Case Study · Von

How Von ships revenue agents that act across every customer's stack

Their agents act inside Salesforce, Gong, Snowflake, HubSpot, and 40+ enterprise systems. Every call runs under the rep's identity, with zero tokens in agent code.

Ship agents like Von See how it works ↓

integrations shipped

auth patterns in production

proxy layer: REST, MCP, custom APIs

tokens in agent code or LLM context

About Von

Von is a revenue intelligence platform. Its agents handle the prep work before reps ever open a tab: surfacing quiet deals, updating records after calls, pulling meeting context on demand.

Every enterprise Von signs runs its own stack of Salesforce, Gong, Snowflake, HubSpot, and a dozen more. Each agent has to act inside those systems, as the rep, under that rep's permissions. Identity was the unlock that made it possible.

✦ ✦

Live

Revenue Intelligence Platform Agents that act before the rep needs them. Salesforce, Gong, Gmail, Snowflake, HubSpot, and every system each customer's sales team lives in.

SF GN SN HS +40

Von + Scalekit agents × every customer org

40+ integrations 4 auth patterns 0 tokens in agent

Every new customer adds another credential surface

When an agent acts on behalf of a user, the auth layer carries a lot. Tokens have to stay valid, scoped to what the user authorized, refreshed on schedule, and never leaked into agent runtime or LLM context. That contract holds across every connector and every org Von onboards, without rewriting auth code for each new customer.

What has to be true on every tool call

Credentials always valid

Refreshed without human intervention

Never held by the agent

✦ ✦

Our agents act across Salesforce, Gong, Google Drive, and dozens more, on behalf of every rep. Scalekit handles the credentials and the tool calling underneath, which lets us keep shipping connectors without rebuilding the auth layer.

Venu Madhav Kattagoni Head of Engineering · Von

Section 01

ToolProxy: the agent calls a tool. That's it.

In most agent codebases, credentials leak everywhere: tokens in env vars, secrets in config files, refresh logic glued in by hand. Von's agents do none of that. They call a tool with a connected account ID, and Scalekit resolves the user, pulls a scoped token from the vault, executes the call, and returns the result.

Agent → Proxy → Connector API

Von Agent

tool call

Calls tool with connected_account_id
Never holds a token
No auth logic in agent code
Zero credential surface

1agent calls tool

→

Scalekit

identity + execution

Resolve user identity
Fetch scoped token from vault
Inject auth headers
Execute API call
Log audit event
Return result to agent

2resolve + execute

→

SalesforceREST

GongREST

GmailREST

SnowflakeREST

HubSpotREST

DriveREST

GranolaMCP

NotionMCP

+ 40 more, REST or MCP

3connectors + MCP servers

Section 02

Every auth pattern enterprise security teams already provision

Every enterprise system picks its own auth pattern. Salesforce expects delegated OAuth. Snowflake expects RSA key-pairs. Azure AD expects its own enterprise app registration. Every customer expects Von to handle whichever flavor they happen to run. Scalekit covers the whole matrix, so Von's team never writes the plumbing.

Pattern

What it does

Connectors

Delegated OAuthUser-scoped access

User connects. Agent acts as user. Token scoped to what they authorized.

OAuth M2MClient credentials

No user. Agent auths as service account. Scalekit handles full token lifecycle.

RSA key-pairProgrammatic service accounts

Private key in Scalekit. Key-pair exchange per call. Key never touches agent runtime.

Service Account JSONGCP backend access

JSON key registered with Scalekit. Stored securely, injected at proxy time.

Google DWDOne connection, all Google APIs

One OAuth connection covers Gmail, Calendar, Drive, and any future Google API.

Static API KeyNon-OAuth connectors

Stored in vault, injected at proxy time. No special handling in agent code.

Single-tenant Azure ADEnterprise Microsoft deployments

Customers' own Azure AD app registration covers M365, Teams, SharePoint, Graph API.

Section 03

MCP servers, tuned for how agents work

Some apps publish MCP servers built specifically for agents to consume. Von accesses them through Scalekit, which gives its agents richer tool descriptions, cleaner discovery, and better outcomes than a generic REST wrapper could deliver. For tools that don't exist in any catalog, customers bring their own MCP servers shaped to their internal workflows, and Von's agents work with them as if they were native.

