## Connectors

Connectors are the integration layer between your AI agents and the external SaaS tools your workforce uses every day. Each connector represents a link to a third-party service — such as Slack, Jira, GitHub, Google Calendar, or Salesforce — and exposes a set of tools that AI agents can invoke on behalf of your users.

By enabling connectors, you give AI agents the ability to read, write, and interact with your organization's business applications. Combined with [policies](/agen-for-work/policies/overview), connectors form the foundation of Agen for Work's governed AI access model: connectors define **what** tools are available, while policies define **who** can use them and **under what conditions**.

To access the Connectors page, click the **Connectors** icon in the left sidebar.

![Connectors page](/assets/agen-for-work-connectors-1.0b16f7715d1f241c67f29acb7ea90c61f3b6e672e5e5ba48d4497d50bc5513a7.1d3e9401.png)

br
The Connectors page is organized into two tabs: **My connectors** and **Marketplace**.

### My connectors

The **My connectors** tab displays all connectors that have been added to your organization. This is your primary view for managing active integrations. The table includes the following columns:

| Column | Description |
|  --- | --- |
| **Status** | A toggle switch that enables or disables the connector. When disabled, AI agents cannot use any tools from this connector, regardless of policy configuration. |
| **Connector** | The name and icon of the connected service (e.g., GitHub, Google Calendar, Slack) |
| **Category** | The functional category the connector belongs to (e.g., Development, Productivity, Storage, CRM, Project Management, Communication) |
| **Tools** | A preview of the tools exposed by this connector and a count of additional tools (e.g., `github_users_ge...` `+21`) |
| **Created At** | The date the connector was added and the relative time since creation |


You can sort the table by clicking on the **Connector** or **Created At** column headers. Use the **Search connectors** field to filter by name, and the **Category** dropdown to narrow the list to a specific category.

#### Enabling and disabling connectors

Each connector has a status toggle in the leftmost column. Toggling a connector **off** immediately prevents AI agents from invoking any of its tools. This is useful for:

- **Temporary maintenance** - Disable a connector while the underlying service undergoes maintenance or migration, without removing your configuration
- **Incident response** - Quickly cut off AI agent access to a specific service if suspicious activity is detected
- **Staged rollouts** - Add and configure a connector in advance, then enable it when your team is ready


Toggling a connector back **on** restores access according to your existing policies. No reconfiguration is needed.

#### Connector actions menu

Click the three-dot menu icon on the right side of any connector row to access additional actions such as editing the connector configuration or removing the connector entirely.

Removing a connector deletes its configuration and revokes all AI agent access to that service. Any policies that reference the removed connector will no longer have a valid target. Review your policies before removing a connector to avoid unintended access gaps.

### Marketplace

The **Marketplace** tab is where you discover and add new connectors to your organization. It displays the full catalog of available integrations, organized by category.

![Connector marketplace](/assets/agen-for-work-connectors-2.1c4c65366990572de3e1bcc1c613817e3a7c6649d65f33c6e4050af362ef913d.1d3e9401.png)

br
#### Browsing the marketplace

The marketplace provides two ways to find connectors:

- **Search** - Use the search field to find a connector by name
- **Category filter** - Use the **Category** dropdown to filter by functional area


Each connector card in the marketplace displays:

- **Connector name and icon** - The service name and its brand icon
- **Description** - A summary of the tools available (e.g., "List Resources, Get Resource, Create Resource and 3 more tools")
- **Tool tags** - Preview tags showing specific tool names exposed by the connector (e.g., `run:reports`, `batchRun:reports`)
- **Additional tool count** - A badge indicating how many more tools are available beyond those shown in the preview (e.g., `+7`)


#### Available categories

Connectors are grouped into the following categories:

| Category | Description | Examples |
|  --- | --- | --- |
| **Analytics** | Business intelligence and data analytics platforms | Adobe Analytics, Google Analytics, Google Tag Manager, Looker, Optimizely, Power BI, Segment, Tableau, VWO |
| **Automation** | Workflow automation and orchestration tools | Make, Microsoft Power Automate, n8n |
| **Communication** | Messaging and team communication platforms | Slack |
| **CRM** | Customer relationship management systems | HubSpot, Salesforce |
| **Development** | Software development and version control tools | GitHub |
| **Productivity** | Calendars, email, and workplace productivity tools | Google Calendar |
| **Project Management** | Task tracking and project planning tools | Jira |
| **Storage** | File storage and document management platforms | Google Drive |


The connector marketplace is continuously expanding. New connectors are added regularly to support additional SaaS tools and categories. If you need a connector that is not currently available, contact Frontegg support.

### Adding a connector

To add a new connector, click **Add connector** on the **My connectors** tab or select a connector card from the **Marketplace** tab. A side panel opens with the **Select connector** view.

![Select connector](/assets/agen-for-work-connectors-3.c18bbeb233db1507fc3134b6b7107f4811ce4d7a5f14ff3ba12e6a6256bf0c67.1d3e9401.png)

br
Use the search field or category filter to locate the connector you want, then click on it to proceed to the configuration step.

