Activation required. AI access management must be enabled for your tenant before you can use it. To get started, contact the C1 support team for a walkthrough.
Review and govern tools
Tools must be reviewed and approved before end users can request them. Use the sections below to work through the full governance workflow.View discovered tools
1
In AI > MCP, open a registered server.
2
Click the Tools tab.
Classify a tool
C1 captures two classification axes per tool. Both are metadata only — there is no enforcement layer that uses them. They exist so admins can filter and reason about tools, and so enforcement can be built on top later.
To classify a tool:
1
Open the tool’s detail panel from the Tools tab.
2
Set Action and Risk.
3
Click Save.
Approve or disable a tool
A tool must be Approved before it can be added to any toolset.
To change state:
1
Select one or more tools (bulk selection is supported).
2
Click Approve or Disable.
Per-tool overrides
Each approved tool has overrides that take precedence over the tenant defaults.Tool lifecycle on re-sync
C1 periodically re-runs tool discovery against each registered MCP server. When the inventory changes:- New tool detected — added to the list as Unset.
- Existing tool changes (description, parameters) — the change is recorded; the tool keeps its current state and classification.
- Tool disappears — the tool is marked Removed. It stays in toolsets (skipped at call time) until an admin removes it explicitly.
Create and manage toolsets
A toolset is a named bundle of approved tools.C1-maintained toolsets
C1 ships and auto-maintains two toolsets per tenant:- All approved tools — every tool in Approved state across the server.
- All read tools — every Approved tool with Action = Read.
Create a custom toolset
Custom toolsets are manually curated — they do not auto-populate based on classification. If you approve a new tool that you want included, you have to add it to the toolset yourself.1
Go to AI access management > Toolsets.
2
Click Add toolset.
3
Enter a name. Optional. Enter a description.
4
Click Save.
5
Click back into the toolset to add approved tools.
Bind a toolset to an access profile
AIAM uses C1’s existing access profile mechanism. A toolset becomes requestable by end users only after it is bound to an access profile. There are two ways to do this.Option 1: From the toolset
When creating or editing a custom toolset, you can link it to an access profile directly. This is the fastest path when you’ve just created a custom toolset and already know which access profile it belongs to.1
Open the toolset.
2
Select an existing access profile to bind it to.
Option 2: From the access profile
You can also start from the access profile side and add toolsets as entitlements. This is required for C1-maintained toolsets and is the better path when you’re setting up access profiles from scratch or adding multiple toolsets to a single profile.1
Go to Access profiles and either create a new profile or open an existing one.
2
Add the toolset as an entitlement — both C1-maintained toolsets (All approved tools, All read tools) and custom toolsets appear as options.
3
Set the access policy on the profile (auto-approve, JIT with expiry, or approval required).
4
Publish the access profile to the catalog.