Skip to content
xAI API · Grok Connectors · MCP · Grok-4
PortEden

Secure Your Data With Grok

PortEden makes Grok ready for the work your team actually needs done. Grok Connectors, remote MCP servers, function-calling on the xAI API, and long-running Grok-4 agent loops all get an audited, redacted data layer — so Grok answers questions you couldn't safely ask it before.

See pricing

xAI API · Function-calling · 5-minute setup

Works With What You Already Use
Gmail
Gmail
Outlook
Outlook
Google Calendar
Google Calendar
Google Drive
Google Drive
Google Docs
Google Docs
OneDrive
OneDrive
SharePoint
SharePoint
Teams
Teams
Slack
Slack
Notion
Notion
Asana
Asana
Monday
Monday
Linear
Linear
Jira
Jira
Confluence
Confluence
Entra ID
Entra ID
Better Together

What PortEden Adds to Grok

  • Grok Connectors (launched May 2026) plug SharePoint, Outlook, OneDrive, Google Workspace, Notion, GitHub, and Linear directly into Grok — but they ground on whatever the user's OAuth scope grants. PortEden sits in front of those connectors so the data Grok receives is governed by your redaction and access rules, not just by the user's underlying permission.
  • xAI's remote MCP support lets you point Grok at any MCP server, including a 'bring your own' gateway. PortEden registers as a first-class MCP server, so Grok picks up redaction, per-tool RBAC, and an exportable audit log on every tool call — no per-agent code changes.
  • Grok's function-calling spec also maps cleanly onto the PortEden CLI — each function declaration corresponds to a CLI subcommand. Whether you adopt MCP or stay on function-calling, the firewall is configuration, not architectural rework, and the model's reasoning loop is unchanged.
  • Grok-4 chains tool calls across extended reasoning loops. PortEden produces an end-to-end audit trail covering every tool call in the chain (request, decision, redacted response), so long-running agentic deployments remain reviewable, exportable, and aligned with your retention policy.
xAI API Documentation
Capability Matrix

Grok With PortEden: What You Get

Real-time PII redaction in tool responses
50+ identifier types stripped before xAI receives the response
GrokNo
+ PortEdenYes
Per-tool, per-action RBAC
GrokNo
+ PortEdenYes
Per-contact / per-domain firewall rules
GrokNo
+ PortEdenYes
SIEM-exportable audit log
GrokNo
+ PortEdenYes
Native MCP support (remote MCP + Bring Your Own MCP)
xAI shipped remote MCP tools in 2026; PortEden registers as an MCP server
GrokYes
+ PortEdenYes
Grok Connectors (SharePoint, Outlook, Drive, Notion…)
Native connectors ground on raw OAuth scope; PortEden adds the firewall
GrokYes
+ PortEdenYes
Function-calling tool integration
PortEden CLI as a function tool
GrokYes
+ PortEdenYes
Long-running agent loops (Grok-4)
Every chained tool call routes through PortEden
GrokYes
+ PortEdenYes
Token-context reduction (smaller, faster prompts)
~80% reduction via context hygiene
GrokNo
+ PortEdenYes
IdP identity sync (Okta / Entra / Google Workspace)
Permissions revoke with the rest of the user's accounts
GrokNo
+ PortEdenYes
Confirm-before-write on destructive actions
Send / delete / forward require explicit confirmation
GrokNo
+ PortEdenYes
One-click revocation across surfaces
GrokNo
+ PortEdenYes
Tool-Use Coverage

Every Grok Surface, One Firewall

Connection: Remote MCP + Grok Connectors + Function-calling + CLI

Grok with remote MCP (Bring Your Own MCP)

Point Grok at the PortEden MCP server URL. xAI's remote MCP support handles transport; PortEden enforces redaction, RBAC, and audit on every tool call — same model Claude and ChatGPT use.

Setup guide

Grok Connectors (Web / iOS / Android)

When Grok Connectors call SharePoint, Outlook, OneDrive, Drive, Notion, GitHub, or Linear, PortEden's proxy applies your access rules in front of them — connector convenience without the OAuth-scope blast radius.

Setup guide

xAI API function-calling (Grok-3 / Grok-4)

Declare PortEden CLI commands as function tools on the xAI API. Grok calls them; your code runs the porteden binary; redacted JSON flows back. Same model whether you use Grok-3 for cheap calls or Grok-4 for deeper reasoning.

