For Coda Enterprise only: Manage Coda AI access for your org's workspaces, and control how org members connect to the Coda MCP
As an Enterprise org admin, you have control over AI and MCP usage across your organization. The AI and MCP controls page of your admin settings lets you manage both AI access and MCP authentication - so you can align these capabilities with your organization's security policies.
AI access
The AI access setting lets you control which workspaces in your org have access to Coda AI. Docs in a workspace that isn't approved for AI access will not have access to any Coda AI capabilities - regardless of who is using the doc.
Please note that if your organization requires HIPAA compliance, AI is automatically turned off for all workspaces and you therefore will not see these AI controls in your admin settings.
Update your AI access setting
If you're an org admin on an Enterprise plan, follow these steps:
- Go to coda.io/docs
- In the left panel, click on the three-dot menu next to your workspace name, then select Admin settings
- Navigate to AI and MCP → AI and MCP controls
- Under AI access, click Change
- In the modal that appears, select or deselect workspaces to control which ones have access to Coda AI. You can also use the Select all or Clear buttons if needed.
- Click Confirm to save your changes
Changes take effect immediately.
MCP: Personal access tokens
A personal access token (PAT) is an authentication method that allows members to connect to the Coda MCP via internal apps, scripts, or custom integrations. Unlike OAuth, PATs are long-lived credentials that members generate and manage themselves.
Because PATs offer persistent access without requiring re-authentication, they are best suited for technical users building internal tooling. If most members in your org connect to the MCP through standard AI tools like Claude or Cursor, OAuth is likely the more appropriate method for them - and you therefore may want to restrict PAT access accordingly.
Update your PAT access setting
If you're an org admin on an Enterprise plan, follow these steps:
- Go to coda.io/docs
- In the left panel, click on the three-dot menu next to your workspace name, then select Admin settings
- Search for - or scroll to - AI and MCP (within the Security section), then select the AI and MCP controls page
- Under MCP: Personal access token, select your preferred access level (see Access options below)
- Click Confirm to confirm the change
Changes take effect immediately. If you choose to restrict access, any existing tokens will be blocked from using the MCP. This means that any users who have already connected to the MCP using PATs will have their MCP requests fail. We therefore suggest notifying your org members of this change.
Note that restricting access in this way blocks existing tokens rather than revoking them entirely. Therefore, if you later lift the restrictions, those existing MCP connections will be automatically restored. If you instead wish to permanently revoke the MCP tokens, you can do so via the Admin API.
Access options
Org admins can choose from three settings for MCP personal access token access:
- Allow for all members: Any member of your org can generate and use a personal access token to connect to the MCP.
- Allow for selected members: Only specific members you designate can use PAT-based authentication. If you choose this option, you will be directed to a new PAT member management page, where you can add and remove members as needed.
- Allow for no members: PAT-based authentication is disabled for all members in your org.
FAQs
Does disabling AI for a workspace apply to the workspace's docs or its members?
It applies to docs. When you disable AI for a workspace, Coda AI is turned off for all docs in that workspace, regardless of who opens them. Members who belong to other workspaces where AI is still enabled can still use Coda AI in docs from those workspaces.
What's the difference between PAT and OAuth for MCP access?
Personal access tokens are manually generated credentials, best suited for members connecting to the MCP through scripts, internal tools, or custom integrations. OAuth is the recommended method for most members, as it uses a standard login flow and doesn't require managing long-lived credentials. You can configure each authentication method independently in your admin settings.
If I restrict PAT access, will members currently using a PAT lose access immediately?
Yes - if you restict PAT access, any members who have already connected to the Coda MCP using tokens will automatically lose access.
If I later choose to restore access to PATs, will previously-created tokens begin to work again?
Changing the access rules for PATs simply blocks any existing tokens. Therefore, unless you explicitly revoked the tokens using Coda's Admin API, these existing tokens will be unblocked when you restore access.
Can I allow PAT access for only certain members of my org?
Yes. Selecting Allow for selected members lets you restrict PAT access to a specific subset of your org. You will then manage who does and doesn't have access via the PAT member management tab of your admin settings.
Does this the PAT access setting affect OAuth access?
No. The PAT controls only affect connecting to the MCP via personal access tokens.