow security, audit, and compliance architecture

Learn about how AgentFlow protects data, enforces access control, and supports audit and compliance through the Reltio MCP framework.

Attention: This feature is available to limited users through the Reltio Early Access (EA) program. Interested in finding out more about this feature or participating in our EA program? Get details in topic Early Access (EA) features.

Identity and access control

AgentFlow authenticates users through your organization's identity provider (IdP) using single sign-on (SSO) and multifactor authentication (MFA). Each action in the workspace is executed on behalf of the signed-in user using OAuth 2.0 tokens. Role-based access control (RBAC) is enforced at two layers: the MCP tool level and the underlying Reltio APIs. Session policies, including idle timeouts and device restrictions, are governed by your tenant configuration.

Tool governance and enforcement

Agents don’t interact directly with databases. Instead, all operations go through curated MCP tools such as search_entities, get_entity_matches, and merge_entities. These tools are:

  • Individually gated by access policies and input validation
  • Rate-limited to prevent misuse
  • Allowlisted per agent to prevent unauthorized tool access
  • Subject to human approval for irreversible actions (like merges), unless an automation policy is explicitly enabled

Encryption and data protection

All traffic between AgentFlow and MCP is encrypted in transit using TLS 1.2 or higher. Data at rest in the Reltio Data Cloud is encrypted using AES-256. If your organization uses Reltio Shield, you can bring your own encryption key (BYOK) and manage key rotation independently. Agent prompts, context, and tool inputs do not persist any secrets or credentials.

Privacy and compliance alignment

AgentFlow supports regional data residency and complies with global privacy frameworks, including General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Conversation context is scoped to each session and not retained across interactions. Action and chat history retention follows your tenant-defined schedules. Agent enrichment is limited to allowlisted public sources only, and content is never persisted outside audit logs.

Audit and observability

Every tool invocation and agent recommendation is recorded. Audit logs include the user identity, agent version, tool name, inputs, and timestamps. These logs are available in your tenant's Activity Log and can be exported or streamed to a Security Information and Event Management (SIEM) system for external monitoring.

  • All merge and reject actions are traceable
  • Each audit entry links to the tool used and decision rationale
  • System administrators can configure alert thresholds in connected SIEM tools

To see how match resolution activity is logged, see Resolve matches in AgentFlow using the Match Resolver Agent.

For agent access and feature-level licensing, see AgentFlow capabilities and permissions.

Updated on August 22, 2025

Footer

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.

© 2025 The RELTIO® mark is a registered trademark of Reltio, Inc. in the United States and other countries; DataDriven and Reltio Data Cloud are trademarks of Reltio, Inc. Other names or marks are trademarks of their respective owners.

Terms and Conditions, Privacy Policy, and