diff --git a/src/authsome/server/routes/connections.py b/src/authsome/server/routes/connections.py
index b2a6a813..6b950a30 100644
--- a/src/authsome/server/routes/connections.py
+++ b/src/authsome/server/routes/connections.py
@@ -7,6 +7,7 @@
 from authsome.server.analytics import capture_event
 from authsome.server.credential_service import CredentialService
 from authsome.server.routes._deps import (
+    build_auth_service,
     get_daemon_or_browser_auth_service,
     get_protected_auth_service,
     get_vault_registry,
@@ -32,6 +33,13 @@ async def _connection_detail(
 ) -> ConnectionDetailResponse:
     definition = await auth.get_provider(provider)
     record = await auth.get_connection(provider, connection)
+    global_pointer = await auth.global_connections.get(provider)
+    is_global = (
+        global_pointer is not None
+        and global_pointer.owner_principal_id == record.principal_id
+        and global_pointer.owner_vault_id == record.vault_id
+        and global_pointer.connection_name == record.connection_name
+    )
     return ConnectionDetailResponse(
         provider=record.provider,
         provider_display_name=definition.display_name,
@@ -56,15 +64,41 @@ async def _connection_detail(
         ),
         can_set_default=can_set_default,
         can_set_global=can_set_global,
+        is_global=is_global,
     )
 
 
+async def _provider_connection_counts(request: Request, auth: CredentialService) -> dict[str, int]:
+    if auth.principal_role != PrincipalRole.ADMIN:
+        return {}
+
+    counts: dict[str, int] = {}
+    for principal in await request.app.state.store.principals.list_all():
+        resolved = await request.app.state.ownership_resolver.resolve_for_principal(principal_id=principal.principal_id)
+        if resolved is None:
+            continue
+        principal_auth = build_auth_service(
+            request,
+            identity=None,
+            principal_id=principal.principal_id,
+            principal_role=principal.role,
+            vault_id=resolved.vault_id,
+        )
+        for group in await principal_auth.list_connections():
+            counts[group["name"]] = counts.get(group["name"], 0) + len(group["connections"])
+    return counts
+
+
 @router.get("/connections")
-async def list_connections(auth: CredentialService = Depends(get_daemon_or_browser_auth_service)):
+async def list_connections(
+    request: Request,
+    auth: CredentialService = Depends(get_daemon_or_browser_auth_service),
+):
     by_source = await auth.list_providers_by_source()
     return {
         "connections": await auth.list_connections(),
         "global_connections": [row.model_dump(mode="json") for row in await auth.list_global_connection_summaries()],
+        "provider_connection_counts": await _provider_connection_counts(request, auth),
         "by_source": {
             source: [provider.model_dump(mode="json") for provider in providers]
             for source, providers in by_source.items()
diff --git a/src/authsome/server/schemas.py b/src/authsome/server/schemas.py
index c515994b..d550a037 100644
--- a/src/authsome/server/schemas.py
+++ b/src/authsome/server/schemas.py
@@ -226,3 +226,4 @@ class ConnectionDetailResponse(BaseModel):
     secrets: ConnectionSecretsResponse = Field(default_factory=ConnectionSecretsResponse)
     can_set_default: bool = False
     can_set_global: bool = False
+    is_global: bool = False
diff --git a/tests/server/test_connection_details.py b/tests/server/test_connection_details.py
index 370b7782..1fc76d5e 100644
--- a/tests/server/test_connection_details.py
+++ b/tests/server/test_connection_details.py
@@ -129,6 +129,36 @@ def test_admin_can_make_own_connection_global_from_detail(monkeypatch, tmp_path:
     assert response.json()["can_set_global"] is True
 
 
+def test_connection_detail_marks_current_global_connection(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("AUTHSOME_HOME", str(tmp_path))
+    with create_server_test_client() as client:
+        admin = _claim_identity(client, tmp_path, "admin-ready-boldly-0001", email="admin@example.com")
+        admin_ctx = asyncio.run(client.app.state.ownership_resolver.resolve(identity=admin.handle))
+        _put_connection(client, admin_ctx.principal_id, admin_ctx.vault_id, "secondary")
+        _put_connection(client, admin_ctx.principal_id, admin_ctx.vault_id, "default")
+        assert (
+            client.post(
+                "/api/connections/github/default/global",
+                headers=_auth_header(tmp_path, "POST", "/api/connections/github/default/global", handle=admin.handle),
+            ).status_code
+            == status.HTTP_200_OK
+        )
+
+        global_response = client.get(
+            "/api/connections/github/default/detail",
+            headers=_auth_header(tmp_path, "GET", "/api/connections/github/default/detail", handle=admin.handle),
+        )
+        secondary_response = client.get(
+            "/api/connections/github/secondary/detail",
+            headers=_auth_header(tmp_path, "GET", "/api/connections/github/secondary/detail", handle=admin.handle),
+        )
+
+    assert global_response.status_code == status.HTTP_200_OK
+    assert global_response.json()["is_global"] is True
+    assert secondary_response.status_code == status.HTTP_200_OK
+    assert secondary_response.json()["is_global"] is False
+
+
 def test_admin_logout_targets_other_principal_connection(monkeypatch, tmp_path: Path) -> None:
     monkeypatch.setenv("AUTHSOME_HOME", str(tmp_path))
     with create_server_test_client() as client:
diff --git a/tests/server/test_global_connections.py b/tests/server/test_global_connections.py
index ee980ec6..7e1f22f9 100644
--- a/tests/server/test_global_connections.py
+++ b/tests/server/test_global_connections.py
@@ -114,6 +114,32 @@ def test_admin_can_make_connection_global_and_user_sees_redacted_summary(monkeyp
     assert raw_response.status_code == status.HTTP_404_NOT_FOUND
 
