Skip to main content

What this is for

Settings → Integrations is the catalog of third-party connections for your organization. Each integration is a card on a searchable hub; clicking View integration opens a two-step dialog — Overview (what the connector does) and Connect (credentials and Test & Connect). Available today:
  • GitHub — AI-dependency discovery for Discovery.
  • Azure AI Foundry and Amazon Bedrock — cloud agent inventory for Agents and Topology.
  • Microsoft Entra ID — identity hydration and expanded ASI03 findings on agents (no separate agent list).
Integrations are platform-scoped — configure once per organization, not per gateway.

The integrations hub

Search and filters

ElementNotes
Search integrations…Filters cards by name, tagline, category, or slug.
AllShows every integration (default).
Source controlGitHub, GitLab (soon).
Identity & accessMicrosoft Entra ID, Okta (soon).
Collaboration & workSlack, Jira (soon).
Cloud AI platformsAzure AI Foundry, Amazon Bedrock.

Card states

BadgeMeaning
ConnectedIntegration is active (GitHub PAT, Foundry SP, Bedrock IAM key, or Entra Active).
ConnectAvailable but not yet configured (e.g. Amazon Bedrock).
SoonOn the roadmap (Okta, Slack, Jira, GitLab).
Each card shows the integration name, one-line tagline, and View integration.
Integrations catalog with category filters

Integration dialog

Every View integration opens the same dialog shell:
ElementNotes
Step pillsOVERVIEW then CONNECT. Use Next and Cancel in the footer.
OverviewTagline, feature checklist, capability cards, Works with badges, Category chip, Free label.
ConnectIntegration-specific fields and Test & Connect (or Test Microsoft Graph access for Entra). Connected integrations show Resync and Disconnect where applicable.
Deep links: opening ?open=<slug> on the integrations route selects the card automatically (azure-foundry, aws-bedrock, entra-id, github).
Azure AI Foundry integration dialog on Overview step

GitHub

FieldRequiredNotes
Personal Access TokenYesClassic PAT with repo and read:org. Password field, placeholder ghp_....

Connection state

ElementNotes
Status badgeConnected or Disconnected.
MetadataUsername and connected_at.
Test & ConnectValidates the PAT; toast Invalid token on failure.
DisconnectRevokes the token.

Limits

  • One GitHub PAT per organization.
  • Used for Discovery only — no per-repo routing.

How to configure (GitHub)

1

Open the GitHub card

Settings → IntegrationsGitHubView integrationNext to Connect.
2

Create a PAT

On github.com/settings/tokens, create a classic token with repo and read:org.
3

Test & Connect

Paste the PAT and click Test & Connect. The hub card shows Connected.
4

Verify in Discovery

Open Discovery → Repositories.
Disconnecting stops discovery scans. Reconnecting requires a new PAT.

Azure AI Foundry

FieldRequiredNotes
Tenant IDYesEntra tenant GUID.
Subscription IDYesSubscription with AI Foundry resources.
Client (App) IDYesService Principal application id.
Client SecretYesSecret Value (not Secret ID). Encrypted at rest.
Read-only Service Principal — lists agents, tools, MCP servers, and models.

Connection state

ElementNotes
Status badgeConnected or Disconnected.
MetadataSubscription label and connection date.
Test & ConnectAuthenticates before save.
ResyncImmediate discovery refresh for Agents.
DisconnectRemoves credentials and discovered inventory for that subscription.

Limits

  • One Azure subscription per organization in v1.
  • Data-plane role required at AI Services account scope (see permissions below).

How to configure (Azure AI Foundry)

Azure AI Foundry Connect step
1

Register a Service Principal

App registrationsNew registration (single tenant, no redirect URI). Copy Application (client) ID.
2

Create a client secret

Certificates & secrets → copy the secret Value immediately.
3

Grant subscription Reader

SubscriptionsIAMReader (or Azure AI Developer) for the SP.
4

Grant account-scoped data-plane access

On each AI Services account → IAMAzure AI User or Azure AI Developer for the SP. Subscription-level alone returns 401 on agent APIs.
5

Connect in Guardway

View integrationConnect → paste four fields → Test & Connect.
6

Verify agents

Open Agents or Dashboard → Agents. Use Resync after adding projects.

