# Connect Thousands of Apps

Your employees can connect to the apps your team already uses, Gmail, Slack, Notion, HubSpot, and hundreds more, through secure OAuth.

## TL;DR

Connect any of thousands of apps once and every employee with the tool enabled can use it. No API keys to manage, no webhooks to configure. One click to connect, one click to revoke.

## How It Works

You authorize an app once at the company level. Then you enable it per employee. The employee can now take real actions: send emails, create tasks, post messages on that connected service.

| Step | What Happens |
|------|-------------|
| **1. Browse** | Go to an employee's **Tools** tab and find the app you want |
| **2. Connect** | Click "Connect" and authorize via the app's OAuth flow |
| **3. Enable** | Toggle the tool on for each employee who needs it |
| **4. Use** | The employee can now take actions on that service |

## What It Can Do

A selection of the most popular apps from the thousands of integrations available:

## How to Set It Up

First, connect the app to your company:

1. Select any employee and click the **Tools** tab
2. Scroll to the **Connections** section
3. Click **Connect** next to the app you want
4. Authorize via the app's login screen (Google, Slack, etc.)
5. Done. The connection is active for your company

Then enable it per employee:

1. Select the employee
2. Click the **Tools** tab
3. Find the app in the Connections section

| Action | What it does | How |
|--------|-------------|-----|
| **Enable / Disable** | Controls whether the employee can use this app | Toggle the switch |
| **Tool Rules** | Custom instructions that guide how the employee uses this app, e.g. "only post to #marketing" or "always CC the team lead" | Expand the tool, then write your rules in the text field |
| **Disconnect** | Revokes the OAuth connection and disables for all employees | Click disconnect in the Connections section |

## Tips & Tricks

- **Connect before you need it.** Employees will tell you when they can't take an action because a tool isn't connected, but it's smoother to connect upfront
- **Be specific about the target.** "Send this to the #marketing channel on Slack" is better than "post it on Slack"
- **Check permissions.** OAuth scopes determine what the employee can do. If an action fails, the connected account may need broader permissions
- **One connection per app.** All employees share the same OAuth connection. You don't need to connect Gmail for each employee separately

## Behind the Scene

| | |
|---|---|
| **Powered by** | Composio |
| **Auth** | OAuth 2.0, one click, no API keys |
| **Token management** | Composio handles all tokens, refresh cycles, and revocation. Nothing stored in our database |

### Integrations vs Built-in Tools

| | **Integrations** | **Built-in Tools** |
|---|---|---|
| **Examples** | Gmail, Slack, HubSpot | Web Search, Web Scraper, Image Generator |
| **Setup** | OAuth connection required | None, available immediately |
| **Scope** | Company-wide connection, per-employee toggle | Per-employee toggle only |
| **Provider** | External services via Composio | Platform-native |
| **Best for** | Acting on external systems | Research, content creation, internal tasks |

## What It Costs

| | |
|---|---|
| **Cost** | Runtime credits based on processing time |
| **Rate limits** | Each external service has its own rate limits. The employee retries automatically for temporary errors |

## Is It Safe

- **OAuth only.** No passwords or API keys are stored. Connections use industry-standard OAuth 2.0 with scoped permissions
- **Token isolation.** OAuth tokens are managed by Composio and never stored in our database. We never see your credentials
- **Revoke anytime.** Disconnect an app with one click. Access is revoked immediately for all employees
- **Scoped access.** Each app requests only the permissions it needs. You approve the scope during the OAuth flow

## Good to Know

- **One connection per company.** When you connect Gmail, it's one Google account for the whole company. Individual employees can be enabled or disabled
- **Employees ask before acting.** If approval mode is enabled, the employee will ask for your sign-off before taking actions on connected services
- **Disconnecting.** Revoking a connection immediately disables the tool for all employees. No data is deleted from the external service

## Frequently Asked Questions

**Q: Is my data safe? Who has access to my OAuth tokens?**
A: OAuth tokens are managed by Composio and never stored in our database. You can revoke access anytime from the Tools tab, and the provider's own security settings always apply.

**Q: Do all employees automatically get access when I connect an app?**
A: No. Connecting an app makes it available, but each employee must have the tool explicitly enabled on their profile.

**Q: Can I connect multiple accounts for the same app (e.g., two Gmail accounts)?**
A: Currently, one connection per app per company. If you need to send from different accounts, use the one connected account and specify the recipient in your instructions.

**Q: What happens if the OAuth token expires?**
A: Token refresh is handled automatically. If a refresh fails (e.g., password changed), the connection status will show "Disconnected" and you'll need to re-authorize.

**Q: Can the employee create new integrations or connect apps on their own?**
A: No. Only you (the employer) can authorize OAuth connections. Employees can suggest a connection if they need one. They'll ask you to connect it.