 
+def test_admin_connections_include_provider_counts_across_principals(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("AUTHSOME_HOME", str(tmp_path))
+    with create_server_test_client() as client:
+        admin = _claim_identity(client, tmp_path, "admin-ready-boldly-0001", email="admin@example.com")
+        _claim_identity(client, tmp_path, "steady-wisely-boldly-0042", email="user@example.com")
+        _claim_identity(client, tmp_path, "calmly-simply-boldly-0043", email="second@example.com")
+        user_ctx = asyncio.run(client.app.state.ownership_resolver.resolve(identity="steady-wisely-boldly-0042"))
+        second_ctx = asyncio.run(client.app.state.ownership_resolver.resolve(identity="calmly-simply-boldly-0043"))
+        _put_connection(client, user_ctx.principal_id, user_ctx.vault_id, "default")
+        _put_connection(client, second_ctx.principal_id, second_ctx.vault_id, "team")
+
+        admin_response = client.get(
+            "/api/connections",
+            headers=_auth_header(tmp_path, "GET", "/api/connections", handle=admin.handle),
+        )
+        user_response = client.get(
+            "/api/connections",
+            headers=_auth_header(tmp_path, "GET", "/api/connections", handle="steady-wisely-boldly-0042"),
+        )
+
+    assert admin_response.status_code == status.HTTP_200_OK
+    assert admin_response.json()["provider_connection_counts"] == {"github": 2}
+    assert user_response.status_code == status.HTTP_200_OK
+    assert user_response.json()["provider_connection_counts"] == {}
+
+
 def test_global_connection_resolves_for_explicit_default_and_proxy_routes(monkeypatch, tmp_path: Path) -> None:
     monkeypatch.setenv("AUTHSOME_HOME", str(tmp_path))
     with create_server_test_client() as client:
diff --git a/ui/src/app/(authenticated)/layout.tsx b/ui/src/app/(authenticated)/layout.tsx
index 58828a91..5e754f51 100644
--- a/ui/src/app/(authenticated)/layout.tsx
+++ b/ui/src/app/(authenticated)/layout.tsx
@@ -37,7 +37,6 @@ function pathToView(pathname: string): View {
     connections: "connections",
     agents: "agents",
     principal: "principals",
-    vault: "vault",
     audit: "audit",
     settings: "settings",
   };
@@ -57,7 +56,6 @@ function buildBreadcrumbs(
     connections: "Connections",
     agents: "Agents",
     principal: "Principals",
-    vault: "Vault",
     audit: "Audit Log",
     settings: "Settings",
   };
diff --git a/ui/src/app/(authenticated)/vault/page.tsx b/ui/src/app/(authenticated)/vault/page.tsx
deleted file mode 100644
index 5d3c9b7f..00000000
--- a/ui/src/app/(authenticated)/vault/page.tsx
+++ /dev/null
@@ -1,12 +0,0 @@
-"use client";
-
-import useSWR from "swr";
-
-import { VaultView } from "@/components/authsome-dashboard";
-import { fetchDashboard } from "@/lib/authsome-api";
-
-export default function VaultPage() {
-  const { data } = useSWR("authsome-dashboard", fetchDashboard);
-  if (!data) return null;
-  return <VaultView data={data} />;
-}
diff --git a/ui/src/app/globals.css b/ui/src/app/globals.css
index 07f068ca..5807bce3 100644
--- a/ui/src/app/globals.css
+++ b/ui/src/app/globals.css
@@ -148,4 +148,12 @@
   textarea {
     letter-spacing: 0;
   }
+  button:not(:disabled),
+  [role="button"]:not([aria-disabled="true"]) {
+    cursor: pointer;
+  }
+  button:disabled,
+  [role="button"][aria-disabled="true"] {
+    cursor: not-allowed;
+  }
 }
diff --git a/ui/src/app/not-found.tsx b/ui/src/app/not-found.tsx
new file mode 100644
index 00000000..a0b06c8c
--- /dev/null
+++ b/ui/src/app/not-found.tsx
@@ -0,0 +1,27 @@
+import Link from "next/link";
+import { ArrowLeft, CircleAlert } from "lucide-react";
+
+import { buttonVariants } from "@/components/ui/button";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
+
+export default function NotFound() {
+  return (
+    <main className="flex min-h-screen items-center justify-center bg-background px-4 py-8">
+      <Card className="w-full max-w-md border-border/70 shadow-none">
+        <CardHeader>
+          <div className="mb-3 flex size-10 items-center justify-center rounded-lg border border-amber-800 bg-amber-950/40 text-amber-400">
+            <CircleAlert className="size-5" />
+          </div>
+          <CardTitle>Page not found</CardTitle>
+          <CardDescription>The dashboard route is missing or no longer available.</CardDescription>
+        </CardHeader>
+        <CardContent>
+          <Link className={buttonVariants()} href="/">
+            <ArrowLeft />
+            Back to dashboard
+          </Link>
+        </CardContent>
+      </Card>
+    </main>
+  );
+}
diff --git a/ui/src/components/authsome-dashboard.tsx b/ui/src/components/authsome-dashboard.tsx
index ec0fce08..e84ee9cf 100644
--- a/ui/src/components/authsome-dashboard.tsx
+++ b/ui/src/components/authsome-dashboard.tsx
@@ -1,6 +1,7 @@
 "use client";
 
