Intended Use: AI Connectors#
@INTENDED_USE:AIConnectors
System Overview#
What is this system?
AI Connectors is a monorepo of remote MCP (Model Context Protocol) servers that expose Novo Nordisk enterprise data sources (SharePoint, Outlook) to AI assistants via standardized FastMCP interfaces with Azure AD OAuth2 authentication. Deployed to AWS ECS Fargate, it enables secure, user-scoped access to corporate data for AI workflows.
Criticality#
- Standard - Internal tools/low risk
- Business-Critical - Sensitive data/essential ops
- GxP-Critical - Patient safety/drug quality
Why?
The system provides internal productivity tooling for AI-assisted workflows. While it handles corporate data (emails, SharePoint files), it acts as a read-only proxy using user credentials with Azure AD OAuth2 — security is enforced by Microsoft Graph API and existing Entra ID policies. No data is stored, processed, or modified by the connector infrastructure. Risk is mitigated by: - OAuth2 on-behalf-of (OBO) flow — all access is user-scoped - Read-only operations - No persistent storage of enterprise data - Azure AD controls (MFA, conditional access) remain in effect
Classification may be elevated if future connectors access GxP-regulated systems or store/process sensitive data.
Capabilities#
What it does: - Exposes SharePoint data (search, browse, read files) to AI assistants via MCP protocol - Exposes Outlook data (read mail, manage calendar events) to AI assistants via MCP protocol - Exposes Databricks workspaces (Unity Catalog browsing, read-only SQL, Genie natural language queries) to AI assistants via MCP protocol - Authenticates users via Azure AD OAuth2 on-behalf-of (OBO) flow - Provides standardized FastMCP interface for AI assistant integrations - Runs as remote MCP servers deployed to AWS ECS Fargate - Supports template-based scaffolding for new MCP server creation
What it does NOT do: - Store, persist, or cache enterprise data (SharePoint files, emails, calendar events, Databricks query results) - Modify or write data to SharePoint, Outlook, or Databricks (read-only access; Databricks write SQL is explicitly blocked) - Bypass Azure AD authentication or authorization policies - Bypass Databricks Unity Catalog permission enforcement — all data access is user-scoped - Provide direct database or file system access - Function as a data processing or transformation layer - Support non-Microsoft data sources outside the current connector scope
Integrations#
| System | Purpose | Type |
|---|---|---|
| Azure AD (Entra ID) | User authentication and authorization | OAuth2 (OBO flow) |
| Microsoft Graph API | SharePoint and Outlook data access | REST API |
| Databricks REST API | Unity Catalog, SQL warehouse, Genie space discovery | REST API |
| Databricks Managed MCP | Genie Space MCP and SQL MCP proxying | MCP (StreamableHttp) |
| AWS ECS Fargate | Hosting MCP servers | Container orchestration |
| AWS ALB | Load balancing and TLS termination | Application load balancer |
| AWS Route53 | DNS and service discovery | Managed DNS |
| AWS SSM Parameter Store | Secure credential storage (client secrets) | Secrets management |
| GitHub Actions | CI/CD pipeline | Automation |
Data Handled#
User data: - Azure AD tokens (transient — used for authentication, not stored) - User email addresses and identities (from OAuth flow)
Corporate data (read-only, proxied): - SharePoint files and metadata (site names, file names, content) - Outlook email metadata and content (subject, sender, recipients, body) - Calendar events (titles, attendees, times, locations) - Databricks Unity Catalog metadata (catalog, schema, table names and column definitions) - Databricks SQL query results (read-only SELECT output; scoped to user's Unity Catalog permissions) - Databricks Genie Space responses (natural language answers; scoped to user's Genie space access)
Sensitive data: - Azure AD client secrets (stored in AWS SSM Parameter Store) - OAuth2 access tokens (transient, memory-only)
Regulated data: - May include PII (personal identifiable information) from emails and SharePoint - Data classification depends on user's access scope in SharePoint/Outlook - No GxP-regulated data in current scope (standard corporate productivity data)
Compliance#
- GDPR - Handles personal data from Novo Nordisk employees (emails, calendar, names)
- 21 CFR Part 11 - Not applicable (no GxP-regulated data in current scope)
- HIPAA - Not applicable (no PHI in current scope)
- Internal IT Security - Subject to Novo Nordisk IT security policies (authentication, access control, logging)
- Azure AD Compliance - Inherits MFA, conditional access, and security policies from Entra ID
- Data Residency - Deployed in AWS regions compliant with Novo Nordisk data governance
AI-Specific Compliance: - [x] EU AI Act - Limited risk AI system (AI assistant productivity tooling) - [x] Transparency - Users are aware data is accessed by AI assistants via their credentials
Intended Users#
- Novo Nordisk employees using AI assistants (Claude, ChatGPT, custom tools) for productivity workflows
- Developers integrating MCP protocol with AI applications
- IT administrators managing connector infrastructure and app registrations
Operating Environment#
- Deployment: AWS ECS Fargate (dev and prod environments)
- Access: HTTPS endpoints via AWS ALB (
https://<name>.[dev.]connectors.novo-genai.com/mcp) - Authentication: Azure AD OAuth2 (on-behalf-of flow)
- Network: Internet-accessible (protected by Azure AD authentication)
Version: 1.1
Date: 2026-04-28
Owner: RUEK@novonordisk.com, VZA@novonordisk.com
Status: Draft
Change: Added Databricks MCP connector (Unity Catalog, SQL, Genie) to capabilities, integrations, and data handled sections.