Skip to main content
Audience: IT administrators and workspace owners.Goal: Enable secure, governed access to enterprise data sources through ChatGPT connectors.
Connector security baseline
  • Connectors are disabled by default on Enterprise plans.
  • Enable only required connectors and scope access by role or group.
  • Configure OAuth permissions and review scopes before rollout.
  • Monitor connector usage through User Analytics and Compliance API.
  • Schedule quarterly reviews to audit enabled connectors and access patterns.

SharePoint connector

Connect to SharePoint sites and document libraries with granular permissions.

Google Drive connector

Enable access to Drive files and folders with OAuth-based authentication.

GitHub connector

Connect repositories for code review, documentation, and issue tracking.

Connector administration overview

Connectors allow ChatGPT to access external data sources on behalf of users. Each connector requires explicit enablement, OAuth configuration, and RBAC scoping.

Key principles

Default to off

All connectors are disabled by default. Enable only what teams need for validated use cases.

Scope by group

Assign connector access to specific groups (e.g., Engineering, Marketing) rather than workspace-wide.

Review OAuth scopes

Understand what permissions each connector requests before authorizing.

Monitor usage

Track connector adoption and data access patterns through analytics and compliance logs.

Audit quarterly

Review enabled connectors, group assignments, and usage patterns every 90 days.

SharePoint connector

The SharePoint connector enables ChatGPT to read and reference documents from SharePoint Online sites and document libraries.

Prerequisites

  • SharePoint Online subscription (Microsoft 365)
  • Global Administrator or SharePoint Administrator role
  • Verified corporate domain in ChatGPT workspace
  • RBAC groups configured for connector access

Configuration steps

Enable the SharePoint connector

Navigate to Manage workspace → Connectors and locate SharePoint. Toggle the connector to Enabled.

Configure OAuth permissions

Click Configure and review the requested OAuth scopes:
  • Sites.Read.All — Read items in all site collections
  • Files.Read.All — Read all files the user can access
  • User.Read — Sign in and read user profile
Approve the permissions in your Microsoft 365 admin center.

Assign to groups

Under Access control, select which groups can use the SharePoint connector. Start with a pilot group (e.g., “Knowledge Workers Pilot”) before expanding.

Test with pilot users

Have pilot users authenticate the connector in ChatGPT by clicking Connect SharePoint in a conversation. Verify they can access expected sites and documents.

Monitor and expand

Review usage in User Analytics. Once validated, expand access to additional groups as needed.

SharePoint permissions model

The connector respects SharePoint’s native permissions. Users can only access sites and documents they already have permission to view in SharePoint.
SharePoint permissionConnector behavior
Site memberCan read all documents in the site
Site visitorCan read documents they have access to
No accessCannot access site or documents
The connector does not grant new permissions. It uses the authenticated user’s existing SharePoint access rights.

Common use cases

Allow teams to ask questions about internal documentation, policies, and procedures stored in SharePoint.
Summarize long reports, meeting notes, or project documentation without leaving ChatGPT.
Reference compliance documentation, audit reports, and policy documents during conversations.

Troubleshooting

Cause: User lacks SharePoint permissions or hasn’t authenticated the connector.Fix: Verify SharePoint permissions in Microsoft 365 admin center. Have user disconnect and reconnect the SharePoint connector in ChatGPT.
Cause: Group not assigned connector access in workspace settings.Fix: Go to Manage workspace → Connectors → SharePoint → Access control and add the group.

Security considerations

Data handling
  • Connector queries are logged in the Compliance API.
  • Document content accessed via connectors is subject to workspace retention policies.
  • Enterprise data is excluded from model training by default.
  • Apply Microsoft Purview DLP policies to monitor connector usage.
Best practices
  • Start with read-only access to non-sensitive SharePoint sites.
  • Create a dedicated pilot group for initial testing.
  • Document which sites and libraries are in scope for connector access.
  • Review connector usage monthly during pilot phase.
  • Integrate connector logs with your SIEM for anomaly detection.

Google Drive connector

The Google Drive connector enables access to files and folders stored in Google Workspace.

Configuration steps

Enable the Drive connector

Navigate to Manage workspace → Connectors and enable Google Drive.

Configure OAuth

Review and approve OAuth scopes:
  • drive.readonly — Read-only access to Drive files
  • userinfo.email — User email address

Assign to groups

Select which groups can use the Drive connector. Scope to teams with validated use cases.

Test and monitor

Pilot with a small group, verify access patterns, then expand.
The Drive connector respects Google Workspace sharing permissions. Users can only access files they already have permission to view.

GitHub connector

The GitHub connector enables access to repositories, issues, pull requests, and documentation.

Configuration steps

Enable the GitHub connector

Navigate to Manage workspace → Connectors and enable GitHub.

Configure OAuth

Review and approve OAuth scopes:
  • repo — Access to private repositories (if needed)
  • read:org — Read organization membership

Assign to groups

Scope to engineering and technical teams. Avoid workspace-wide access.

Test and monitor

Pilot with a small engineering team, verify repository access, then expand.
The GitHub connector respects repository permissions. Users can only access repositories they have been granted access to in GitHub.

Connector governance

RBAC and group assignment

ConnectorRecommended groupsRationale
SharePointKnowledge workers, all employeesBroad access to internal documentation
DriveMarketing, operationsTeam-specific file access
GitHubEngineering, DevOpsCode and technical documentation access
SlackCustomer success, supportHistorical conversation and knowledge search
Avoid assigning all connectors to all groups. Scope access based on business need and data sensitivity.

Monitoring and compliance

Track connector adoption, usage frequency, and active users. Export CSVs for deeper analysis.

Quarterly review checklist

  • Review all enabled connectors and confirm business justification.
  • Audit group assignments and remove access for inactive groups.
  • Analyze connector usage patterns in User Analytics.
  • Review OAuth scopes and permissions for each connector.
  • Update connector documentation and training materials.
  • Verify compliance logs are being exported and monitored.

Appendix

Detailed OAuth scopes for each connector and what they enable.
Rate limits and quotas for connector API calls.
How connector data is stored and processed based on workspace residency settings.
How OpenAI communicates connector changes, deprecations, and migrations.

Self-check: Connector admin test

Can an admin configure a connector in 10 minutes?
  • I know which connectors are available and how to enable them.
  • I understand OAuth permissions and how to approve them.
  • I can scope connector access to specific groups.
  • I know how to monitor connector usage and review logs.
  • I have a plan for quarterly connector audits.