 import {
+  ArrowLeft,
   AppWindow,
   BookOpen,
   Check,
@@ -8,7 +9,8 @@ import {
   CircleAlert,
   Clipboard,
   ClipboardList,
-  Database,
+  Eye,
+  EyeOff,
   GitBranch,
   Globe2,
   KeyRound,
@@ -88,7 +90,7 @@ import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip";
 import { cn } from "@/lib/utils";
 
-export type View = "dashboard" | "providers" | "connections" | "agents" | "principals" | "vault" | "audit" | "settings";
+export type View = "dashboard" | "providers" | "connections" | "agents" | "principals" | "audit" | "settings";
 
 type NavItem = {
   id: View;
@@ -104,7 +106,6 @@ const NAV_ITEMS: NavItem[] = [
   { id: "connections", href: "/connections", label: "Connections", icon: <Link2 /> },
   { id: "agents", href: "/agents", label: "Agents", icon: <UserRound /> },
   { id: "principals", href: "/principal", label: "Principals", icon: <Users />, adminOnly: true },
-  { id: "vault", href: "/vault", label: "Vault", icon: <Database /> },
   { id: "audit", href: "/audit", label: "Audit Log", icon: <ClipboardList />, adminOnly: true },
   { id: "settings", href: "/settings", label: "Settings", icon: <Settings /> },
 ];
@@ -112,6 +113,10 @@ const NAV_ITEMS: NavItem[] = [
 const NEXT_URL = "/";
 const ADVANCED_SESSION_FIELD_NAMES = new Set(["host_url", "base_url", "api_url", "scopes"]);
 const LOGO_DEV_TOKEN = "pk_BhJg_kBbQPqNGuuWcNs9Cg";
+const INTERACTIVE_CARD_CLASS =
+  "cursor-pointer border-border/50 shadow-none transition-all hover:border-primary/60 hover:bg-primary/[0.03] hover:shadow-sm";
+const INTERACTIVE_ROW_CLASS =
+  "cursor-pointer transition-colors hover:bg-primary/[0.03] focus-visible:bg-primary/[0.03] focus-visible:outline-none";
 
 export function isUnauthorized(error: unknown): boolean {
   return error instanceof ApiError && error.status === 401;
@@ -715,13 +720,13 @@ export function LoadingScreen() {
 export function ErrorState({ onRetry }: { onRetry: () => void }) {
   return (
     <main className="flex min-h-screen items-center justify-center bg-background p-6">
-      <Card className="max-w-md shadow-sm">
+      <Card className="w-full max-w-md shadow-sm">
         <CardHeader>
-          <CardTitle className="flex items-center gap-2">
-            <CircleAlert className="size-5 text-destructive" />
-            Dashboard Unavailable
+          <CardTitle className="flex items-start gap-2">
+            <CircleAlert className="mt-0.5 size-5 shrink-0 text-destructive" />
+            <span>Dashboard Unavailable</span>
           </CardTitle>
-          <CardDescription>The daemon did not return dashboard data.</CardDescription>
+          <CardDescription>The local daemon is not reachable. Start it again, then retry.</CardDescription>
         </CardHeader>
         <CardContent>
           <Button onClick={onRetry} type="button">
@@ -933,7 +938,10 @@ export function DashboardView({ data }: { data: DashboardData }) {
 
 function ProviderSummary({ provider }: { provider: ProviderView }) {
   return (
-    <div className="flex items-center justify-between rounded-lg border border-border/50 bg-muted/30 px-4 py-3">
+    <Link
+      className="flex items-center justify-between rounded-lg border border-border/50 bg-muted/30 px-4 py-3 transition-colors hover:border-primary/50 hover:bg-muted/50"
+      href={providerDetailHref(provider.name)}
+    >
       <div className="flex items-center gap-3">
         <ProviderLogo className="size-8" initial={provider.logoInitial} logo={provider.logo} />
         <div>
@@ -942,7 +950,7 @@ function ProviderSummary({ provider }: { provider: ProviderView }) {
         </div>
       </div>
       <StatusBadge status={provider.status} />
-    </div>
+    </Link>
   );
 }
 