#### Connector credentials

After selecting a connector, the configuration panel presents two authentication options:

![Connector credentials with Frontegg option](/assets/agen-for-work-connectors-4.3bfe6a03fca8e7ddafabcd7d69cb089371e6129ca46235c157700f76fee8e2cc.1d3e9401.png)

br
**Frontegg credentials**

This is the default and recommended option. Frontegg manages the OAuth credentials on your behalf, which means:

- No manual credential setup is required
- OAuth tokens are securely stored and rotated by Frontegg
- Users authenticate through a Frontegg-managed consent flow when they first interact with the connector


Select this option when you want a fast, zero-configuration setup and are comfortable with Frontegg handling the OAuth integration with the third-party service.

**Bring your own**

This option allows you to provide your own OAuth application credentials. When selected, three additional fields appear:

![Bring your own credentials](/assets/agen-for-work-connectors-5.b4b30d91b459aa88eeeac31a99355e488b6f21003ecd1b97b04963ea628e5a84.1d3e9401.png)

br
| Field | Required | Description |
|  --- | --- | --- |
| **Client ID** | Yes | The OAuth client ID from your service provider's developer console or admin portal |
| **Client Secret** | Yes | The OAuth client secret associated with your client ID |
| **Base URL** | No | The base API URL for your service instance. Use this when connecting to a custom or self-hosted instance rather than the service's default API endpoint (e.g., `https://your-instance.salesforce.com`) |


Select this option when:

- Your organization's security policy requires using internally managed OAuth credentials
- You need to connect to a custom or self-hosted instance of the service
- You want to control the OAuth scopes and permissions at the application level
- You have an existing OAuth application registered with the service provider


Credential security
Both credential options use industry-standard OAuth 2.0 protocols. Credentials are encrypted at rest and in transit. When using **Bring your own** credentials, ensure your Client Secret is kept confidential and rotated according to your organization's security policies.

#### Configuring tools

Below the credentials section, the configuration panel displays a **Tools** section with a master toggle and a list of all tools the connector exposes. Each tool includes:

- **Tool name** - The API-level identifier for the tool (e.g., `Query Records`, `Search Records`, `Get SObject Record`)
- **Description** - A brief explanation of what the tool does (e.g., "Executes a SOQL query to retrieve records", "Retrieves a single record by ID")
- **Individual toggle** - A switch to enable or disable the specific tool


The **master toggle** at the top of the Tools section enables or disables all tools at once. When the master toggle is on, you can selectively disable individual tools that you do not want AI agents to access.

This granular control is important for maintaining the principle of least privilege. For example, you might enable read-only tools (such as querying and searching records) while keeping write tools (such as creating or deleting records) disabled until you have appropriate approval policies in place.

#### Completing the setup

After configuring credentials and selecting your desired tools, click **Add** to finalize the connector. The connector immediately appears in your **My connectors** list. If you selected **Frontegg credentials**, users will be prompted to authorize the connector through an OAuth consent flow the first time their AI agent interacts with the connected service.

Click **Back** to return to the connector selection step without saving, or close the panel to cancel the process.

### Managing existing connectors

Once a connector is added, you can modify its configuration at any time by clicking the three-dot menu on its row in the **My connectors** table. This allows you to:

- **Edit credentials** - Switch between Frontegg credentials and Bring your own, or update your Client ID, Client Secret, and Base URL
- **Modify tools** - Enable or disable individual tools as your requirements change
- **Remove the connector** - Delete the connector and revoke all associated AI agent access


Changes to tool availability take effect immediately. If you disable a tool that is actively being used by AI agents, any in-progress actions using that tool will be blocked.

### How connectors work with policies

Connectors and policies work together to form the access control model in Agen for Work:

1. **Connectors define the tool surface** - By adding a connector and enabling specific tools, you determine which actions are technically available to AI agents
2. **Policies govern access** - Policies then determine which users or groups can use those tools, and what enforcement action applies (Allow, Deny, Step up, or Request approval)
3. **Both layers must permit access** - For an AI agent to successfully invoke a tool, the connector must be enabled, the specific tool must be toggled on, and a policy must explicitly allow the user to use that tool


This two-layer model ensures that accidentally enabling a connector does not automatically grant unrestricted access. Without a corresponding policy, the tools remain inaccessible to users.

Default behavior
When a connector is added but no policies reference it, the tools within that connector are not accessible to any users. You must create at least one policy targeting the connector to grant access.

### Best practices

- **Start with read-only tools** - When adding a new connector, consider enabling only read-only tools first. Once you have validated the integration and created appropriate policies, gradually enable write and delete tools.
- **Use Frontegg credentials for speed** - Unless your security team requires custom OAuth credentials, the Frontegg-managed option significantly reduces setup time and maintenance overhead.
- **Review tools before enabling** - Each connector may expose dozens of tools. Review the full list and enable only those tools that align with your team's workflows. This reduces the attack surface and simplifies policy management.
- **Pair connectors with policies immediately** - After adding a connector, create at least one policy to govern access. This prevents a gap between tool availability and access control.
- **Audit connector usage regularly** - Use the [Dashboard](/agen-for-work/overview/dashboard) to monitor which connectors and tools are actively used. Disable unused connectors to reduce your integration surface.


### Next steps

- [Policies](/agen-for-work/policies/overview) - Create access control rules for your connectors and tools
- [Getting started](/agen-for-work/getting-started/quickstart) - Return to the setup guide for a walkthrough of the complete onboarding flow
- [Dashboard](/agen-for-work/overview/dashboard) - Monitor connector usage and AI agent activity