Skip to main content

Configure Shared and Private Connections

Connections give Siesta AI access to external systems. Admins manage them in Connections, where each integration can expose functions, scopes, and access settings for agents, workflows, skills, and prompts.

Add and Review a Connection

  1. Open Connections.
  2. Use search to check whether the integration already exists.
  3. Click Add Integration.
  4. Choose the provider, such as Gmail, Google Calendar, Google Drive, Slack App, Jira, HubSpot, SharePoint, Azure Storage, Google Search, OpenAI, or REST API.
  5. Complete OAuth authorization or enter the required API key, token, endpoint, tenant, client ID, client secret, or connection string.
  6. Name the connection so ownership is clear.
  7. Open the connection detail and review scopes, available functions, and whether write actions require confirmation.

Shared Connections

Use shared connections when a team should work through the same account or service identity. This is common for CRM, support, analytics, project management, or internal API access.

Shared connections should have a named owner and a clear purpose. Use service accounts where possible, and avoid connecting a personal account for a business-critical shared workflow.

Typical shared connections:

  • HubSpot for CRM records used by a sales operations team.
  • Jira for ticket creation and assignment.
  • Slack App for team notifications.
  • Google Search, Firecrawl, or REST API for approved research or internal API access.
  • Azure Storage or SharePoint for team data sources.

Set Up Shared Google Drive Safely

  1. Decide whether the connection should use a service account or a shared business account.
  2. Limit access to the folders the agent or workflow actually needs.
  3. Name the connection with owner and purpose, such as Google Drive - Support FAQ - read only.
  4. Test a small read-only request with the target agent before enabling broader use.
  5. Decide whether file creation, edits, or deletes require confirmation.
  6. Document the business owner who should review failures or permission requests.

Private Connections

Use private connections when actions must happen in the user context. Email, personal calendar, personal Drive files, and similar OAuth-based tools often work best as private connections.

Private access makes it clearer who authorized the action and usually respects the permissions already defined in the external service.

Typical private connections:

  • Gmail when an agent drafts or sends from a user's mailbox.
  • Google Calendar or Microsoft Outlook when actions should use a user's calendar.
  • Google Drive when the agent should only access files the user can already access.

Credential Practices

  • Store only credentials that are needed for the tool.
  • Prefer scoped tokens and service accounts over broad admin credentials.
  • Rotate API keys when owners change.
  • Re-authorize OAuth connections when access expires or policies change.
  • Check write-capable tools before sharing them broadly.

Approval and Audit Checks

For connections that send messages, create tickets, edit campaigns, update CRM records, or write to files, configure confirmation where available and review Tool Executions after testing. The execution detail shows arguments, result, approval requirement, and approval status.

Approval should be reviewed at the function level, not only at the connection level. A single connection can expose both low-risk read functions and high-risk write functions. For example, a Drive-style connection may safely list or read files without approval, while update, replace, delete, move, or share functions should require approval when they can affect important documents.

Use this pattern before sharing a connection with users:

  • Leave read-only functions direct when the data exposure is acceptable for the agent's audience.
  • Require approval for functions that send, publish, delete, overwrite, create financial records, update customer data, change permissions, or trigger external processes.
  • Test at least one read function and one approval-protected write function before adding the connection to a production agent or workflow.
  • Document which admin or business owner should approve sensitive functions.