The Connectors page lets you authorize your personal third-party accounts with Optimizely Opal. Opal Administrators control which connectors and remote Model Context Protocols (MCPs) are available to the organization. Individual users then authenticate their personal accounts to let Opal act on their behalf using their specific permissions, data access, and identity.
For Opal administrators
Opal Administrators manage connector and remote MCP availability for the entire organization. There are the following levels of configuration:
- OCP connector tools – Apps installed to Opal through the Optimizely Connect Platform (OCP) App Directory. See Add OCP connector tools.
- Remote MCPs – External servers that communicate with Opal through MCP. See Add a remote MCP.
After an Opal Administrator enables them, both types display as tiles on the Connectors tab. Users can then connect to authenticate with the third-party provider.
Admin visibility into user connections
Opal Administrators cannot currently view which users in their organization have authenticated a connector. Individual connections are private to each user.
Add OCP connector tools
Some connector tools require installation OCP before users can authenticate with them. This is a one-time configuration per connector.
Once installed, the connector tile appears on the Connectors tab for users to authenticate with their personal accounts.
See the following documentation for connector tools that support user-level authentication:
- Adobe Analytics connector tools
- Google Ads connector tools
- Microsoft Graph connector tools (Depending on configuration)
- Salesforce CRM connector tools
- WordPress connector tools
To remove a connector tool, see Delete a tool registry. Removing a connector tool disables it for the entire organization. Users who have already authenticated with the tool lose access immediately, and the connector tile no longer appears on the Connectors tab.
Add a remote MCP
Remote MCPs extend Opal's capabilities by connecting to external MCP servers that Optimizely has approved. Once you add a remote MCP, a tile becomes available on the Connectors tab for users in the organization to authenticate.
See the following documentation for connector tools available through MCP that provide user-level authentication:
For Opal users
Use the Connectors tab to link your personal third-party accounts to Opal. This ensures that Opal acts on your behalf by using your identity and permissions when calling connector tools, rather than a shared organizational account.
Prerequisites
Before connecting to a third-party tool, you must
- Have an active account with the third-party service.
- Have an Opal Administrator enable the connector in OCP or added the remote MCP for your organization.
- Allow pop-up windows in your browser.
Benefits of personal authentication
Authenticating your personal accounts provides the following advantages:
- Personal data access – Lets Opal retrieve information from your specific calendar, files, or projects.
- Action attribution – Performs actions in other systems on your behalf.
- Granular security – Opal never shares your personal information with other users in your organization.
Authenticate a connector
See the following documentation for instructions on authenticating with the user-level auth:
- Adobe Analytics connector tools
- Atlassian Remote MCP connector tools
- Conductor Remote MCP connector tools
- Google Ads connector tools
- Microsoft Graph connector tools (Depending on configuration)
- Salesforce CRM connector tools
- WordPress connector tools
Manage your connections
You can manage your existing connections directly from the Connectors tab in Opal.
- Refresh connection – Re-authenticate if a session expires or if the third-party service requires a password update.
-
Disconnect – Remove Opal's access to your personal account by revoking the stored authentication token. Disconnecting does not delete any data that Opal retrieved from the third-party service.
You can reconnect at any time by clicking Connect.
Troubleshoot
If you encounter issues when authenticating or managing a connector, see the following common scenarios and resolutions.
Pop-up window does not display
Opal opens a pop-up window to complete the OAuth authentication flow. If the window does not display after you click Connect, your browser may be blocking pop-ups.
Resolution – Check your browser's address bar for a blocked pop-up notification and click Allow. Then click Connect again.
Authentication window closes
If the window closes before you finish logging in or granting permissions, the connection does not complete and the connector status remains unchanged.
Resolution – Click Connect again and complete the steps in the Authenticate a connector section without closing the pop-up window manually. Ensure you click Allow or Authorize on the permissions page before you close the window.
Status does not update to connected
After you complete the authentication steps, the connector status may not immediately reflect as Connected.
Resolution – Refresh the Connectors tab and check the status again. If the status still does not update, disconnect the connector and repeat the authentication steps.
Connection displays as expired or requires re-authentication
OAuth tokens have a finite lifespan and may expire because of inactivity, a password change on the third-party service, or a revoked permission. When this happens, Opal can no longer act on your behalf until you re-authenticate.
Resolution – Locate the affected connector on the Connectors tab and click Refresh. Complete the login and permissions steps again to restore the connection.
Connector not visible in the list
The Connectors tab only displays connectors that an Opal Administrator has enabled for your organization. If a connector you expect to see is not listed, an Opal Administrator has not yet enabled it at the instance level.
Resolution – Contact your Opal Administrator and request that they enable the connector.
Connection shows an error after authentication
An error state after completing authentication typically indicates a permissions mismatch, an unsupported account type, or an issue on the third-party service's end.
Resolution – Disconnect the connector, then reconnect and ensure you grant all requested permissions during the authorization step. If the error persists, verify that your third-party account has the access level required by the connector and consult the connector-specific documentation linked in the Authenticate a connector section.
Related topics
See the following documentation:
If you use Opti ID, administrators can turn off generative AI in the Opti ID Admin Center. See Turn generative AI off across Optimizely applications.
Article is closed for comments.