Skip to main content
Private BetaContact us to get set up.
Internal MCP servers are services you operate—data platforms, internal APIs, custom tooling. The Tool Hub connects to them using your existing identity infrastructure, so users access internal tools with their actual credentials.

The problem

You have internal services. You want AI agents to use them. But you don’t want to create service accounts, manage API keys, or build custom integrations for every service. You already have an identity provider. Your users already authenticate. Why can’t the AI agent just use the same identity?

How it works

When a user calls an internal tool, the Tool Hub exchanges their identity token for a scoped credential via your IDP. This is ID-JAG—Identity Assertion Authorization Grant—a token exchange flow that produces credentials scoped to the specific MCP server. Your MCP server validates the token and executes the tool with the user’s actual permissions. No service accounts. No credential sprawl. Just your existing federated identity infrastructure extended to AI tooling.

What you get

Identity-scoped access. Users can only do what they’re already allowed to do. The AI agent inherits their permissions, not elevated service account privileges. Org-level configuration. An admin registers the connector once. It becomes available to users based on their role and which applications they’re using. Centralized visibility. All tool calls flow through the Tool Hub. You see what’s being called, by whom, with what arguments. One audit trail for all internal services.

See also

Remote MCP Auth

ID-JAG specification

VPC Connectivity

Connect to servers in private networks