Skip to main content
Access settings
The Settings page contains the following tabs (depending on your Connect AI plan): The following sections describe these tabs.

Profile

The Profile tab opens by default when you access Settings. This tab contains settings for the account you are currently signed in with.
Settings profile
In the User Profile section, you can edit the first name and last name for the current user. Your user role appears in the Role text box, but it cannot be edited on this page. See Users for more information about roles. You can change the email that you use to log in by entering the new email and clicking Save Changes. If you want to reset your password, click Reset Password. This action sends a password reset email to the email address that appears in Email.
If you are an SSO user, you must contact the administrator in your organization to change your email and/or password.
In the Grant Support Access section, administrators can toggle support access on so that the CData support team can log in and help troubleshoot issues for the users in the administrator’s account. Administrators can revoke access at any time by disabling this setting. Click Save Changes to save the selection. Then click Accept in the Grant Support Access dialog to agree to the terms and conditions of granting support access.
This feature is enabled for administrators only. Query users can contact their administrator to grant support access to their accounts.

Account

The Account tab provides access to account-wide settings.
Settings account
The sections of this page are described below.

Details

The Details section lists the following global account information:
  • Organization Name
  • Account Id
  • Country

Primary Contact Information

This section contains the following fields that define the account’s primary contact for invoices, announcements, and other communication. These fields can only be edited by administrators.
  • First name
  • Last name
  • Email
  • Phone Number
  • Country
The email in this section is not the user login email. Change the login email in the Profile tab.

Delete Account

If you want to delete your Connect AI account and all of its data, click Contact Sales for assistance.
Account deletion is permanent. If you delete your account and later want to use Connect AI again, you’ll need to create a new account.

Security

The security settings on this tab are applied globally.
Settings security

Personal Access Token Expiration

This section allows you to set a global Personal Access Token (PAT) expiration (such as 30 Days, 60 Days, or Never Expire). Shorter durations improve security. When the PAT expires, the PAT displays Expired in the Security tab of Settings, and any authentication using the PAT fails with an "Invalid personal access token" error. To create a PAT, see Personal Access Tokens.

Default Shared Authentication Connection Permissions

From the drop-down list, select the default permissions for newly-created connections as “Shared Authentication”. This does not impact existing connections. For more information about shared authentication, see Permissions and Access Control.

Default Per-User Authentication Connection Permissions

From the drop-down list, select the default permissions for newly-created connections as “Per-User Authentication”. You can also select which permissions users can have (Select, Insert, Update, Delete, Execute). This does not impact existing connections. For more information about per-user authentication, see Permissions and Access Control.

Data Copilot Access

Toggle this feature off if you do not want your users to have access to Data Copilot.

MCP Connectivity

Toggle this feature off if you do not want your users to have access to any MCP-related functionality.

Personal Access Tokens

Personal access tokens (PATs) are used when you connect to your data through the REST API, the OData protocol, or the Virtual SQL Server. You can create and manage your PATs on this tab.
Settings PAT

Create a PAT

Follow these steps to create a new PAT:
1
Click Create PAT.
2
Enter a name for the PAT in the dialog that appears. It might be useful to enter a name that indicates its purpose.
3
Click Create and a new dialog appears.
4
Click the copy icon in that dialog to copy the PAT to your clipboard. The icon is to the right of the token field.
You cannot view the PAT again after you close this dialog.
PAT created
5
Click Close to close the dialog. The new PAT appears in the list and includes its Creation Date and Expiration Date.
The PAT expiration date is set globally in the Security tab.

Regenerate a PAT

If you need to regenerate a PAT, click the regeneration icon in the PAT list and follow the prompts that are displayed.
Regenerate PAT
Regenerating a PAT revokes access for any applications that use the PAT. Therefore, you must enter the newly generated PAT in any such applications.

Delete a PAT

To delete a PAT that you no longer use, click the delete icon in the PAT list.
Delete PAT
Click Confirm in the confirmation dialog that is displayed.
Deleting a PAT revokes access for any applications that use the PAT. Therefore, you must create a new PAT and enter it into those applications to restore this access.

OAuth Apps

The OAuth Apps tab allows you to generate a custom OAuth application for client integrations. It contains a list of available OAuth apps, including their authentication flow and creation date.
Settings OAuth

Create a Custom OAuth Application

To create a custom OAuth application:
1
Click + Create App. The Create OAuth App dialog appears.
Create OAuth App
2
Enter the Name of the OAuth app.
3
Select whether you want to use service-based (client credentials grant) or user-based credentials (authorization code grant).
  • Service-based credentials are best for agentic workflows where there is no user involvement. Service-based credentials require a user name. You can create a user name specifically for this purpose. For example, you would use service-based credentials to build agents in Agent Bricks.
  • User-based credentials are best for applications that act on behalf of a user. The user must consent to the application accessing their data. For example, you would use user-based credentials to access Gemini Enterprise.
4
Go to your client application and create a new application registration there. The client application will provide a callback URL to copy.
5
Return to the Create OAuth App dialog and paste the Callback URL from the client application. This URL redirects users after login. You can provide up to 10 callback URLs for your OAuth app.
6
Click Confirm. Connect AI creates the OAuth app and generates a Client Id and Client Secret for the client application. Copy these values.
OAuth App Edit
7
Return to the client application and paste the Client Id and Client Secret into the appropriate fields. Here is the Gemini Enterprise example:
Client Id and Client Secret
8
The new OAuth app appears in the list of apps. Click the edit icon () to edit the app and add more callback URLs for other client applications, if needed.
Your external system may ask for information about the CData authorization, token, and registration URLs. They are as follows:
EndpointValue
Authorization URLhttps://cloud-login.cdata.com/authorize
Token URLhttps://cloud-login.cdata.com/oauth/token
Registration URLhttps://mcp.cloud.cdata.com/register
Authorization server basehttps://mcp.cloud.cdata.com
Resourcehttps://mcp.cloud.cdata.com/mcp

Keys

Connect AI supports storing data source authentication information in key vaults. Instead of entering authentication information directly in the Add Connection page for your data source, you enter the name of the key vault. You can then update the information in the key vault without affecting your data connection.
  • Currently supports Azure Key Vault. Support for additional key vault providers is planned.
  • Available for Business tier in Connect AI only.
  • Not available for Connect AI Embed.

Create a New Key Vault

1
Click + Add Vault. The Add Azure Key Vault dialog appears.
2
Enter the Vault Name of your Azure key vault.
3
Enter the Vault URI, which can be found on the Overview page of your Azure Portal.
4
Enter the Application Id, also known as the Client Id. This value can be found on the Overview page of your Azure Portal.
5
Enter the Directory Id, also known as the Tenant Id. This value can be found on the Overview page of your Azure Portal.
6
Click Confirm to save your credentials. If successfully saved, the new key vault appears in the list of key vaults, along with the Key Vault URL and Creation Date.
Once you create a new key vault, you can use the key vault as a credential for data source connections.

Delete a Key Vault

To delete a key vault that you no longer use, click the delete icon in the key vault list.

Billing

The Billing tab provides information and controls for your account plan and usage.
Settings billing
This tab consists of the following:
  • The Billing section displays your plan information and next billing date.
    • Click Manage Payment Method to open your account with Stripe. You can manage your billing settings, such as your payment method and billing address. If your subscription has lapsed, you need to reactivate your plan to continue using Connect AI.
    • The Update Plan section on the right (if applicable) contains information about contacting the Connect AI sales team. You can also email sales@cdata.com.
    • If you are on a free trial account, this section displays your trial information.
  • The Additional Usage section displays what is remaining in your current plan.