Permissions & Integrations

Connect agenté to the tools you already use.

How permissions work

agenté uses OAuth for all third-party integrations. You grant specific, scoped permissions — never blanket access. You can revoke any permission at any time from the Command Portal.

We follow the principle of least privilege: each seat only requests the permissions it needs for its domain.

Email & Calendar access

Required for: COO email monitoring, draft replies, calendar management

OAuth scopes:

  • Read email — Monitor inbox for important messages
  • Draft email — Create draft replies (never sends without approval)
  • Read calendar — View events and availability
  • Manage calendar — Create and update events

Supported providers: Microsoft 365, Google Workspace

We never send emails on your behalf. The "Draft email" permission creates drafts in your inbox. You review and send. Period.

Document access

Required for: Document generation, file uploads, branded output

OAuth scopes:

  • Read files — Access documents you share for analysis
  • Write files — Save generated documents to your cloud storage

Supported providers: OneDrive, Google Drive

Financial systems

Required for: CFO financial analysis, P&L reviews, budget tracking

Available integrations:

  • QuickBooks — Read financial data for analysis
  • Stripe — Read revenue and payment data
  • Plaid — Read bank account data for cash flow analysis
Read-only by default. Financial integrations are read-only. The CFO analyzes your data but cannot move money, create invoices, or modify records.

Managing permissions

  • View granted permissions — Command Portal → Settings → Integrations
  • Revoke access — Click "Disconnect" next to any integration. Immediate effect.
  • Re-authorize — If a token expires, you'll be prompted to re-authenticate.
  • Audit log — Every permission change is logged with timestamp and user.
← Channels Security →