OpenAPI Action for both flavours: Custom GPT (for individual users on ChatGPT Plus) and ChatGPT Enterprise / Team (workspace-level connector with SSO). Same OpenAPI manifest works for both. AegisAI is a resource server — ChatGPT performs the OAuth code grant against your IdP (Entra ID, Okta, Auth0, IAS), and AegisAI verifies the resulting JWT via JWKS. Setup time: about ten minutes for Custom GPT, fifteen for Enterprise.
ChatGPT → Explore GPTs → Create. Paste action-openapi.yaml into the Schema field and instructions.md into Instructions. Set Authentication to OAuth and point it at your IdP's authorize and token URLs (Entra ID, Okta, Auth0, IAS, Cognito — whichever your enterprise runs). AegisAI verifies the resulting JWT via JWKS rotation; it does not host its own OAuth provider.
Workspace settings → Connectors → Add. Same manifest, same IdP-driven OAuth — except workspace SSO means the user is already signed in to your IdP, so the consent step is silent. Publish to the whole workspace or specific groups.
samples/connectors/chatgpt/.| File | Purpose |
|---|---|
README.md | Setup walkthrough for both Custom GPT and Enterprise. |
action-openapi.yaml | OpenAPI 3.1 spec formatted exactly the way ChatGPT's Action editor parses it. |
instructions.md | Suggested system instructions — when to call the action, how to render the response, what never to do. |
Custom GPTs with OAuth are gated behind ChatGPT Plus. Anonymous users can install the GPT but can't sign in to AegisAI from it. Use Enterprise if you need workspace-wide rollout.
Custom GPT actions don't pass uploaded files through. ChatGPT can extract the text and send it as intent, but AegisAI never sees the file directly.
OpenAI rate-limits the Action chain. A single user message that fans out into 5+ tool calls may stall. Keep intent precise enough that one call does the job.