Managing app connections and credentials
watsonx Orchestrate integrates with external business systems through a unified connection framework. This framework defines how the service authenticates with third‑party applications, how credentials are managed, and how configuration is separated across draft and live environments. Connections define how the platform authenticates with external systems, credentials determine the identity that is used for access, and environments control how integrations behave during development and production. Connections operate as the secure integration layer for tools that access external APIs, helping maintain consistent authentication, credential reuse, and predictable behavior across channels and environments.
You can configure connections so that tools can communicate securely with external systems such as HR applications, IT service-management platforms, CRM systems, and internal enterprise APIs. Each connection provides configuration for authentication, credential handling, environment behavior, and tool binding. You can reuse a connection across multiple tools when they target the same external application. Credential management supports both shared (team) and user‑specific (member) models, and connections are validated during agent deployment to help ensure that all tools have a correctly configured live setup.
Connection overview
You can learn the core building blocks of the connection framework, including what a connection is, how credentials determine identity, and how draft and live environments support development and production behavior. For more information, see Connection overview.
Connections architecture and lifecycle
You can learn how agents, tools, and connections interact when a user request flows from a channel to a third‑party application. For more information see, Connection architecture and lifecycle.
Credentials
You can understand how watsonx Orchestrate applies identity when it connects to external applications. Credential models determine whether access uses a shared identity or a user‑specific identity and how each model behaves across supported channels. For more information, see Credentials.
Authentication types
Authentication types define how a connection proves its identity to an external application. Each method requires specific metadata and credential details, and the correct type must match what the target system supports. For more information, see Authentication types.
Channel behavior across environments
Agent behavior differs across channels and depends on whether the connection uses draft or live. For more information, see Channel behavior for draft and live environments. For more information, see Channel behavior across environments.
Creating and managing connections
Create and manage connections to define how tools authenticate with third‑party applications, assign team or member credentials, and configure draft and live environments for safe testing and production use. For step by step instructions, see Creating and managing connections.
Binding connections to tools
Binding links a tool to the authentication settings defined in a connection. Tools must be bound to valid Draft and Live configurations before they can access external applications. For more information, see Binding connections to tools.
Deploying an agent
Deploying an agent with a live connection helps maintain a valid, production‑ready authentication setup. Deployment succeeds only when all tools are bound to fully configured live connections. For more information, see, Deploying an agent with a live connection.