@@ -960,7 +968,7 @@ function EmptyBlock({ actionLabel, href, title }: { actionLabel: string; href: s
 
 export function ProvidersView({ providers }: { providers: ProviderView[] }) {
   const [query, setQuery] = useState("");
-  const [dialogProvider, setDialogProvider] = useState<ProviderView | null>(null);
+  const [dialogProvider, setDialogProvider] = useState<NamedConnectionProvider | null>(null);
 
   const filteredProviders = useMemo(() => {
     const normalized = query.trim().toLowerCase();
@@ -1004,7 +1012,7 @@ function ProviderCard({ onNamedLogin, provider }: { onNamedLogin: () => void; pr
 
   return (
     <Card
-      className="flex h-full cursor-pointer flex-col border-border/50 shadow-none transition-all hover:border-border hover:bg-accent hover:shadow-sm"
+      className={cn("flex h-full flex-col", INTERACTIVE_CARD_CLASS)}
       onClick={() => router.push(providerDetailHref(provider.name))}
     >
       <CardHeader className="pb-3">
@@ -1020,10 +1028,10 @@ function ProviderCard({ onNamedLogin, provider }: { onNamedLogin: () => void; pr
         </div>
       </CardHeader>
       <CardContent className="flex flex-1 flex-col gap-4 pt-0">
-        <p className="line-clamp-2 text-sm leading-relaxed text-muted-foreground">
+        <p className="line-clamp-2 min-h-12 text-sm leading-relaxed text-muted-foreground">
           {provider.description || "Connect this provider to store and inject credentials from your Authsome vault."}
         </p>
-        <div className="flex flex-wrap gap-1.5">
+        <div className="flex min-h-7 flex-wrap content-start gap-1.5">
           <Badge variant="outline">{provider.authTypeLabel}</Badge>
           {provider.connectionCount ? (
             <Badge variant="outline">
@@ -1045,7 +1053,7 @@ function ProviderCard({ onNamedLogin, provider }: { onNamedLogin: () => void; pr
           ) : (
             <form action={`/api/auth/providers/${provider.name}/connect`} method="post">
               <input name="connection" type="hidden" value="default" />
-              <input name="return_url" type="hidden" value={`/connections?provider=${provider.name}`} />
+              <input name="return_url" type="hidden" value="/connections" />
               <Button className="w-full" type="submit">
                 <LogIn />
                 Connect
@@ -1058,12 +1066,14 @@ function ProviderCard({ onNamedLogin, provider }: { onNamedLogin: () => void; pr
   );
 }
 
+type NamedConnectionProvider = Pick<ProviderView, "displayName" | "name">;
+
 function NamedConnectionDialog({
   onOpenChange,
   provider,
 }: {
-  onOpenChange: (provider: ProviderView | null) => void;
-  provider: ProviderView | null;
+  onOpenChange: (provider: NamedConnectionProvider | null) => void;
+  provider: NamedConnectionProvider | null;
 }) {
   const [connectionName, setConnectionName] = useState("");
 
@@ -1074,7 +1084,15 @@ function NamedConnectionDialog({
   }
 
   return (
-    <Dialog open={Boolean(provider)} onOpenChange={(open) => onOpenChange(open ? provider : null)}>
+    <Dialog
+      open={Boolean(provider)}
+      onOpenChange={(open) => {
+        if (!open) {
+          setConnectionName("");
+        }
+        onOpenChange(open ? provider : null);
+      }}
+    >
       <DialogContent>
         <DialogHeader>
           <DialogTitle>Connection name</DialogTitle>
@@ -1086,7 +1104,7 @@ function NamedConnectionDialog({
           method="post"
           onSubmit={handleSubmit}
         >
-          <input name="return_url" type="hidden" value={provider ? `/connections?provider=${provider.name}` : NEXT_URL} />
+          <input name="return_url" type="hidden" value="/connections" />
           <label className="grid gap-2 text-sm">
             <span className="text-muted-foreground">Connection name</span>
             <Input
@@ -1120,15 +1138,8 @@ export function ConnectionsView({
   isAdmin: boolean;
   onRefresh: () => void;
 }) {
-  const [query, setQuery] = useState(() => {
-    if (initialFilter) {
-      return initialFilter;
-    }
-    if (typeof window === "undefined") {
-      return "";
-    }
-    return new URLSearchParams(window.location.search).get("provider") ?? "";
-  });
+  const router = useRouter();
+  const [query, setQuery] = useState(initialFilter ?? "");
   const filteredConnections = useMemo(() => {
     const normalized = query.trim().toLowerCase();
     if (!normalized) return connections;
@@ -1168,12 +1179,27 @@ export function ConnectionsView({
                 </TableRow>
               </TableHeader>
               <TableBody>
-                {filteredConnections.map((row) => (
-                  <TableRow key={`${row.providerName}:${row.connectionName}`}>
+                {filteredConnections.map((row) => {
+                  const href = connectionDetailHref(row.providerName, row.connectionName);
+                  return (
+                    <TableRow
+                      className={INTERACTIVE_ROW_CLASS}
+                      key={`${row.providerName}:${row.connectionName}`}
+                      onClick={() => router.push(href)}
+                      onKeyDown={(event) => {
+                        if (event.key === "Enter" || event.key === " ") {
+                          event.preventDefault();
+                          router.push(href);
+                        }
+                      }}
+                      role="link"
+                      tabIndex={0}
+                    >
                     <TableCell>
                       <Link
                         className="font-medium hover:underline underline-offset-4"
-                        href={connectionDetailHref(row.providerName, row.connectionName)}
+                        href={href}
+                        onClick={(event) => event.stopPropagation()}
                       >
                         {row.connectionName}
                       </Link>
@@ -1184,7 +1210,8 @@ export function ConnectionsView({
                       <StatusBadge status={row.status} />
                     </TableCell>
                   </TableRow>
-                ))}
+                  );
+                })}
               </TableBody>
             </Table>
           ) : (
@@ -1205,6 +1232,8 @@ function GlobalConnectionsSection({
   isAdmin: boolean;
   onRefresh: () => void;
 }) {
+  const router = useRouter();
+
   return (
     <Card className="shadow-none border-border/50">
       <CardHeader>
@@ -1224,8 +1253,22 @@ function GlobalConnectionsSection({
               </TableRow>
             </TableHeader>
             <TableBody>
-              {connections.map((row) => (
-                <TableRow key={`${row.providerName}:${row.connectionName}`}>
+              {connections.map((row) => {
+                const href = connectionDetailHref(row.providerName, row.connectionName);
+                return (
+                  <TableRow
+                    className={INTERACTIVE_ROW_CLASS}
+                    key={`${row.providerName}:${row.connectionName}`}
+                    onClick={() => router.push(href)}
+                    onKeyDown={(event) => {
+                      if (event.key === "Enter" || event.key === " ") {
+                        event.preventDefault();
+                        router.push(href);
+                      }
+                    }}
+                    role="link"
+                    tabIndex={0}
+                  >
                   <TableCell>
                     <div className="flex min-w-0 items-center gap-2">
                       <Globe2 className="size-4 shrink-0 text-muted-foreground" />
@@ -1243,12 +1286,13 @@ function GlobalConnectionsSection({
                     <StatusBadge status={row.status} />
                   </TableCell>
                   {isAdmin ? (
-                    <TableCell>
+                    <TableCell onClick={(event) => event.stopPropagation()}>
                       <RemoveGlobalConnectionButton onRefresh={onRefresh} provider={row.providerName} />
                     </TableCell>
                   ) : null}
                 </TableRow>
-              ))}
+                );
+              })}
             </TableBody>
           </Table>
         ) : (
@@ -1391,27 +1435,6 @@ export function PrincipalsView() {
   );
 }
 
