HomeDevelopersIntegrations
MCP

Integrations

Fits where AI already lives
in your company.

Drop-in connectors for the inference providers, the MLOps platforms, the ticketing systems, the SIEM, the data warehouses, and the MCP servers your teams already run. No rip-and-replace, no new workflow to learn.

Browse connectors Request a connector
Live catalog
Connectors live today
Growing each sprint
Wide surface
Connector categories
Identity, data, AI, infra, ticket, notify
OAuth
Default authentication
SAML and service account supported
Audited
Every call and token change
Append-only log
Connectors liveOAuth 2.1 · SAML 2.0HMAC-SHA256 webhooksScoped secretsSigned token changes
OktaAzure ADPingAuth0SnowflakeDatabricksBigQueryS3AnthropicOpenAIBedrockAxiomDatadogGrafanaJiraLinearServiceNowSlackTeamsPagerDutyOpsgenie

Catalog

Where your AI lives. Where your team already works.

01
Identity + SSO
Okta, Azure AD, Ping, Auth0, Google Workspace
OIDC + SAML

SAML 2.0 metadata and OIDC discovery out of the box. JIT provisioning maps IdP group claims onto KoraSafe roles. SCIM 2.0 in beta covers user CRUD, group CRUD, and deprovision. Tenant-scoped metadata never crosses tenants, and session JWTs are signed RS256 with a short access window and rotating refresh.

Protocols
SAML 2.0 · OIDC
Provisioning
JIT + SCIM beta
Session
RS256 · short access
Claims
Group to role map
OktaAzure ADPingAuth0Google Workspace
02
Data + compute
Snowflake, Databricks, BigQuery, Postgres, S3, GCS
Read-only default

Read-only by default. Write paths require an explicit scope grant from the admin console. Catalog-aware: KoraSafe reads INFORMATION_SCHEMA or UC before any fetch and honors column masks. Residency Agent enforces region rules before the network call.

Default scope
Read-only
Catalog
INFORMATION_SCHEMA / UC
Masks
Honored pre-fetch
Residency
Region gate pre-call
SnowflakeDatabricksBigQueryPostgresS3GCS
03
AI + model vendors
Anthropic, OpenAI, Google, Cohere, Mistral, Bedrock, Azure OpenAI
Per-vendor breakers

Per-provider circuit breakers, closed / half-open / open with exponential backoff. Per-tenant budgets in dollars and tokens, with exceeded requests returning RFC 7807 errors. Per-model approval gates live in the registry. Model cards track version, training cutoff, and safety evals.

Breakers
Closed / half / open
Budgets
USD + tokens
Error shape
RFC 7807
Approvals
Registry-gated
AnthropicOpenAIGoogleCohereMistralBedrockAzure OpenAI
04
Observability
Axiom, Datadog, Grafana, OpenTelemetry
OTel-native

OTel-native traces and spans flow out, span.kind=server with korasafe.* attributes on every span. Findings and policy violations flow in as structured logs and metrics. Nothing proprietary, so you can swap vendors without touching KoraSafe config.

Out
OTel traces + spans
In
Logs · metrics
Swap
Vendor-agnostic
Ingest
Low-latency
AxiomDatadogGrafanaOpenTelemetry
05
Ticketing + ITSM
Jira, Linear, ServiceNow, Asana, GitHub Issues
Bidirectional

Violations open tickets with the full request id trace, the policy version that fired, and the evidence pack id attached. Ticket state (open, in progress, resolved) syncs back into the audit log as structured events. Closing a ticket writes the resolution reason back to the registry.

Open with
Request id + policy + pack
State sync
Back into audit log
Close
Writes resolution
Direction
Bidirectional
JiraLinearServiceNowAsanaGitHub Issues
06
Notification
Slack, Teams, PagerDuty, Opsgenie, email, webhooks
HMAC-signed

Signed webhooks use HMAC-SHA256 with a short replay window. Channel routing fans out by severity (info, warn, block) and domain (PII, bias, cost, residency). PagerDuty pages only on top-tier policy breaks. Message templates live versioned in the tenant registry.

Signing
HMAC-SHA256
Replay window
Short
Routing
Severity by domain
Pager trigger
Top-tier breaks only
SlackTeamsPagerDutyOpsgenieEmailWebhooks

How connectors work

Narrow scope, full trail, clean exit

Declare scopeAdmin console
Read or write. Tenant-wide or per-system. Nothing implicit.

Admins pick a connector scope from a discrete set. Read, read/write, or write-only. Scope is bound to a tenant or to a single upstream system, and there is no wildcard tier. Scope changes require a reason string and a second approver for higher-tier connectors.

Scope modes
Read · read/write · write-only
Boundary
Tenant or per-system
Approvals
Two-person for higher tiers
Wildcards
None
Bind identityCredentials
Service account, OAuth 2.1, SAML, or mTLS. Secrets never leave the vault.

Identity binding runs through the credential vault. Secrets are stored as SHA-256 hashes with per-tenant envelope keys and rotated on a policy. OAuth 2.1 with PKCE is the default. SAML is supported for IdP-mediated connectors, and mTLS is wired in for high-trust backends.

Default
OAuth 2.1 + PKCE
Fallback
SAML · mTLS · SA
Storage
SHA-256 + envelope
Rotation
Policy-driven
Run and auditTelemetry
Every call logged with a request id, caller tier, and policy version.

Every connector call emits an append-only audit event with the request id, the caller agent id, the autonomy tier at dispatch, and the policy version that evaluated it. Traces are OTel-native, so the same request id stitches across the gateway, orchestrator, and upstream. Retention follows WORM policy.

Event shape
Append-only · signed
Fields
req_id · agent · tier · policy
Trace
OTel end-to-end
Retention
WORM

Custom

Need a new connector?

Enterprise tenants can commission connectors. Most ship in a few weeks.

Scope
What we build on request
  • Identity federation and provisioning
  • Data stores, lakes, warehouses
  • Model gateways and inference endpoints
  • Observability and incident systems
  • Ticketing, comms, paging
How it ships
Commercial terms
  • Scoped statement of work with your security team
  • Built by the platform team or a partner
  • Published in your tenant catalog
  • Maintained under your enterprise plan
  • Open sourced by request where upstream licenses permit