ArmorIQ LogoArmorIQ Docs

OPA Engine

Open Policy Agent integration for fine-grained, context-aware policy enforcement with analytics and custom Rego policies.

The OPA Engine integrates Open Policy Agent into ArmorIQ for fine-grained, context-aware policy enforcement. It runs alongside the native policy engine and provides detailed analytics on enforcement decisions.

OPA Engine dashboard overview

Prerequisites

OPA Engine is an optional product. To enable it:

  1. Go to Settings → Product Preferences.
  2. Toggle OPA Engine on.
  3. The OPA Engine section appears in your sidebar.

Enforcement Modes

ModeDescription
EnforceOPA decisions are applied — tool calls are allowed or blocked based on OPA evaluation
ShadowOPA evaluates decisions but does not enforce them — results are logged for comparison with native enforcement
DisabledOPA is not active

Topics

  • Dashboard — Monitor OPA enforcement metrics, decision trends, and tool usage analytics.
  • Configuration — Set enforcement mode, configure external OPA URL, and upload custom Rego policies.

Endpoint Logs

View detailed logs of API endpoint usage with filtering, search, and pagination.

OPA Dashboard

Monitor OPA enforcement metrics — decision trends, match rates, tool usage, and enforcement action distribution.

On this page

PrerequisitesEnforcement ModesTopics