-export function VaultView({ data }: { data: DashboardData }) {
-  return (
-    <div className="grid gap-5">
-      <SectionHeader description="Credential namespace for this account." title="Vault" />
-      <div className="grid gap-4 lg:grid-cols-2">
-        <Card className="shadow-none border-border/50">
-          <CardHeader>
-            <CardTitle>Default Vault</CardTitle>
-            <CardDescription>{data.vault.isDefault ? "Active for this account" : "Vault binding"}</CardDescription>
-          </CardHeader>
-          <CardContent className="grid gap-4">
-            <KeyValue label="Handle" value={data.vault.handle} />
-            <KeyValue label="Vault ID" value={data.vault.vaultId || "-"} />
-            <KeyValue label="Principal ID" value={data.account.principalId || "-"} />
-          </CardContent>
-        </Card>
-      </div>
-    </div>
-  );
-}
-
 export function AuditView({ data }: { data: DashboardData }) {
   return (
     <div className="grid gap-5">
@@ -1524,7 +1547,7 @@ function SearchInput({
   value: string;
 }) {
   return (
-    <label className="relative block max-w-md">
+    <label className="relative block w-full">
       <Search className="pointer-events-none absolute left-3 top-1/2 size-4 -translate-y-1/2 text-muted-foreground" />
       <Input
         className="h-9 pl-9"
@@ -1602,9 +1625,16 @@ export function ProviderDetailBody({ data, onRefresh }: { data: ProviderDetail;
   const initial = (displayName[0] || "?").toUpperCase();
   const description = data.provider.description || data.provider.metadata?.description || "";
   const showsConfiguration = data.provider.auth_type !== "api_key";
+  const [dialogProvider, setDialogProvider] = useState<NamedConnectionProvider | null>(null);
+  const hasDefaultConnection = data.connections.some((connection) => connection.connection_name === "default");
+  const dialogData = { displayName, name: data.provider.name };
 
   return (
     <div className="grid gap-6">
+      <Link className={cn(buttonVariants({ size: "sm" }), "w-fit")} href="/providers">
+        <ArrowLeft />
+        Back to providers
+      </Link>
       <div className="flex flex-wrap items-start justify-between gap-4 border-b border-border/50 pb-6">
         <div className="flex items-center gap-4">
           <ProviderLogo className="size-12 shrink-0" initial={initial} logo={data.provider.logo || null} />
@@ -1615,15 +1645,23 @@ export function ProviderDetailBody({ data, onRefresh }: { data: ProviderDetail;
             </p>
           </div>
         </div>
-        <form action={`/api/auth/providers/${data.provider.name}/connect`} method="post">
-          <input name="connection" type="hidden" value="default" />
-          <input name="return_url" type="hidden" value={providerDetailHref(data.provider.name)} />
-          <Button type="submit">
+        {hasDefaultConnection ? (
+          <Button onClick={() => setDialogProvider(dialogData)} type="button">
             <LogIn />
             New connection
           </Button>
-        </form>
+        ) : (
+          <form action={`/api/auth/providers/${data.provider.name}/connect`} method="post">
+            <input name="connection" type="hidden" value="default" />
+            <input name="return_url" type="hidden" value="/connections" />
+            <Button type="submit">
+              <LogIn />
+              New connection
+            </Button>
+          </form>
+        )}
       </div>
+      <NamedConnectionDialog onOpenChange={setDialogProvider} provider={dialogProvider} />
 
