Connected apps¶

Audience: End users (anyone who signs in to DataHub).

What are connected apps¶

Connected apps are external applications you allowed to access DataHub on your behalf through DataHub’s OAuth flow — for example an MCP desktop client that calls tools with your permissions. They are not the same as workspace integrations (Microsoft 365, Databricks, etc.) configured by administrators.

How to review your connected apps¶

Open Settings → Connected apps (or the equivalent entry in your account menu).
Review each row: app name, purpose (if the admin or flow provided one), scope summary, and when access was granted.
If you no longer use an app, use Revoke access and confirm. This invalidates tokens; the app must ask you to sign in again.

How to revoke access¶

On Connected apps, find the application.
Choose Revoke access.
Confirm in the dialog. Revocation is immediate for active tokens.

Administrators can also revoke tokens or archive clients from the MCP governance OAuth client list; your Connected apps view reflects grants you approved.

What data can these apps access¶

Access is limited to what DataHub exposes through MCP tools allowed by the Tool Policy bound to that client, and by your own user identity and roles.
The consent screen lists a summary of tools (grouped and capped for readability), not every low-level field. Exact behaviour depends on the policy your organisation assigned to the client.
Apps cannot see your password. They receive OAuth tokens for API access only within the granted scope and policy.

Privacy & security¶

Revoke access if you lose a device, stop using an app, or notice unexpected activity — then contact your administrator if needed.
Organisations can audit tool usage (allow/deny, purpose, client) from MCP governance; details depend on your org’s retention settings.
If you are unsure whether to approve consent, ask your data or security team before choosing Allow once or Always allow.

Administrator guide: MCP governance