What MCP unlocks for Von's agents

Tool descriptions designed for agent reasoning, not human readers

Native tool discovery, no OpenAPI guesswork

Custom MCP servers shape agents to each customer's workflows

MCP servers in use

Granola

Notion + Customer MCP servers

How an agent moves through MCP

mcp-flow Flow

Agent reads MCP tool spec → picks the right tool for the task → calls with structured arguments → Scalekit resolves identity, scopes token → MCP server returns rich, structured result → agent acts on it directly

Granola and Notion ship official MCP servers Von routes through today. Scalekit issues a properly scoped token carrying org identity, so the agent never sees the credential and the MCP server gets a request it can trust. Same path covers customer-built servers running on private infra.

Section 04

Custom connectors, beyond the default catalog

Plenty of enterprise stacks include tools no other customer runs: an internal API server, a private data warehouse, a homegrown CRM. Von's team registers each of these as a custom connector tailored to that customer's needs. From the moment it goes live, the connector inherits the same token vault, proxy, auth lifecycle, and audit trail as every prebuilt integration.

register_connector.py Python

scalekit.register_custom_provider( name="internal-crm", auth_type="oauth2", oauth_config={...}, tool_schemas=[...], proxy_url="https://api.internal-crm.com" ) # available to every agent, every org

What every custom connector gets out of the box

Token vault + lifecycle management

Proxy routing

Per-user credential scoping

Audit trail

Available to every agent, every org, from the moment it's registered

Section 05

Multi-tenant agent deployment

Von ships one platform across many enterprise customers. Each customer gets fully isolated credentials, and every agent operates within that org's connected systems — scoped to each user's permissions across every tool call.

What Scalekit handles per customer

SSO with the customer's identity provider

Every agent credential scoped to that org

Agent capped at each user's role in every connected app

Tenant isolation, per enterprise customer

Acme Corp

Isolated

Salesforce · Gonguser-scoped tokens

Credential-isolatedscoped per user

Vertex Inc

Isolated

HubSpot · Snowflakeuser-scoped tokens

Credential-isolatedscoped per user

Delta Co

Isolated

Outlook · Teamsuser-scoped tokens

Credential-isolatedscoped per user

Each enterprise customer's agents work within their own org's connected systems.

A user's permissions set the ceiling for what their agent can reach.

Enforced

Section 06

Agent tool observability

Every enterprise deal eventually runs into one question: prove what an agent did, for which user, under what scope. Scalekit answers it by default. Each tool call routes through the proxy, where the agent, user, tenant, tool, scope, and duration land as a structured audit event, with zero custom instrumentation in Von's code. Security reviews close faster, SOC2 evidence is one query away, and Von's team ships revenue agents instead of a logging pipeline to defend them.

Results

40+ integrations. Zero identity rewrites.

integrations shipped, zero rewrites

auth patterns in production

proxy: REST, MCP, custom APIs

tokens in agent code or LLM context

All

tool calls scoped + auditable

Any

enterprise: domain locked, live

Von · Head of Engineering

We looked hard at building the token vault, the proxy layer, and per-user credential isolation ourselves. The honest answer was months of infra work upfront, and then chasing every connector's auth quirks forever. Scalekit is that infrastructure.

Venu Madhav Kattagoni · Head of Engineering, Von

The blueprint for multi-tenant agent deployment

Every enterprise customer gets agents acting under their users' permissions, with isolated credentials and a complete audit trail behind them. Von's team spent its time shipping revenue agents, not rebuilding identity infrastructure.

ToolProxy

An agent calls a tool with a connected account ID. Scalekit resolves the user, pulls a scoped credential from the vault, executes the call, and returns the result. Zero tokens in agent code, zero tokens in LLM context.

Token Vault + Proxy

Multi-auth connector registry

Each connector uses whichever auth pattern the underlying system actually wants, from OAuth to RSA key-pairs to static API keys to Azure AD. The registry handles the flow. Von defines the provider, never the plumbing.

Identity + Connectors

Agent logs, out of the box

Every tool call is captured at the proxy — agent, user, tenant, scope, and duration. No logging code in Von's stack. Security reviews and customer audits answered by architecture.

Observability

Without this pattern

✕Credentials in agent config or LLM context

✕Service account with org-wide access

✕Manual token refresh per connector

✕Auth layer rewritten per new enterprise

✕Months of infra for 7 auth patterns

With Von + Scalekit

Zero tokens in agent code or LLM context

Every call scoped to what the user authorized

Automatic token lifecycle, every connector

New enterprise: domain locked, isolated, live

Security reviews answered by architecture

✦ ✦ ✦

Building revenue agents that act across enterprise stacks?

Tool calling, custom connectors, multi-tenant isolation, and full audit trail. The infrastructure ships out of the box.

Get started free See the docs →