       <div className="grid gap-5 lg:grid-cols-[minmax(0,1fr)_320px]">
         <div className="grid gap-5">
@@ -1702,16 +1740,12 @@ function ProviderConfigurationForm({ data, onRefresh }: { data: ProviderDetail;
           </div>
         ) : null}
         {data.configuration_fields.map((field) => (
-          <label className="grid gap-2 text-sm" key={field.name}>
-            <span className="text-muted-foreground">{field.label}</span>
-            <Input
-              onChange={(event) => setValues((current) => ({ ...current, [field.name]: event.target.value }))}
-              pattern={field.pattern || undefined}
-              type="text"
-              value={values[field.name] || ""}
-            />
-            {field.pattern_hint ? <span className="text-xs text-muted-foreground">{field.pattern_hint}</span> : null}
-          </label>
+          <ConfigurationFieldInput
+            field={field}
+            key={field.name}
+            onChange={(value) => setValues((current) => ({ ...current, [field.name]: value }))}
+            value={values[field.name] || ""}
+          />
         ))}
         {message ? <div className="text-sm text-muted-foreground">{message}</div> : null}
         <Button disabled={saving} onClick={() => void save()} type="button">
@@ -1868,8 +1902,53 @@ export function AuthsomeConnectionDetail({
   );
 }
 
+function ConfigurationFieldInput({
+  field,
+  onChange,
+  value,
+}: {
+  field: ProviderDetail["configuration_fields"][number];
+  onChange: (value: string) => void;
+  value: string;
+}) {
+  const [revealed, setRevealed] = useState(false);
+  const isSecret = field.secret;
+
+  return (
+    <label className="grid gap-2 text-sm">
+      <span className="text-muted-foreground">{field.label}</span>
+      <div className="flex items-center gap-2">
+        <Input
+          className="min-w-0 flex-1"
+          onChange={(event) => onChange(event.target.value)}
+          pattern={field.pattern || undefined}
+          type={isSecret && !revealed ? "password" : "text"}
+          value={value}
+        />
+        {isSecret ? (
+          <Button
+            aria-label={revealed ? "Hide secret" : "Reveal secret"}
+            onClick={() => setRevealed((current) => !current)}
+            size="icon"
+            type="button"
+            variant="outline"
+          >
+            {revealed ? <EyeOff /> : <Eye />}
+          </Button>
+        ) : null}
+      </div>
+      {field.pattern_hint ? <span className="text-xs text-muted-foreground">{field.pattern_hint}</span> : null}
+    </label>
+  );
+}
+
+function redactedValue(value: string): string {
+  return value.length <= 8 ? "********" : `${value.slice(0, 4)}...${value.slice(-4)}`;
+}
+
 function SecretValue({ label, value }: { label: string; value: string | null }) {
   const [copied, setCopied] = useState(false);
+  const [revealed, setRevealed] = useState(false);
   if (!value) return null;
 
   async function copy() {
@@ -1882,8 +1961,24 @@ function SecretValue({ label, value }: { label: string; value: string | null })
     <div className="grid gap-2">
       <div className="text-xs font-medium uppercase text-muted-foreground">{label}</div>
       <div className="flex min-w-0 items-start gap-2 rounded-lg border bg-muted p-3">
-        <code className="min-w-0 flex-1 break-all text-xs">{value}</code>
-        <Button onClick={() => void copy()} size="icon-sm" type="button" variant="ghost">
+        <code className="min-w-0 flex-1 break-all text-xs">{revealed ? value : redactedValue(value)}</code>
+        <Button
+          aria-label={revealed ? "Hide secret" : "Reveal secret"}
+          onClick={() => setRevealed((current) => !current)}
+          size="icon-sm"
+          type="button"
+          variant="ghost"
+        >
+          {revealed ? <EyeOff /> : <Eye />}
+        </Button>
+        <Button
+          aria-label="Copy secret"
+          disabled={!revealed}
+          onClick={() => void copy()}
+          size="icon-sm"
+          type="button"
+          variant="ghost"
+        >
           {copied ? <Check /> : <Clipboard />}
         </Button>
       </div>
@@ -1902,6 +1997,10 @@ export function ConnectionDetailBody({
 }) {
   return (
     <div className="grid gap-6">
+      <Link className={cn(buttonVariants({ size: "sm" }), "w-fit")} href="/connections">
+        <ArrowLeft />
+        Back to connections
+      </Link>
       <div className="flex flex-wrap items-start justify-between gap-4 border-b border-border/50 pb-6">
         <div className="min-w-0">
           <p className="text-sm text-muted-foreground">{data.provider_display_name}</p>
@@ -1952,10 +2051,11 @@ function ConnectionActions({
   onRefresh: () => void;
   principal?: string;
 }) {
+  const router = useRouter();
   const [open, setOpen] = useState(false);
   const [working, setWorking] = useState(false);
   const [globalWorking, setGlobalWorking] = useState(false);
-  const [globalMessage, setGlobalMessage] = useState("");
+  const [globalMessage, setGlobalMessage] = useState<{ text: string; tone: "error" | "success" } | null>(null);
 
   async function logout() {
     setWorking(true);
@@ -1963,20 +2063,29 @@ function ConnectionActions({
       await logoutConnection(data.provider, data.connection_name, principal);
       setOpen(false);
       onRefresh();
+      router.replace("/connections");
     } finally {
       setWorking(false);
     }
   }
 