Required Azure permissions

CapabilityPlaneRoleScope
List subscription / resource groupsManagementReaderSubscription
List AI Services accountsManagementReader or Azure AI DeveloperSubscription
Read agents, tools, MCPDataAzure AI User or Azure AI DeveloperAI Services account

Microsoft Entra ID

FieldRequiredNotes
(none)Reuses the Service Principal from Azure AI Foundry. Grant Microsoft Graph application permissions on the same app registration.

Connection state

ElementNotes
Status badgeActive, Pending consent, Disconnected, or Error.
Service Principal bannerShown when Foundry is not connected; Connect Azure AI Foundry button.
Test Microsoft Graph accessReports Granted vs Still need admin consent; flips to Active when required scopes are present.
Last identity syncShown when Active and at least one sync completed.

Required Microsoft Graph permissions

ScopeRequiredUnlocks
Application.Read.AllYesCredential lifecycle rules.
Directory.Read.AllYesPrincipals, owners, grants, directory roles.
AuditLog.Read.AllNoasi03.dormant_principal (needs AAD Premium P1/P2).

Limits

  • One tenant (same as Foundry SP).
  • Identity sync chains after Foundry Resync — no separate Entra Resync button yet.

How to configure (Microsoft Entra ID)

Microsoft Entra ID Connect step
1

Connect Azure AI Foundry first

Entra reuses that Service Principal.
2

Grant Graph admin consent

App registrations → your SP → API permissions → add the three Graph application permissions → Grant admin consent.
3

Test Microsoft Graph access

On the Entra Connect step, click Test Microsoft Graph access until both required scopes show Granted and status is Active.
4

Resync Foundry

Azure AI FoundryResync chains identity sync. Open an agent detail page to see Identities.

Amazon Bedrock

FieldRequiredNotes
Access Key IDYesIAM access key (AKIA…).
Secret Access KeyYesMatching secret (password field).
RegionYesBedrock region (e.g. us-east-1). One region per integration.
Read-only — lists Bedrock Agents, action groups, knowledge bases, models, and referenced guardrails.

Connection state

ElementNotes
Status badgeConnected or Disconnected.
MetadataAccount label (e.g. AWS account 123456789012 / us-east-1) and connection date.
Test & ConnectValidates via STS before save.
ResyncImmediate refresh for Agents.
DisconnectRemoves credentials and Bedrock inventory for that account and region.

Limits

  • One AWS account + region per organization in v1.
  • No MCP servers on Bedrock agents (MCP column stays empty).
  • Guardrails referenced by agents appear as metadata only.

Required AWS IAM permissions

CapabilityAction(s)
Verify credentialssts:GetCallerIdentity
List/read agents and action groupsbedrock:ListAgents, bedrock:GetAgent, bedrock:ListAgentActionGroups, bedrock:GetAgentActionGroup
Knowledge basesbedrock:ListAgentKnowledgeBases, bedrock:ListKnowledgeBases
Guardrailsbedrock:ListGuardrails
AWS managed AmazonBedrockReadOnly plus sts:GetCallerIdentity (or ReadOnlyAccess).

How to configure (Amazon Bedrock)

Amazon Bedrock Connect step
1

Create an IAM user

Programmatic access only (e.g. guardway-cloud-agent-discovery).
2

Attach policies

AmazonBedrockReadOnly and inline sts:GetCallerIdentity on *.
3

Create access key

Copy Access key ID and Secret access key (secret shown once).
4

Connect in Guardway

View integrationConnect → paste three fields → Test & Connect.
5

Verify agents

Open Agents. Use Resync after adding agents in AWS.

Coming soon

Hub cards marked Soon: Okta, Slack, Jira, GitLab. Email support@guardway.ai to prioritize one.