Enterprise SSO for MCP

​

Flow overview

​

Why this model

• User-scoped identity instead of shared service-account credentials
• Policy can be enforced centrally at org/IDP boundaries
• Access can be revoked through existing identity controls

​

Prerequisites

• Publishable-key embed integration
• IDP configured in Char for idToken validation
• Remote MCP beta setup for token exchange and connector registration

​

Related docs