-  async function makeGlobal() {
+  async function toggleGlobal() {
     setGlobalWorking(true);
-    setGlobalMessage("");
+    setGlobalMessage(null);
     try {
-      await setGlobalConnection(data.provider, data.connection_name);
-      setGlobalMessage("Global connection updated.");
+      if (data.is_global) {
+        await unsetGlobalConnection(data.provider);
+        setGlobalMessage({ text: "Global connection removed.", tone: "success" });
+      } else {
+        await setGlobalConnection(data.provider, data.connection_name);
+        setGlobalMessage({ text: "Global connection updated.", tone: "success" });
+      }
       onRefresh();
     } catch (error) {
-      setGlobalMessage(error instanceof Error ? error.message : "Global connection could not be updated.");
+      setGlobalMessage({
+        text: error instanceof Error ? error.message : "Global connection could not be updated.",
+        tone: "error",
+      });
     } finally {
       setGlobalWorking(false);
     }
@@ -1984,31 +2093,41 @@ function ConnectionActions({
 
   return (
     <>
-      <div className="flex flex-wrap items-center gap-2">
-        {data.can_set_default ? (
-          <form
-            action={`/api/connections/${encodeURIComponent(data.provider)}/${encodeURIComponent(data.connection_name)}/default`}
-            method="post"
-          >
-            <Button size="sm" type="submit" variant="outline">
-              Set as default
+      <div className="flex flex-col items-start gap-1 sm:items-end">
+        <div className="flex flex-wrap items-center gap-2">
+          {data.can_set_default ? (
+            <form
+              action={`/api/connections/${encodeURIComponent(data.provider)}/${encodeURIComponent(data.connection_name)}/default`}
+              method="post"
+            >
+              <Button size="sm" type="submit" variant="outline">
+                Set as default
+              </Button>
+            </form>
+          ) : null}
+          {data.can_set_global ? (
+            <Button disabled={globalWorking} onClick={() => void toggleGlobal()} type="button" variant="outline">
+              <Globe2 />
+              {data.is_global ? "Unset global" : "Make global"}
             </Button>
-          </form>
-        ) : null}
-        {data.can_set_global ? (
-          <Button disabled={globalWorking} onClick={() => void makeGlobal()} type="button" variant="outline">
-            <Globe2 />
-            Make global
+          ) : null}
+          <Link className={buttonVariants({ size: "sm", variant: "outline" })} href={providerDetailHref(data.provider)}>
+            View provider
+          </Link>
+          <Button onClick={() => setOpen(true)} size="sm" type="button" variant="destructive">
+            <LogOut />
+            Logout
           </Button>
-        ) : null}
-        {globalMessage ? <div className="text-sm text-muted-foreground">{globalMessage}</div> : null}
-        <Link className={buttonVariants({ size: "sm", variant: "outline" })} href={providerDetailHref(data.provider)}>
-          View provider
-        </Link>
-        <Button onClick={() => setOpen(true)} size="sm" type="button" variant="destructive">
-          <LogOut />
-          Logout
-        </Button>
+        </div>
+        <div
+          aria-live="polite"
+          className={cn(
+            "min-h-5 text-sm",
+            globalMessage?.tone === "success" ? "text-emerald-400" : "text-destructive"
+          )}
+        >
+          {globalMessage?.text}
+        </div>
       </div>
       <Dialog onOpenChange={setOpen} open={open}>
         <DialogContent>
@@ -2050,7 +2169,6 @@ function ActiveView({ connectionFilter, data, onRefresh, view }: {
   }
   if (view === "agents") return <AgentsView data={data} />;
   if (view === "principals") return <PrincipalsView />;
-  if (view === "vault") return <VaultView data={data} />;
   if (view === "audit" && data.account.isAdmin) return <AuditView data={data} />;
   if (view === "settings") return <SettingsView data={data} />;
   return <DashboardView data={data} />;
diff --git a/ui/src/components/ui/button.tsx b/ui/src/components/ui/button.tsx
index b0336017..e6f60e42 100644
--- a/ui/src/components/ui/button.tsx
+++ b/ui/src/components/ui/button.tsx
@@ -4,7 +4,7 @@ import { cva, type VariantProps } from "class-variance-authority"
 import { cn } from "@/lib/utils"
 
 const buttonVariants = cva(
-  "group/button inline-flex shrink-0 items-center justify-center rounded-lg border border-transparent bg-clip-padding text-sm font-medium whitespace-nowrap transition-all outline-none select-none focus-visible:border-ring focus-visible:ring-3 focus-visible:ring-ring/50 active:not-aria-[haspopup]:translate-y-px disabled:pointer-events-none disabled:opacity-50 aria-invalid:border-destructive aria-invalid:ring-3 aria-invalid:ring-destructive/20 dark:aria-invalid:border-destructive/50 dark:aria-invalid:ring-destructive/40 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
+  "group/button inline-flex shrink-0 cursor-pointer items-center justify-center rounded-lg border border-transparent bg-clip-padding text-sm font-medium whitespace-nowrap transition-all outline-none select-none focus-visible:border-ring focus-visible:ring-3 focus-visible:ring-ring/50 active:not-aria-[haspopup]:translate-y-px disabled:pointer-events-none disabled:opacity-50 aria-invalid:border-destructive aria-invalid:ring-3 aria-invalid:ring-destructive/20 dark:aria-invalid:border-destructive/50 dark:aria-invalid:ring-destructive/40 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
   {
     variants: {
       variant: {
diff --git a/ui/src/components/ui/sidebar.tsx b/ui/src/components/ui/sidebar.tsx
index f95cbccf..69a41d30 100644
--- a/ui/src/components/ui/sidebar.tsx
+++ b/ui/src/components/ui/sidebar.tsx
@@ -475,7 +475,7 @@ function SidebarMenuItem({ className, ...props }: React.ComponentProps<"li">) {
 }
 
