# All Connections All Connections is the Admin home for every Connection your company has set up. A Connection is the per-user, OAuth-authorized link to one downstream app that Agents access through Cakewalk's [MCP Gateway](/docs/ai-agent-access/concepts/the-mcp-gateway.md). The table shows the full inventory; each row drills into a detail page with four tabs. *** ### 📖 Key concepts * **Connection**: The OAuth-authorized link from a User to one downstream app, mediated by the MCP Gateway. * **Connected Users**: Employees who hold a credential against this Connection. * **Denial rate**: Share of tool calls evaluated against this Connection that ended in Denied. Computed at the Connection level because [Policies](/docs/ai-agent-access/how-to-guides/policies.md) evaluate Action type, User and Connection together; the Connection is the policy anchor. * **Tools**: The MCP tools discovered for this Connection. They surface only after the first User connects. * **Action type**: The classification a Policy evaluates against (Read, Write, Destructive, External), derived from MCP tool annotations or AI inference for unannotated tools. :bulb: *Why this matters*: The Connections table is the primary lens on whether the MCP Gateway has coverage where it matters and where credentials are healthy. The detail tabs are where you investigate. *** ### 📊 The Connections table * **Navigation**: Connections. * **What you see**: one row per Connection. * **Connection name + icon**: from the catalog template. * **Connected users**: count of employees with a credential. * **Agents**: count and icon stack of Agents that have touched this Connection. * **Sessions (30d)**: Agent session count. * **Denial rate**: percentage of evaluated tool calls that ended in Denied. * **Last active**: most recent session timestamp. * **Actions**: * **Remove Connection from governance**: stops monitoring and governing it. All active sessions end immediately and users lose Agent access to the Connection. The OAuth grant at the app itself is not revoked. *** ### 🛠 Connection detail **Navigation**: Connections → click any row. The detail page opens on the Overview tab and has four tabs: Overview, Users, Sessions and Tools. #### Overview * **What you see**: * **Header**: Connection name, icon and status badge (Active / Error / Paused / Not Connected). * **Connection metadata**: tagline, certifications, server locations and other template attributes that double as Policy conditions. * **Connection health**: count of Users by Connection status. * **Activity summary**: sessions (30d), connected users, total tool calls, denial rate. * **Top agents**: the Agents accessing this Connection. * **Actions**: * **Edit Connection metadata**: adjust catalog fields used as Policy inputs. * **Remove Connection from governance**. * **Why it matters**: confirm the Connection is healthy and see the Agent landscape touching it before you drill in. #### Users * **What you see**: standard User columns plus Connection status (Active / Error / Paused / Not Connected), Sessions (30d) and Last active. * **Actions**: * **Add user**: create a User-Connection association manually. Relevant when HRIS/IdP sync is off; when sync is on, the sync is authoritative. * **Revoke connection**: remove the credential from the vault. The employee keeps their underlying app access and must reconnect to resume Agent use. * **Remove user**: delete the User-Connection association in Cakewalk. House-cleaning, not a credential operation. * **Why it matters**: Revoke and Remove look similar but differ. Revoke pulls the credential; Remove cleans up the record. #### Sessions * **What you see**: every Agent session where this Connection was the target. * **Level 1**: session name (assigned by the MCP Gateway), User, Agent, tool call count, status, denial indicator, timestamp. * **Level 2** (expand a session): tool call rows with tool name, Action type, outcome (Approved / Denied / Canceled) and what the outcome was based on (Policy, Manual Review, Timed out or fallback). * **Side panel** (click a tool call): request payload, response payload and every Policy that fired. * **Why it matters**: reconstruct what an Agent did against this Connection and which Policy governed each step. #### Tools * **What you see**: the MCP tools discovered for this Connection, classified by Action type. Tools are discovered the first time a User connects, not pre-loaded. * Each tool row shows **Tool name**, **Tool description** and an **Action type badge** (Read / Write / Destructive / External). * **Empty state**: "No tools discovered yet. Tools appear once a user connects to this Connection for the first time." * **Why it matters**: the inventory of what each Connection exposes through the MCP Gateway. *** ### 📋 All Connections at a glance | Surface | Where | What you see / can do | Why it matters | | --------------------- | --------------------- | ---------------------------------------------------------------------------------- | ------------------------------------------- | | **Connections table** | Connections | Inventory: connected users, Agents, sessions, denial rate. Remove from governance. | Coverage and credential health at a glance. | | **Overview** | Connection → Overview | Header, Connection metadata, health, activity, top Agents. Edit metadata. | Confirm health before you drill in. | | **Users** | Connection → Users | Per-User status and activity. Add user, revoke connection, remove user. | Manage credentials for one Connection. | | **Sessions** | Connection → Sessions | Sessions drillable to tool calls, outcomes and the Policies that fired. | Reconstruct what Agents did here. | | **Tools** | Connection → Tools | Discovered MCP tools with Action type badges. | What this Connection exposes. | *** ### 🔗 Related pages * [Connection and Agent Statuses](/docs/ai-agent-access/concepts/connection-and-agent-statuses.md) * [Policies](/docs/ai-agent-access/how-to-guides/policies.md) * [Audit Log](/docs/ai-agent-access/concepts/audit-log.md) * [Agent Activity](/docs/ai-agent-access/how-to-guides/agents/agent-activity.md) * [The MCP Gateway](/docs/ai-agent-access/concepts/the-mcp-gateway.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.cakewalk.security/docs/ai-agent-access/how-to-guides/connections/all-connections.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.