Note: As of August 29th, 2025, we've renamed ChatGPT Team to ChatGPT Business. For more information and questions related to the name change, please refer to our article: ChatGPT Business Rename FAQ
As of December 17 2025, we’re renaming connectors to apps to present a more unified experience. The term now includes both apps that feature interactive UI, and connectors that help you search and reference your information in ChatGPT. We’re not removing any existing functionality - previously enabled connectors and company knowledge will continue to work as before.
Admin controls
Default behavior by plan
ChatGPT Enterprise & Edu
All apps are disabled by default. Workspace owners can control which apps are enabled in Workspace settings → Apps, as well as assign app specific roles through RBAC (see below).
ChatGPT Business
In ChatGPT Business, workspace admins can control which apps are enabled for the workspace and can manage role-scoped app permissions.
RBAC (Role-based access control)
Enterprise and Edu workspaces can assign apps to one or more custom roles. By default, users can access all available apps, but admins can control which roles have access.
Managing apps and app permissions
To manage which apps a role can use:
Go to Workspace settings > Permissions & roles.
Select Custom roles.
Select the role you want to edit.
Scroll to the Connected data section.
Turn on Allow members to use apps to allow app use for that role.
Use Select to choose specific apps for that role.
Adding new apps
When enabling a new app at the workspace level, admins are prompted to assign which roles can access it. If the app supports action controls, admins can also review the app's actions before making the app available.
App action controls
RBAC controls who can use an app. Action control determines what the app can do.
In Action control, admins can choose how the app's current actions are handled by allowing all actions, allowing only read actions, or selecting a custom set of actions. If admins select Custom, they can also choose how actions added later are handled by selecting Enable all new actions, Only enable new read actions, or Disable new actions.
Provider scope approval does not automatically make new actions available in ChatGPT.
Custom apps using MCP
Admins can also allow roles to access developer mode, which allows the creation and testing of custom apps using MCP. Role access to developer mode does not automatically make new MCP actions available. After a custom MCP app is published, admins review its actions in Action control, and select Refresh to review added or changed actions from the MCP server.
Granular Google Drive (synced) controls
Note: Google Docs, Sheets, and Slides actions are now available as Google Drive actions. This unifies all actions into the Google drive app - simplifying Google app usage. Currently, the legacy standalone Google Docs, Sheets, and Slides apps remain available for people who already enabled them to ensure a smooth transition - we may deprecate these apps at a later date. New users can connect to the Google Drive app without having to connect to each separate app for a unified experience.
For ChatGPT Enterprise/Edu, these new unified Google Drive actions are off by default until a workspace admin enables them. For ChatGPT Business, they are on by default. After enablement, Google Workspace admins may need to re-authorize updated Google Drive scopes before users can use these actions, or new users can connect. If you receive complaints from your users that they are unable to connect to Google Drive, please check your Google workspace scope authorizations for Google Drive, Docs, Sheets and Slides, and confirm that all actions in the app have scopes that have been authorized, or turn off actions that you do not want to authorize.
Note that the sync feature remains unaffected with this change.
File restriction and setup
Enterprise, Edu, and Business workspaces can:
Limit the app with sync to specific Shared Drives or folders.
Exclude specific file types from indexing.
Choose between a Quick setup (each user authenticates their account) or Admin-controlled access (centralized setup for granular controls)
For additional information regarding enabling the Google Drive app with sync, please refer to our help article: Google Drive app with sync - self-service setup
RBAC for Google Drive (synced) for Enterprise and Edu
Once you enable the Google Drive app with sync, all users who had access to the non-synced version will also gain access to the synced version. It is not currently possible to set different permissions between synced and non-synced versions.
If you previously set up an allow-list for the Google Drive app with sync before RBAC for apps was introduced, your allow-list has been mapped to new RBAC groups and roles called Google Drive Connector Users and Google Drive Connector Role.
If your workspace had the Google Drive app enabled at the workspace level, only users on the app with sync allow-list now retain access.
Users who were not on the allow-list no longer have access to the non-synced Google Drive app and must be re-added.
Users with access to the Google Drive app with sync now also have access to the standard Google Drive app.
All other workspace roles and permissions remain unchanged.
Microsoft Outlook (Calendar & Email), Teams, and Sharepoint permissions required
To enable integration between ChatGPT and Microsoft Outlook, Teams, and Sharepoint, permissions must be granted within Microsoft Entra ID (formerly Azure AD) for each service. Review our Help Center pages for permissions required:
Each app page describes scope required by that app. For a full list of scopes per app, refer to the ChatGPT app directory.
Custom apps
In Business, Enterprise, and Edu workspaces, only workspace owners, and users with the respective setting enabled (for Enterprise/Edu) can enable developer mode to publish and test custom apps. Users with the member role do not have the ability to add custom apps themselves.
As with other apps, end users must authenticate with each app themselves before first use.
For a general overview of developer mode and custom apps and MCP connectors in ChatGPT, please refer to our article: Developer mode and custom apps in ChatGPT
For a technical walkthrough of creating a custom MCP connector, please refer to our documentation: Creating custom MCP apps
Note: Please note that custom apps and connectors are not verified by OpenAI and are intended for developer use only. You should only add custom apps or connectors to your workspace if you know and trust the underlying application. Learn more.
Apps and connectors may allow end users to share data, which could include protected health information (PHI), with third parties. You should ensure that your use of connectors complies with your obligations under HIPAA.
Security & compliance
Security
We protect your data with industry-standard encryption in transit and at rest. OAuth tokens are stored using strong, audited key-management practices. After an app is enabled, each user authorizes their own account, and ChatGPT only accesses content within that user’s existing permissions, such as read-only scopes.
OpenAI applies ongoing testing, monitoring, and layered mitigation techniques to reduce prompt-injection risk. For added protection, conversations that use apps have locked-down network access to keep data between OpenAI and the specific tools you connect. Strict access controls ensure ChatGPT only sees what each user is permitted to access, and all data remains encrypted in transit and at rest.
Does OpenAI use information from apps to train its models?
For ChatGPT Business, Enterprise, and Edu customers, we do not use information accessed from apps to train our models. Please see our Enterprise Privacy page for information on how we use business data.
Chat and deep research data are processed transiently and not indexed. App with sync data is indexed to speed up answers, while respecting your training settings.
Data storage & residency
All apps with sync are supported for workspaces with data residency in the United States, Europe (EEA + Switzerland), and Japan. Google Drive and GitHub apps with sync are also supported in all currently supported data residency regions.
For apps with sync that are not supported for data residency in your region, the synced search index is stored in OpenAI’s U.S. Azure data centers.
Non-synced apps: Apps are compatible with data residency, but it's important to note that connected applications are third-party services, and data sent to a connected application is subject to that application's own data residency policies.
In other words, if you're an organization with Data Residency in Europe, OpenAI will limit storage of Customer Content to take place in Europe up until the point that queries and prompts are sent to a connected application. Please make sure that your connected applications also adhere to any data residency requirements you may have.
Compliance
User conversations, including conversations using any app, are already available in the Compliance API.
Additionally, all app calls are logged as a part of the OpenAI Compliance Logs platform.
Read more: Compliance API for Enterprise Customers.
Granular Google Drive (synced) security
In addition to OAuth authentication, owners for Business, Enterprise, and Edu workspaces are able to utilize domain-wide delegation (DWD).