 const sidebarMenuButtonVariants = cva(
-  "peer/menu-button group/menu-button flex w-full items-center gap-2 overflow-hidden rounded-md p-2 text-left text-sm ring-sidebar-ring outline-hidden transition-[width,height,padding] group-has-data-[sidebar=menu-action]/menu-item:pr-8 group-data-[collapsible=icon]:size-8! group-data-[collapsible=icon]:p-2! hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 active:bg-sidebar-accent active:text-sidebar-accent-foreground disabled:pointer-events-none disabled:opacity-50 aria-disabled:pointer-events-none aria-disabled:opacity-50 data-open:hover:bg-sidebar-accent data-open:hover:text-sidebar-accent-foreground data-active:bg-sidebar-accent data-active:font-medium data-active:text-sidebar-accent-foreground [&_svg]:size-4 [&_svg]:shrink-0 [&>span:last-child]:truncate",
+  "peer/menu-button group/menu-button flex w-full cursor-pointer items-center gap-2 overflow-hidden rounded-md p-2 text-left text-sm ring-sidebar-ring outline-hidden transition-[width,height,padding] group-has-data-[sidebar=menu-action]/menu-item:pr-8 group-data-[collapsible=icon]:size-8! group-data-[collapsible=icon]:p-2! hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 active:bg-sidebar-accent active:text-sidebar-accent-foreground disabled:pointer-events-none disabled:opacity-50 aria-disabled:pointer-events-none aria-disabled:opacity-50 data-open:hover:bg-sidebar-accent data-open:hover:text-sidebar-accent-foreground data-active:bg-sidebar-accent data-active:font-medium data-active:text-sidebar-accent-foreground [&_svg]:size-4 [&_svg]:shrink-0 [&>span:last-child]:truncate",
   {
     variants: {
       variant: {
diff --git a/ui/src/lib/authsome-api.ts b/ui/src/lib/authsome-api.ts
index ab130baa..6684256d 100644
--- a/ui/src/lib/authsome-api.ts
+++ b/ui/src/lib/authsome-api.ts
@@ -203,6 +203,7 @@ export type ConnectionDetail = {
   };
   can_set_default: boolean;
   can_set_global: boolean;
+  is_global: boolean;
 };
 
 type ConnectionsResponse = {
@@ -211,6 +212,7 @@ type ConnectionsResponse = {
     connections: ConnectionSummary[];
   }>;
   global_connections: GlobalConnectionSummary[];
+  provider_connection_counts: Record<string, number>;
   by_source: Record<string, ProviderResponse[]>;
 };
 
@@ -351,8 +353,11 @@ function providerView(
   source: string,
   connections: ConnectionSummary[],
   globalConnections: GlobalConnectionSummary[],
+  providerConnectionCount?: number,
 ): ProviderView {
   const displayName = provider.display_name || provider.name;
+  const localConnectionCount = connections.length + globalConnections.length;
+  const connectionCount = providerConnectionCount ?? localConnectionCount;
   return {
     name: provider.name,
     displayName,
@@ -363,9 +368,9 @@ function providerView(
     source,
     logo: provider.logo || null,
     logoInitial: (displayName[0] || "?").toUpperCase(),
-    status: providerStatus(connections, globalConnections),
+    status: providerConnectionCount && providerConnectionCount > 0 ? "connected" : providerStatus(connections, globalConnections),
     scopeCount: connections[0]?.scopes?.length || 0,
-    connectionCount: connections.length + globalConnections.length,
+    connectionCount,
     globalConnectionCount: globalConnections.length,
     requiresNamedLogin: connections.some((connection) => connection.connection_name === "default"),
   };
@@ -373,6 +378,7 @@ function providerView(
 
 function buildProviders(data: ConnectionsResponse): ProviderView[] {
   const connectionMap = new Map(data.connections.map((group) => [group.name, group.connections]));
+  const providerConnectionCounts = data.provider_connection_counts || {};
   const globalConnectionMap = new Map<string, GlobalConnectionSummary[]>();
   for (const connection of data.global_connections || []) {
     const entries = globalConnectionMap.get(connection.provider) || [];
@@ -381,7 +387,13 @@ function buildProviders(data: ConnectionsResponse): ProviderView[] {
   }
   return Object.entries(data.by_source).flatMap(([source, providers]) =>
     providers.map((provider) =>
-      providerView(provider, source, connectionMap.get(provider.name) || [], globalConnectionMap.get(provider.name) || []),
+      providerView(
+        provider,
+        source,
+        connectionMap.get(provider.name) || [],
+        globalConnectionMap.get(provider.name) || [],
+        providerConnectionCounts[provider.name],
+      ),
     ),
   );
 }