Set up and configure a tool

Setting up a new tool

Create from a template (recommended)

Go to Settings → Tools
Click on ”+ Tool” → “From template”
Choose a template (e.g. Microsoft 365, Notion, Databricks, Odoo)
The tool is created immediately and the editor opens
Follow the integration guide in the “Parameters” tab to set up the connection
Click on “Test connection” to complete the setup

Set up an MCP server manually

For MCP servers that are not available as a template:

Click on ”+ Tool” → “Manual MCP server”
The editor opens
In the “General” tab: enter a name and, optionally, a description
In the “Parameters” tab: enter the server URL
Optional: define parameters that the server requires (e.g. API key, username)
Click on “Test connection”
On success, the available capabilities are detected automatically

Upload your own skill

For custom automations or specialized tools:

Click on ”+ Tool” → “Manual skill”
Step 1: Upload the skill folder or an archive (ZIP)
- The folder must contain a SKILL.md file
- After the upload, the file structure is shown
Step 2: Review the settings
- Name and description (are read automatically from SKILL.md)
- If the skill accesses external services: enable “Connected skill” and enter the credentials
Click on “Create”

Configure a tool

In the tool overview, click on a tool to open the editor. The configuration is split across several tabs:

Tab: General

Tool enabled: turns the tool on or off. Disabled tools are not available to the AI.
Name: display name of the tool (max. 100 characters)
Description: brief explanation of what the tool is for (max. 500 characters)
System instructions: here you can tell the AI when and how to use this tool (max. 2,000 characters). Example: “Only use this tool when the user explicitly asks for Databricks data.”
Delete tool: at the bottom of the page in the danger zone. Deletion cannot be undone.

Changes are saved automatically, a save button is not needed.

Tab: Parameters

This is where the connection settings are configured.

For template-based tools:

The parameter fields are predefined by the template
Enter the required values (e.g. API key, server URL)
Secret fields (e.g. passwords) are masked automatically
An integration guide explains step by step what to enter

For manually created MCP servers:

Server URL: the address of the MCP server (required field)
Healthcheck URL: optional endpoint for availability checks
Define parameters: add your own parameters (text, number, or yes/no). For each parameter you can decide how it is passed to the server (as an argument, HTTP header or query parameter).

Test connection:

Click on “Test connection” to check whether the connection works:

Success (green checkmark): the connection works and the available capabilities have been detected. The response time is shown in milliseconds.
Failed (red X): the connection could not be established. The error message gives hints for fixing it.

Important: The tool can only be activated after the connection has been tested successfully.

Tab: Files (skills only)

Shows the files of the uploaded skill:

Left: directory tree with all files
Right: preview of the selected file content
You can add, replace or delete individual files
Use “Replace all files” to upload a completely new version

Defines who can use this tool:

Option	Description
Only me personally	Only you can use the tool (default)
Specific people or groups	You select which colleagues or teams get access
Entire tenant	All users in your workspace (administrators only)
Entire 9brains	Available system-wide for all users (super administrators only)

Add people or groups:

Select “Specific people or groups”
Search for the name of the person or group
Select the entry, it appears as a label
To remove it, click the X next to the name

Tab: Capabilities (MCP servers only)

Shown after a successful connection test. Lists all capabilities (tools) that the MCP server provides.

For each capability you can set the permission:

Permission	Meaning
Always allowed	The AI may use this capability at any time
Ask first	The AI asks you in the chat before using the capability
Not allowed	The AI may not use this capability
Locked	Set by an administrator, cannot be changed

Example: You want the AI to be able to read emails but always ask before sending. Then set “read email” to Always allowed and “send email” to Ask first.

Connecting Microsoft 365

The Microsoft 365 integration gives the AI access to emails, calendars, OneDrive, Teams, contacts, tasks and other Microsoft services. Each user sets up their own personal connection.

Prerequisite: administrator authorization

Before users can set up their integration, an administrator must grant the Microsoft authorization once. Details under Microsoft authorization for administrators. If the authorization has already been granted, this step can be skipped.

Set up the integration

Go to Settings → Tools
Click on ”+ Tool” → “From template” → “Microsoft 365”
In the “Parameters” tab: click on “Connect with Microsoft”
Sign in with your Microsoft 365 account and allow access
After a successful connection, the status shows “Connected to Microsoft”

The tool is active immediately. The AI can now access your emails, calendars, files and other Microsoft services.

Troubleshooting Microsoft 365

If the AI can no longer access emails, calendars or other Microsoft services:

Check whether you have your own Microsoft 365 integration: Go to Settings → Tools and look for “Microsoft 365”. If none exists, set up a new one (see above).
Check the connection status: Open your Microsoft 365 integration and check in the “Parameters” tab whether the connection is still active. If the status shows “Not connected” or “Expired”, click on “Connect with Microsoft” to renew the connection.
Check administrator authorization: Only if the message “Administrator approval required” appears during the connection does an administrator need to grant the Microsoft authorization.

Authentication with external services

Depending on the integration, there are different sign-in methods:

OAuth 2.0 (e.g. Microsoft 365)

OAuth enables a secure sign-in without you having to enter your password in 9brains.

In the Parameters tab, click on “Connect with [provider]”
You are redirected to the provider’s sign-in page (e.g. Microsoft)
Sign in there and allow access
You are automatically redirected back to 9brains

After sign-in, the status shows:

Connected to [provider], everything is fine
Valid for X days, when the sign-in needs to be renewed
Permissions, which accesses have been granted

Disconnect: click on “Disconnect” to revoke access. The tool will then no longer work until you sign in again.

API key (e.g. Notion, Databricks, Odoo)

Some services use an API key instead of OAuth:

Create the API key in the respective service (the guide in the “Parameters” tab explains how)
Enter the key in the corresponding field
Test the connection

API keys are stored encrypted and masked in the display (e.g. ***).

Security & privacy

Credentials

All credentials (API keys, OAuth tokens) are encrypted in the database
Credentials are never shown in plain text in the interface
OAuth tokens are renewed automatically as long as the connection is active

Skills and code execution

Skill code runs in a fully isolated sandbox environment
The sandbox has no access to other user data or internal systems
Each chat session has its own isolated working area
After the session ends, the sandbox environment is destroyed

Connected skills (skills with external access)

When a skill accesses external services (e.g. Databricks), the credentials are injected via a secure proxy
The code in the sandbox does not see the credentials directly, they are inserted automatically when a network call is made
All outgoing connections run through the proxy. For configured target servers the credentials are inserted automatically, but other connections are also possible.