MCP Authentik

MCP server for Authentik identity management. Manage users, groups, applications, flows, policies, providers, and more through natural language in Cursor, Claude Code, and Claude Desktop.

Features

• 245 tools across 20 categories covering the complete Authentik API
• Read-only mode via AUTHENTIK_ACCESS_TIER=read-only for safe monitoring
• Category filtering via AUTHENTIK_CATEGORIES to expose only the tools you need
• Type-safe SDK client via @goauthentik/api
• Docker images for linux/amd64 and linux/arm64 on GHCR
• Remote MCP via HTTP transport (MCP_TRANSPORT=http) using the Streamable HTTP protocol
• TypeScript/ESM with full type safety

API Compatibility

Built for Authentik 2025.6.3.

Quick Start

Run the server directly with npx:

AUTHENTIK_URL="https://auth.example.com" \
AUTHENTIK_TOKEN="your-api-token" \
npx -y @samik081/mcp-authentik

The server validates your Authentik connection on startup and fails immediately with a clear error if credentials are missing or invalid.

Docker

Run with Docker (stdio transport, same as npx):

docker run --rm -i \
  -e AUTHENTIK_URL=https://auth.example.com \
  -e AUTHENTIK_TOKEN=your-api-token \
  ghcr.io/samik081/mcp-authentik

To run as a remote MCP server with HTTP transport:

docker run -d -p 3000:3000 \
  -e MCP_TRANSPORT=http \
  -e AUTHENTIK_URL=https://auth.example.com \
  -e AUTHENTIK_TOKEN=your-api-token \
  ghcr.io/samik081/mcp-authentik

The MCP endpoint is available at http://localhost:3000 and a health check at http://localhost:3000/health.

Configuration

Claude Code CLI (recommended):

# Using npx
claude mcp add --transport stdio authentik \
  --env AUTHENTIK_URL=https://auth.example.com \
  --env AUTHENTIK_TOKEN=your-api-token \
  -- npx -y @samik081/mcp-authentik

# Using Docker
claude mcp add --transport stdio authentik \
  --env AUTHENTIK_URL=https://auth.example.com \
  --env AUTHENTIK_TOKEN=your-api-token \
  -- docker run --rm -i ghcr.io/samik081/mcp-authentik

# Using remote HTTP (connect to a running Docker container or HTTP server)
claude mcp add --transport http authentik http://localhost:3000

JSON config (works with Claude Code .mcp.json, Claude Desktop claude_desktop_config.json, Cursor .cursor/mcp.json):

{
  "mcpServers": {
    "authentik": {
      "command": "npx",
      "args": ["-y", "@samik081/mcp-authentik"],
      "env": {
        "AUTHENTIK_URL": "https://auth.example.com",
        "AUTHENTIK_TOKEN": "your-api-token"
      }
    }
  }
}

Docker (stdio):

{
  "mcpServers": {
    "authentik": {
      "command": "docker",
      "args": ["run", "--rm", "-i",
        "-e", "AUTHENTIK_URL=https://auth.example.com",
        "-e", "AUTHENTIK_TOKEN=your-api-token",
        "ghcr.io/samik081/mcp-authentik"
      ]
    }
  }
}

Remote MCP (connect to a running Docker container or HTTP server):

{
  "mcpServers": {
    "authentik": {
      "type": "streamable-http",
      "url": "http://localhost:3000"
    }
  }
}

Access Tiers

Control which tools are available using the AUTHENTIK_ACCESS_TIER environment variable:

• full: All 245 tools. Includes creating, updating, and deleting users, groups, applications, flows, providers, and all other resources.
• read-only: 121 tools. Listing and viewing resources only. No state changes.

Tools that are not available in your tier are not registered with the MCP server. They will not appear in your AI tool's tool list, keeping the context clean.

Environment Variables

Available Categories

admin, authenticators, core, crypto, enterprise, events, flows, managed, oauth2, outposts, policies, property-mappings, providers, rac, rbac, root, sources, ssf, stages, tenants

Tools

mcp-authentik provides 245 tools organized by category. Each tool's Access column shows the minimum tier required: read-only (available in both tiers) or full (requires full tier). The Hints column shows tool behavior: read-only (no state changes), destructive (modifies existing state), idempotent (same result if called twice).

Users

Groups

Applications

Tokens

Brands

Events

System Tasks

Policies use a type+config pattern. Cross-type tools operate on any policy, while per-type tools accept a policy_type parameter. Available types: dummy, event_matcher, expression, geoip, password, password_expiry, reputation, unique_password.

Property mappings use a type+config pattern. Cross-type tools operate on any mapping, while per-type tools accept a mapping_type parameter. Available types: notification, provider_google_workspace, provider_microsoft_entra, provider_rac, provider_radius, provider_saml, provider_scim, provider_scope, source_kerberos, source_ldap, source_oauth, source_plex, source_saml, source_scim.

Providers use a type+config pattern. Cross-type tools operate on any provider, while per-type tools accept a provider_type parameter. Available types: oauth2, saml, ldap, proxy, radius, scim, rac, google_workspace, microsoft_entra.

Sources use a type+config pattern. Cross-type tools operate on any source, while per-type tools accept a source_type parameter. Available types: oauth, saml, ldap, plex, kerberos, scim.

Stages use a type+config pattern. Cross-type tools operate on any stage, while per-type tools accept a stage_type parameter. Available types: authenticator_duo, authenticator_email, authenticator_endpoint_gdtc, authenticator_sms, authenticator_static, authenticator_totp, authenticator_validate, authenticator_webauthn, captcha, consent, deny, dummy, email, identification, invitation, mtls, password, prompt, redirect, source, user_delete, user_login, user_logout, user_write.

Known Limitations

The following enterprise endpoint features are not available in the @goauthentik/api SDK:

• ENDP-01: Agent connectors CRUD
• ENDP-02: Enrollment tokens CRUD
• ENDP-03: Enrollment key viewing
• ENDP-06: Device access groups CRUD
• ENDP-07: Fleet connectors CRUD
• ENDP-08: Connector types list

These enterprise endpoint features require SDK support that is not yet available.

Verify It Works

After configuring your MCP client, ask your AI assistant:

"What version of Authentik is running?"

If the connection is working, the assistant will call authentik_admin_version and return your server version and build hash.

Usage Examples

• "List all users in the admin group" -- calls authentik_users_list and authentik_groups_list to find and display admin group members.
• "What applications are configured?" -- calls authentik_apps_list to show all applications with their providers and groups.
• "Create a new user for john.doe@example.com" -- calls authentik_users_create to set up the new user account.

Troubleshooting

Connection errors

• Verify AUTHENTIK_URL is reachable from the machine running the MCP server
• Ensure there is no trailing slash on the URL (use https://auth.example.com not https://auth.example.com/)
• Verify HTTPS is configured correctly if your instance uses TLS

Token permissions

• The API token must have sufficient permissions for the tools you intend to use
• Tools with full access tier will fail if your token only has read permissions -- set AUTHENTIK_ACCESS_TIER=read-only to limit exposure
• Create tokens in the Authentik admin interface under Directory > Tokens and App passwords

Category filtering

• Use AUTHENTIK_CATEGORIES with the actual category values listed above (e.g., core,admin,flows), not source file names
• Users, groups, applications, tokens, and brands are all under the core category, not separate categories
• Use comma-separated values with no spaces (e.g., core,admin,events)

Development

# Install dependencies
npm install

# Build the project
npm run build

# Run in development mode (auto-reload)
npm run dev

# Open the MCP Inspector for interactive testing
npm run inspect

License

MIT