Partner Management

Horizon’s partner management features let you collaborate with external organizations — agencies, consultants, vendors, or clients — without giving them full access to your Horizon workspace. Partners get scoped access to specific resources, and all their activity is tracked separately in audit logs.

What Is a Partner

A partner is an external organization that has been granted limited access to your Horizon instance. Partners are distinct from regular users in several ways:

• Partners authenticate through their own Clerk organization and are not counted toward your user seat limit.
• Partner access is always scoped — they can only see and interact with resources you explicitly share.
• Partner actions are logged in a separate audit trail with the partner organization clearly identified.
• Partners cannot modify your organization settings, billing, or user management.

Inviting a Partner

1. Navigate to Settings > Partners.
2. Click Invite Partner.
3. Enter the partner’s organization name and contact email address.
4. Define the access scope (see below).
5. Optionally, set an expiration date for the partnership. If left blank, the partnership remains active until manually revoked.
6. Click Send Invitation.

The partner contact receives an email invitation with a link to accept the partnership. If they already have a Horizon organization, they can link it directly. If not, they will be guided through creating one.

Note

Both organizations must agree to the partnership. The invitation must be accepted by an Owner or Admin on the partner’s side before access is granted.

Access Scoping

When setting up a partner, you define exactly what they can access. Access scoping operates on three dimensions:

Resource Scope

Select which resources the partner can access:

• Departments — share one or more departments. The partner can view agents, apps, and connections within those departments.
• Specific Agents — share individual agents without exposing the entire department.
• Connections — share read-only visibility into specific connection status (e.g., so a partner can verify that a CRM integration is healthy).

Permission Level

For each shared resource, set the permission level:

Level	What the partner can do
View	See the resource and its configuration. Cannot make changes.
Interact	Use agents (start conversations, view outputs) but not modify configuration.
Edit	Modify agent instructions, skills, and configuration within the shared scope.
Manage	Full control over the shared resources, including creating new agents and deploying apps within the scoped departments.

Data Visibility

Control what data the partner can see:

• Conversation history — whether the partner can see past agent conversations or only their own.
• Usage metrics — whether token usage, cost data, and performance metrics are visible.
• Audit logs — whether the partner can view activity logs for shared resources.

Caution

Be thoughtful about data visibility settings. Sharing conversation history may expose sensitive internal discussions or customer data. Default to minimal visibility and expand as trust is established.

Partner API Keys

Partners can be issued API keys that are scoped to their access permissions. These keys allow partners to integrate with your Horizon resources programmatically.

1. Navigate to the partner’s detail page under Settings > Partners.
2. Click Create API Key.
3. Enter a name for the key (e.g., “Acme Integration Key”).
4. The key automatically inherits the partner’s access scope and permission level.
5. Optionally, add further restrictions: specific IP allowlists, rate limits, or a custom expiration date.
6. Click Generate Key.
7. Copy the key immediately — it will not be shown again.

Partner API keys are separate from your organization’s API keys and are identified as partner keys in audit logs.

Tip

Use partner API keys when an external team needs to build automations against your Horizon agents. This is more secure than sharing an organization-level API key because partner keys are automatically scoped to the agreed-upon resources.

Managing Active Partners

The Settings > Partners page lists all active, pending, and expired partnerships. For each partner, you can:

• View activity — see a summary of the partner’s recent actions, API calls, and agent interactions.
• Edit scope — adjust the resources, permissions, or data visibility granted to the partner.
• Rotate API keys — revoke and reissue partner API keys without changing the partnership itself.
• Suspend — temporarily disable the partner’s access. The partnership is preserved but all access is blocked until unsuspended.
• Revoke — permanently end the partnership. All access is terminated immediately and partner API keys are revoked.

Collaboration Features

Partners with Interact or higher permissions can:

• Converse with shared agents — partners can use the Horizon chat interface to interact with agents you have shared with them.
• View shared dashboards — if you share a department, the partner sees that department’s dashboard metrics and agent status.
• Receive notifications — partners can opt into notifications for events on shared resources (e.g., agent errors, task completions).

Audit Trail

All partner activity is recorded in the audit log with clear attribution. Each log entry includes:

• The partner organization name.
• The specific partner user who performed the action.
• The resource affected.
• Timestamp and IP address.

Navigate to Settings > Partners > [Partner Name] > Activity Log to view partner-specific audit entries, or use the main audit log with the partner filter enabled.

Limits

Setting	Default	Configurable
Maximum active partners	25	Yes, contact support
Partner API keys per partner	5	Yes, in partner settings
Partner invitation expiry	14 days	Yes, per invitation
Partner session timeout	8 hours	Yes, in partner settings