Support
Common issues and how to resolve them. If your issue is not listed here, contact support@turbofinops.com or check the FAQ.
Fastest support path
Include the affected scope, connection name, scan job ID, and exact error message.
Verify the key values have no leading or trailing whitespace. For AWS, confirm the IAM user has programmatic access. For Azure, ensure the client secret has not expired. For GCP, paste the full JSON key file contents.
The App Registration must have the Reader role assigned at subscription level, not only resource group level. Azure role assignments can take 2-5 minutes to propagate.
Confirm the service account has Viewer on the correct project and that required APIs are enabled, including Compute Engine, Cloud Resource Manager and Container APIs.
Check that at least one scope is active, the external ID is correct, and credentials include the relevant describe/list permissions for the expected resource types.
This can happen during provider rate limits, transient network errors or large scans. Re-run the scan from Dashboard > Scans. If recurring, send support the scan job ID.
That can be valid if resources pass the enabled rules. Review Resources for inventory data and check domain dashboards for score context.
Scores are 100 minus weighted penalties for open findings. Newly connected environments often start lower until findings are resolved, suppressed or rescanned.
After fixing the cloud resource, run a fresh scan. The rule evaluator closes the finding when the underlying condition no longer exists.
Suppress the finding with a reason. Suppressed findings do not count against domain scores and remain traceable for audit review.
Actions in manual approval mode need an Admin or designated approver. Confirm notification settings and approve from Dashboard > Actions.
The conflict guard blocked execution because of IaC ownership, freeze windows or policy protection. Review the conflict reason before overriding.
Confirm the policy is active, the timezone is correct, the selected resources are current, and credentials include provider start/stop permissions: AWS EC2 StartInstances/StopInstances, Azure VM start/deallocate, or GCP compute.instances.start/stop. Basic scheduling uses cloud APIs and does not require a TurboFinOps agent on the VM.
Verify the Jira connection is saved and tested, the project key exists, and the API token has Create Issue permissions.
Verify the webhook URL in Dashboard > Integrations > Notifications, test the channel, and confirm the webhook was not revoked in Slack.
BYOAI requires a valid provider key. AI Explain, Plan and Summary are available from Professional; AI usage metering is Enterprise-only.
Check the user role in Settings > Users. Some features are also plan-gated, so compare the plan with Billing and the public pricing page.
Log out and back in to refresh session entitlement context. If Billing shows the upgrade but features remain locked, contact support.
Scan jobs are plan-gated monthly: Free includes 30 scan jobs, Professional includes 90, and Enterprise is unlimited.
Still need help?
Email support@turbofinops.com with a description of the issue, your plan, the affected scope or connection name, and any error messages or scan job IDs you can share. For security issues, use security@turbofinops.com.
TurboFinOps
Connect AWS, Azure, or GCP and get actionable findings, score trends, and auditable remediation paths in minutes.
