When a third-party application, such as Claude or Cursor, requests OAuth access to your Pendo subscription, Pendo checks the redirect URL against a list that your organization admins maintain. If the domain isn't on that list, the authorization screen pauses the flow and lets you request approval instead of silently denying the connection. This lets users request access to new apps without needing admin permissions.
Any app that uses Pendo OAuth can appear in the approvals table, including MCP connectors like Claude and Cursor, as well as other integrations like Slack.
Request OAuth access
When you connect a third-party app that uses Pendo OAuth, Pendo sends you to its authorization page and verifies the redirect URL the app sent.
If the domain is already approved. The page shows the permission summary (the app name, the scopes it's requesting, and your active subscription) along with buttons to allow or deny the connection.
If the domain hasn't been requested yet. You can choose between:
- Return to app. Sends you back to the third-party app with an
access_deniedresponse. No request is recorded. - Request approval. Submits the redirect URL to your organization admins for review. A organization admin can approve this domain in Settings > Organization settings > OAuth approvals. Use this option if you want to use the integration.
After you select Request approval, the page moves into a pending state.
If a request is pending. The page confirms that a request has been submitted. The request stays open until an admin acts on it.
From here, you can:
- Return to app. Exit the flow without waiting.
- Check status. Poll Pendo again. If an admin has approved the domain, the page advances to the standard Allow and Deny options. If the request is still open, the page shows the date and time of the last check, for example, "Still pending as of May 28, 2026 at 3:06 PM."
You can close the tab and come back later. The request stays open in the background.
Note: Organization admins receive an email notification when a request is submitted. They can also review pending requests at any time by opening the OAuth approvals tab in organization settings.
If the domain was denied. The page shows that the app can't connect to your Pendo organization using this redirect URL. The only available action is Return to app. Contact your organization admin if you need this domain reviewed again.
If Pendo can't verify the domain. If the domain check fails (for example, because of a network issue) your options are Try again or Return to app.
Manage OAuth approval requests
You must be an organization admin to manage OAuth approval requests. Go to Settings > Organization settings > OAuth approvals. Organization admins receive an email notification when a new request is submitted. You can also check this tab at any time to see pending requests.
Review pending requests
The OAuth approvals tab lists every redirect URL that's been requested, approved, or rejected for the organization. If no requests have been submitted yet, the table shows a message that there's nothing to approve.
Note: Approval is tied to the scheme + host part of the URL, not the full path. Approving https://example.com/oauth/callback means any redirect URL starting with https://example.com/ from any OAuth client used with your organization is accepted. Reject the request if the domain isn't one your organization trusts.
The table includes the following columns:
| Column | Description |
| Redirect URI | The full URL submitted by the third-party app (scheme, host, and path). |
| Status | The current approval state. Open the dropdown to select Approved or Rejected for any row, including ones you've already resolved. |
| Requested on | When the user selected Request approval. |
| Requested by | The user who submitted the request. |
| Reviewed on | When the admin last approved or rejected the request. |
Use the Filter by dropdown to narrow the list. The default is All statuses, which shows every request with pending requests (Waiting approval) sorted to the top.
Approve or reject a domain
To approve or reject a request:
- Select the Waiting approval filter, or keep All statuses and find the pending request in the table.
- Open the Status dropdown for the row.
- Select Approved or Rejected.
The row updates immediately. Your name and the current timestamp appear in Reviewed by and Reviewed on. A toast confirms the domain was approved or rejected.
Change a previous decision
Approvals and rejections aren't permanent. To change an existing decision:
- Find the row in the OAuth approvals table.
- Open the Status dropdown.
- Select the other option (Approved or Rejected).
The user who originally requested the domain isn't re-notified, but they see the updated state the next time they open the authorize page or select Check status.