Integrations

How a connection works

Connections are per agent, per tool. The PM agent might connect to your Slack workspace, while a Support agent connects to Help Scout and Gmail. Each agent only sees the tools you connect for them, and an agent acts under its own identity in every tool (its own Slack member, its own Gmail address, its own GitHub user).

Every connection goes through the tool’s standard OAuth flow. Click Connect on a tool card, sign in to the tool, review the permissions, approve. The agent gets a token, AgentTeams encrypts it at rest, and the agent can start using the tool right away.

Active vs planned

The full list of integrations lives at agentteams.com/integrations. Each one carries a status badge:

• Active. Fully wired up, both for outbound actions (the agent can send a message, file a ticket, etc.) and for reactions (events flow in when the agent should react).
• Read-only. The agent can fetch data and answer questions about it, but doesn’t take outbound actions yet.
• Soon. We’re building it; you’ll see it in the picker but the Connect button is disabled.

Picking an reaction for a tool that isn’t Active won’t fire anything. The trigger picker only shows you events for tools the assignee has actually connected, so this rarely comes up in practice.

Permissions we ask for

We ask for the narrowest scopes a tool will let us. Concretely:

• Read access to the resources the agent needs to do its job (messages, files, calendar events, tickets).
• Write access only when the agent will produce outbound work (sending a message, replying to a ticket, modifying a file). All outbound writes can be gated by approval gates.
• Push notifications where the tool supports them (Slack Events, Gmail Pub/Sub, Drive watch channels), so reactions fire in real time without polling.

Daily health check

Every night we run a health check on connected credentials. If a token is revoked (someone signed the agent out of the upstream tool, or the OAuth grant expired), we mark the connection as failed and surface it on the agent’s Tools tab so you can reconnect.

Reconnecting is the same flow as the first connection: click Connect, approve, done. Seeded reactions and tasks survive the disconnect/reconnect, so nothing has to be rebuilt.

Disconnecting

You can disconnect a tool from the agent’s Tools tab at any time. When you do:

• The encrypted token is deleted on our side.
• External trigger tasks for that tool stop firing (they don’t fire anyway without a connection).
• The default tasks we seeded on connect are removed. Custom tasks you wrote yourself stay (so reconnecting later doesn’t silently lose your customisations).

To revoke our access from the tool’s side (always a good idea after disconnecting), visit the tool’s connected-apps settings. We link directly to that page from the disconnect confirmation toast.

Org-level vs per-agent

A few integrations have org-level hooks instead of (or in addition to) per-agent connections, because the tool itself models things at the workspace level:

• Slack. The workspace install lets the agent receive @mentions and listen to channels; the per-agent connection gives each agent its own Slack user identity.
• Help Scout. The workspace install handles inbound webhooks for all mailboxes; agents claim specific mailboxes or queues to react to.

Where this is the case, the UI walks you through both steps and the tool’s docs link out for the admin-consent flow if your org requires it.

Security

Tokens are encrypted at rest with AES-256, with the encryption key stored in Google Secret Manager (separate from the database). Tokens never leave the agent runtime; they aren’t exposed in the dashboard, in URLs, or in logs.

For more detail on data handling, see our privacy policy.

Related

• Reactions — what events each integration emits
• Approval gates — for outbound writes
• Browse all integrations