Summary

Please support connecting multiple separately authorized accounts for the same app/connector, with explicit account selection and hard privacy boundaries.

This is different from switching the active Codex/OpenAI account or profile. One Codex session may need to work with multiple accounts for the same external service: personal Gmail and work Gmail, multiple Slack workspaces, a client Google Drive and a company Google Drive, or personal and work Google Calendars.

Today, the app/connector model appears oriented around one active connection per provider. That creates two problems:

• users have to disconnect/reconnect or switch context manually, which is slow and error-prone;
• Codex/ChatGPT can become unsafe to use for connector workflows if it is unclear which mailbox, workspace, Drive, calendar, or tenant a tool call will read from or write to.

Why this matters

This is a normal workflow for many users, not an edge case:

• Search a personal Gmail account for a receipt, then a work Gmail account for a customer thread.
• Use an internal Slack workspace and one or more client Slack workspaces.
• Compare availability across personal and work Google Calendars.
• Search a company Google Drive without also exposing personal Drive content.
• Work with more than two accounts when consulting, freelancing, or managing multiple businesses.

The current documentation reinforces the single-selected-account limitation in a few places:

• Slack is documented as one workspace at a time, requiring disconnect/reconnect to switch workspaces.
• Google app access is tied to the Google account chosen during setup.
• Google Drive setup warns users with multiple Google accounts to choose the work account and uses domain matching to prevent accidentally connecting the wrong account.

Those are useful safety controls, but the missing product capability is first-class support for multiple named connections at the same time.

Proposed behavior

Codex/ChatGPT should allow multiple named app/connector connections per provider, for example:

• Gmail - Personal
• Gmail - Work
• Slack - Internal
• Slack - Client A
• Google Drive - Company
• Google Calendar - Personal

Expected behavior:

• A user can connect more than one account/workspace for the same app/connector.
• Each connected account has a clear user-visible label, such as email address, workspace name, organization name, or user-defined nickname.
• Users can set defaults per connector, per thread, or per workspace, while still seeing which account is being used.
• When a request is ambiguous, Codex/ChatGPT asks which connected account to use before reading data or taking action.
• Prompts can target a named connection directly, e.g. "search Work Gmail" or "send this in Client A Slack".
• Tool calls expose and enforce the selected connection identity instead of silently choosing among available accounts.
• Search results, citations, and action confirmations show which account/workspace they came from.
• Users can disconnect or refresh one connected account without disturbing other accounts for the same provider.

Privacy and safety requirements

Account boundaries should be explicit and enforceable:

• Do not silently merge personal, work, and client data.
• Cross-account search, summarization, or comparison should require an explicit user instruction.
• Side-effecting actions such as sending email, posting Slack messages, editing Drive files, sharing documents, or changing calendar events should clearly confirm the selected account/workspace before execution.
• If the requested account/workspace does not match the active connector identity, fail closed instead of falling back to another account.
• Admin-managed accounts should be able to enforce domain, workspace, retention, audit, and policy restrictions.
• Memory/context should not make information from one account implicitly safe to reuse in another account context.

Related and adjacent issues

This request is related to, but narrower than, general Codex account/profile switching:

• https://github.com/openai/codex/issues/4432 - first-class multi-account auth via auth profiles
• https://github.com/openai/codex/issues/12029 - ability to use more than one Codex account
• https://github.com/openai/codex/issues/14330 - environment isolation across accounts/config/tools

It also generalizes several connector-specific problems:

• https://github.com/openai/codex/issues/19489 - Microsoft 365 connectors need explicit account and tenant selection
• https://github.com/openai/codex/issues/19669 - Slack connector stale OAuth / no reliable hot-swap path
• https://github.com/openai/codex/issues/20286 - Vercel connector cannot recover from revoked or stale OAuth grant after account switch
• https://github.com/openai/codex/pull/20265 - keys remote plugin cache by account/workspace identity, which helps with stale account state but does not appear to provide multiple simultaneous named connector accounts

Acceptance criteria

• A user can connect at least two accounts for the same provider, such as two Gmail accounts or two Slack workspaces.
• The UI clearly shows all connected accounts for a provider and which one is active for a given request.
• Ambiguous connector requests prompt for account/workspace selection before any data access.
• Connector/tool calls can target a specific named connection.
• Connector results identify the source account/workspace.
• External actions confirm the selected account/workspace before execution.
• Data from different accounts is not combined unless the user explicitly asks for cross-account work.
• Disconnecting or refreshing one account does not break other accounts for the same provider.
• Enterprise/Business admins can restrict which domains/accounts/workspaces users may connect.