Integrations
We list every integration with its real status. "Live" means it ships and works today. "Pilot" means functional but used by <3 tenants. "Scoped" means an adapter exists and is wired per customer on engagement. "On engagement" means a connector slot exists in the platform and we'll build the adapter as part of the SOW.
Category 01
Inbox triage, drafted replies, meeting scheduling. The communication and scheduling agents speak the protocol; per-vendor auth handles the rest.
OAuth 2.0 read/send, label-based routing, calendar API for scheduling. Used in production today.
Auth: OAuth · Scopes: gmail.modify · calendar
Microsoft Graph integration for mail + calendar. Functional in pilot deployments; per-tenant app registration required.
Auth: OAuth · Scopes: Mail.ReadWrite · Calendars.ReadWrite
Catch-all for self-hosted mail (Zimbra, Postfix, Fastmail, custom IMAP). Username + app-password authentication.
Auth: basic · TLS required
Category 02
Approval routing to chat channels, alerts from compliance / anomaly detection, AI consultant access from inside the chat surface.
Bot token, signed webhooks, slash commands. Approval Inbox can post and receive decisions inside Slack threads.
Auth: bot token · channels: per workspace
Adaptive Cards for approvals, channel webhooks for alerts. Tested with one pilot deployment.
Auth: bot framework · per-tenant app registration
Sandbox number in use for the AI consultant demo. Production deployment requires Meta verification per customer.
Auth: WhatsApp Cloud API · template messages
Category 03
Sync contacts, interactions and pipeline stages between Sonoda's internal CRM and your system of record. Bidirectional where the vendor permits.
Adapter scaffolding exists for Lead, Contact, Opportunity, Activity. Per-customer wiring of custom fields and validation rules on engagement.
Auth: OAuth 2.0 JWT · API version 58.0+
Adapter scaffolding for Contacts, Companies, Deals, Engagements. Webhook subscriptions for change capture.
Auth: private app token · API v3
Connector slots in agents/integrations/. Adapter built into the SOW; typical timeline 2–4 weeks.
Auth: vendor-dependent
Category 04
SAML 2.0 and OIDC are implemented in the auth layer. Per-IdP wiring (metadata, attribute mapping, group-to-role mapping) is part of enterprise onboarding.
SAML 2.0 SP metadata + OIDC client. Group → role mapping configured per tenant. JIT user provisioning supported.
Protocols: SAML · OIDC
OIDC and SAML supported. Conditional access policies honored at the IdP level.
Protocols: OIDC · SAML
Standards-based — works with any SAML 2.0 or OIDC IdP. Test environment provided before cutover.
Protocols: SAML · OIDC · SCIM 2.0 (engage)
Category 05
Source documents for Document Intelligence and RAG. Read access to your DMS; write-back for classified / extracted results is configurable.
Folder watch + on-demand fetch. Tested with pilot deployments.
Auth: OAuth 2.0 · service account (Drive)
Legal-DMS connectors built per engagement. Matter-centric metadata mapping is the bulk of the work.
Auth: vendor token · matter-scoped access
Object-storage source with prefix-based ingestion. Used for batch document loads and data-room ingestion.
Auth: IAM / SAS / static credentials
Category 06
Used internally for post-SOW invoicing. Not exposed in the public engagement flow (see /pricing).
Preference creation + webhook-driven status updates. Used for LATAM invoicing.
Auth: access token · sandbox + production
Stripe adapter slot exists. International wire is the default for enterprise SOWs.
Auth: API key · webhook signing
Scaffolding present, dormant. Activated for Argentina-resident customers on engagement.
Auth: AFIP WSAA token · CUIT-bound
Category 07
Every domain event the platform emits — workflow.completed, approval.requested, audit.entry.written, anomaly.detected — can be subscribed to via signed HTTP webhook.
HMAC-SHA256 over body + timestamp, 5-minute replay window. Subscribe via the admin console or API.
Header: X-Sonoda-Signature · X-Sonoda-Timestamp
Generic webhooks already let these tools subscribe. A first-class app listing is on the roadmap.
Connect via webhook URL
Bridge sink for enterprises with an event backbone. Built into the SOW.
Auth: vendor-dependent
How a new integration ships
Every integration sits under agents/integrations/<vendor>.py implementing a stable interface: connect(), list_objects(), write_object(), watch(). Adding a new vendor is, in our experience, 2–4 weeks end-to-end including auth flow, schema mapping, retry / backoff, and tenant-level enablement. We scope this into the SOW with a fixed price and a fixed timeline. If we miss the timeline, you don't pay for the integration.