Setup guide
Tooling Notes
  • xAI launched remote MCP support and 'Bring Your Own MCP' in 2026 — PortEden plugs in as a first-class MCP server.
  • Grok Connectors (launched May 2026) covers SharePoint, Outlook, OneDrive, Google Workspace, Notion, GitHub, Linear; PortEden sits in front of those connectors to enforce your firewall, not just the user's OAuth scope.
  • Function-calling is still fully supported — PortEden CLI commands map 1:1 to Grok function declarations for teams not yet on MCP.
  • Grok-4's extended reasoning loops can chain dozens of tool calls per turn; PortEden's per-token monthly quota keeps loops bounded.
  • Per-token monthly quotas, contact-level access rules, and field-level redaction all apply uniformly across Grok surfaces and models.
  • Revoking the token at my.porteden.com immediately stops Grok mid-flight; the next tool call gets a 401 and the agent surfaces a clean error.

Connect Grok in 5 Minutes

1

Generate a PortEden API key

At my.porteden.com, create a token scoped to the data Grok needs and the actions you want it to take.

2

Wire the token into Grok

Declare PortEden CLI commands (or the REST API) as function tools on the xAI API. Pass the PortEden token as a Bearer header on every tool call.

3

Use Grok on real data

Ask Grok about anything in your stack. Every tool call routes through PortEden — redaction, RBAC, and audit happen automatically.

Read the xAI integration guide →
Grok + PortEden

Five-Minute Setup. Free While You Test.

Connect a data source, plug Grok into PortEden, and put Grok to work on the data your team actually needs to handle.

Read the xAI API guide

Frequently Asked Questions

Does Grok actually support MCP, or is this a custom integration?
MCP is native. xAI shipped remote MCP support on the Grok API and added 'Bring Your Own MCP' in 2026, alongside the Grok Connectors launch (May 6, 2026). PortEden registers as a first-class MCP server, and Grok calls it the same way it calls any other MCP endpoint. Function-calling is still supported if you'd rather keep that path — PortEden CLI commands map 1:1 to Grok function declarations.
How does PortEden interact with Grok Connectors (SharePoint, Outlook, Drive)?
Native Grok Connectors ground on the user's raw OAuth scope, which is the same oversharing risk M365 Copilot hit on its rollout. PortEden's proxy applies per-site, per-contact, and per-label rules in front of those connectors, so Grok grounds on the data your policies have explicitly approved — not just on whatever the user can technically access.
Does this work with Grok-3 and Grok-4 both?
Yes — model choice is on the Grok side. PortEden returns the same redacted JSON regardless of which Grok variant calls it. Use Grok-3 for cheap high-volume tool calls and Grok-4 when you need extended reasoning loops or deeper analysis.
Does xAI get a copy of my data through Grok?
xAI sees the redacted output PortEden returns to the tool call — never the raw email, calendar, or drive payload. Identifiers, free-text PII, and any field your access rules block are replaced with placeholders before the response leaves PortEden's perimeter. PortEden audits the tool call request and the redacted response; we don't see the user's prompt to Grok or Grok's final answer.
What happens when Grok's tool call gets blocked by an access rule?
The CLI or REST endpoint returns a structured permission-denied response. Grok sees the rejection and surfaces it in the answer ("I tried to read that file but your firewall blocked it"). The audit log captures the tool call, the arguments, and the rule that fired — no silent failures.
Can a single Grok agent serve multiple users with different access rules?
Yes. Pass a per-user PortEden token as a Bearer header on every tool call. Each call is audited under the calling user's token, and access rules apply per-token — so the same Grok deployment can serve multiple users without leaking data across them.
How does this work for long-running Grok-4 agent loops?
Every tool call in the loop routes through PortEden, so redaction and RBAC apply on every step. Per-token monthly quotas keep loops bounded — exceed the quota and the next tool call gets a clean "quota exceeded" response, which Grok can surface to the user. The audit log captures the full chain, end-to-end.
Will this slow Grok down?
Redaction adds ~150-200 ms per tool call. Because PortEden also reduces token usage by ~80% via context hygiene, end-to-end latency typically drops on data-heavy tasks. Grok answers faster on PortEden's clean payloads than on a raw API response.
Is there a free tier?
Yes — free for solo licensed practitioners and small developer use. Higher monthly tool-call quotas, SSO, and SIEM export are on paid plans. See pricing for details.

Keep Exploring

Get More From Grok With PortEden

Five-minute setup. Free tier for solo licensed practitioners. Same AI you already use — now ready for the work your team actually needs to do.

Talk to sales

Rolling out to a whole team? Talk to sales →