Types of connections
watsonx Orchestrate supports several types of authentication methods:- Basic, Bearer, and API Key: These methods pass the configured credentials directly to the consuming tool or service.
- OAuth: Orchestrate supports multiple OAuth flows, as defined in the OpenAPI specification. When using OAuth:
- Orchestrate authenticates the user interactively.
- It generates an
access_tokenon behalf of the user. - This token is securely passed to the downstream tool during execution.
Note:
OAuth-based connections currently only work when the user interacts with the agent through the watsonx Orchestrate UI (not embedded webchat).
- Pass arbitrary authentication configurations to Python tools.
- Securely provide environment variables to MCP toolkits.
- Configure connections to LLM providers through the AI Gateway.
Support by tool type
[1] Tools build using flows do not require connection support as connections within flows are configured via their
downstream component tools.
[2] OAuth connections are currently only supported by agents in the watsonx Orchestrate integrated webchat ui.
[3] SSO/ IDP connections are only supported by agents in webchat embedded into a customer’s website.
[2] OAuth connections are currently only supported by agents in the watsonx Orchestrate integrated webchat ui.
[3] SSO/ IDP connections are only supported by agents in webchat embedded into a customer’s website.
Support for knowledge
Support for member vs team
Support for AI Gateway
The AI Gateway supports onlykey-value connections.

