Integrations & connectors

Connect every system — under one governed runtime.

Salesforce, ServiceNow, Microsoft 365, Snowflake, Slack, Workday, SAP, Jira, Zendesk, Google Workspace — or any REST API via OpenAPI. Every connector call passes the same governance gates, with secrets held in a vault agents never see.

Governed access · secrets vault · OpenAPI import · MCP firewall

MCP Gateway
tool reqtool reqtool reqfirewallallowlistDLP in/outrate limitrisk scoreallowdeny
mcp ▸ managed registry · kill switch armed
Not just plumbing

A connector in Cortex is a governed capability, not a raw API key.

Most platforms hand an agent a credential and hope. Cortex turns every system of record into a scoped, audited capability: the agent gets an action, never the secret — and every call is gated, logged, and reversible.

CRM & service
SalesforceCRMgoverned
ServiceNowITSMgoverned
ZendeskSupportgoverned
JiraIssuesgoverned
Productivity & comms
Microsoft 365Email · filesgoverned
Google WorkspaceEmail · filesgoverned
SlackMessaginggoverned
Data & warehouse
SnowflakeWarehousegoverned
SAPERPgoverned
WorkdayHCMgoverned

Every connector call routes through the same governance gates — no exceptions.

Bring your own API

Any REST API becomes a governed connector.

If it has an OpenAPI spec, it is one import away from being a first-class, policy-wrapped capability — no SDK, no glue code.

OpenAPI importany REST API
POST /openapi.jsonparse operationsmap to Action Fabricscope + DLPgoverned connector

Point Cortex at an OpenAPI/Swagger spec and every operation becomes a typed Action Fabric action — scoped to an agent identity, wrapped in DLP and approval policy, and logged to the Trust Ledger. No bespoke connector code.

Secrets vault + governed access

Agents get actions. They never get the secret.

Connector credentials, tokens, and keys live in an encrypted secrets vault scoped per tenant and connection. Agents invoke actions by reference — the runtime injects the secret at the network edge, after the call has already cleared every gate.

  • Per-tenant, per-connection vault — credentials never reach the model or the prompt
  • Identity gate denies unknown or expired agents (403)
  • Budget cap blocks the call when spend hits the ceiling (402)
  • DLP guardrails strip PII inbound and outbound; risky payloads are held (451)
  • Every request and verdict lands in the tamper-evident Trust Ledger
Secrets vaultencrypted
salesforce.oauthtenant 7cf07f61 · read:Accountinjected at edge
snowflake.pattenant 7cf07f61 · query:warehouseinjected at edge
servicenow.basicagent expired403

vault ▸ value never returned to agent context

How a governed call flows

From agent intent to system of record — through the gates.

No connector gets a shortcut. The path from an agent's request to Salesforce or Snowflake runs the same governance pipeline as everything else in Cortex.

  1. 01

    Agent requests an action

    The agent calls a connector action by name (e.g. create:Case) — by reference, with no credential in scope.

  2. 02

    Gates decide

    Identity, budget, guardrails, registry, and Control-Tower gates pass or fail-closed. Deny is the default; 402/403/409/451 are returned with reasons.

  3. 03

    Vault injects, system responds, ledger records

    Only after passing, the vault injects the secret at the edge, the system of record executes, and a signed receipt is hash-chained into the Trust Ledger.

MCP Gateway
tool reqtool reqtool reqfirewallallowlistDLP in/outrate limitrisk scoreallowdeny
mcp ▸ managed registry · kill switch armed
Tools & MCP servers

Connecting MCP tools? They go through the same firewall.

External MCP servers and tool endpoints are not integrations you trust by default — they are requests you screen. The MCP Gateway runs every tool call through an allowlist, DLP in and out, rate limits, and a risk score, with a kill switch armed at all times.

  • Per-agent and per-tenant tool allowlists
  • DLP inbound and outbound on every payload
  • Rate limits + risk scoring before execution
  • One armed kill switch over the whole tool surface
Security & compliance

Integrations that pass the security review.

Vaulted secrets, scoped agent identities, DLP, fail-closed gates, and a tamper-evident audit trail on every connector call — mapped to the frameworks your auditors already use.

SOC 2ISO 27001ISO 42001HIPAAGDPREU AI ActNIST AI RMFFINRA

Connect your stack. Keep control.

Wire Cortex into the systems your business already runs on — and put every call under air-traffic control from day one.