- Audience
- Anyone hitting an unexpected behavior.
- How to use
- Start with the diagnostic flow, then jump to the specific section.
- Companion
- Glossary for unfamiliar terms.
- When stuck
- See When to escalate.
Diagnostic flow
Before diving into a specific issue, check these in order. Most problems resolve at one of the first three steps.
- Is the organization profile complete? An incomplete profile blocks most workflows. Re-open onboarding and verify.
- Is billing active? Reporting and review actions are gated on an active subscription.
- Is the user's role correct? Missing actions almost always indicate a role or policy threshold issue.
- Is the workspace state fresh? Refresh the page; sign out and back in if the issue persists.
- Is the action toast giving a specific reason? The platform reports failure reasons in on-page toasts — read them before retrying.
Onboarding loops
If the app returns to onboarding after you save the region or organization profile:
- Confirm the profile fields are complete and that the save action reported success on-page.
- Reload the page after a successful save.
- If the loop persists, sign out and back in to clear stale session state.
- If still looping, confirm with a second org admin that the profile was saved on the server side; sometimes the local form succeeded but the server rejected the data.
See Onboarding for the full activation checklist.
Missing buttons or sections
Missing buttons usually indicate role or policy restrictions. Check in this order:
- Member role: Confirm you have the role the action requires (see Role reference).
- Policy threshold: Some actions require a higher minimum role per organization configuration.
- Billing state: Live operational actions are billing-gated.
- Subscription status: Even with billing configured, a paused or past-due state may suspend some actions.
For review actions specifically, the user needs review access. For partner actions, the user must meet the trusted-partner policy threshold.
Blocked reports or incident access
Reporting and incident access can be unavailable if the organization subscription is not active. Check billing first, then confirm the user's role. If the submit button shows an error, read the toast message and fix the missing or invalid field before retrying.
Common causes
| Symptom | Likely cause | Fix |
|---|---|---|
| Submit button is disabled | Required field is missing or invalid. | Look for red field highlights; complete the form. |
| Submit succeeds but report never appears in queue | Visibility set to a partner who is not connected. | Edit the report, change visibility to origin-only and resubmit. |
| "Subscription required" toast | Billing inactive. | Reactivate billing from organization settings. |
| Report exists but you cannot see it | Visibility scope excludes you. | Ask a reviewer with broader access to confirm and adjust visibility. |
Map placement issues
The incident map uses saved organization site coordinates. If incidents do not appear where expected:
- Confirm the report used a mapped site.
- Confirm the site's latitude and longitude are correct — preview from Organization settings → Mapped sites.
- Reports without saved site coordinates may still exist but cannot be plotted accurately.
- If multiple incidents stack on the wrong location, the underlying site coordinates are probably wrong — fix the site, not the individual incidents.
Partner workflow blockers
If a relationship cannot be accepted, check:
- Connection state: A "requested" relationship is not the same as "connected".
- Signer metadata: Some organizations require template MOU/NDA signatures before accepting.
- MOU/NDA status: Outstanding signatures may block partner-scoped sharing.
- Receiving organization: Only the receiving organization can accept — the requester cannot.
- Policy threshold: The user attempting to accept may not meet the minimum role.
See Connection states for the full lifecycle.
Notification issues
- Confirm the event is enabled in personal alert preferences.
- Check the minimum severity threshold — low-severity events are often filtered out.
- Verify quiet hours do not suppress the expected notification.
- For SMS, confirm a destination number exists and is current.
- Confirm organization notification defaults are configured for the event.
- Check the user's email provider's spam folder if email alerts are missing.
- Confirm the user has not opted out at the org level.
If notifications were working and suddenly stopped, a recent change to org defaults is the most common cause. Check the audit log or ask the administrator who last edited the settings.
MFA & sign-in
- Lost MFA device: Use the recovery code saved at enrollment. If unavailable, an org admin can disable MFA so you can sign in and re-enroll.
- Code rejected: Verify the authenticator app's time is in sync. Try the code a few seconds before its rotation window.
- Signed out unexpectedly: A password change revokes all sessions. Sign in again.
- Stuck on a session expired loop: Clear cookies for the workspace domain and sign in.
Performance & stale data
- If a recent change does not appear, refresh the page — some views cache aggressively to reduce load.
- If pages load slowly, check the browser console for errors. Adblockers and corporate proxies occasionally interfere.
- For widespread slowness, check the platform status page or ask your administrator.
When to escalate
If you've worked through the relevant section and the issue persists:
- Document what you tried, including any toast messages and the exact steps to reproduce.
- Note the affected user(s), organization, and approximate time.
- Take a screenshot if a visible error is present.
- Contact your organization administrator — many issues are configuration matters that they can resolve directly.
- If the administrator confirms it is a platform issue, escalate to Castlewatch support with the documented details.