.png?fit=max&auto=format&n=gKqTvJPtsRi2bLNx&q=85&s=8abbce3efb590630de2102c43d32aadf)
.png?fit=max&auto=format&n=Dy9YsIECUbR9JZiT&q=85&s=a1f404cd7f7aeb1727c89d81137ae1ac)
MCP Manager puts one governed gateway between your AI clients and your MCP servers, giving you fine-grained control over how hosts, agents, and tools connect. This page is the full index of what MCP Manager does today — every distinct capability in one scannable list. Select any card to open the detailed documentation for that feature.Documentation Index
Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
Use this file to discover all available pages before exploring further.
Many features below are gated by a capability assigned to your role. If you don’t see a page, tab, or button described here, your role likely lacks the relevant capability — ask a workspace administrator. See Capabilities.
Deployment and enablement
The gateway is the control point: one governed URL that every host and agent connects to, fronting all of your MCP servers. MCP Manager supports remote, managed, and workstation servers, unlimited gateways, and unlimited servers per gateway.MCP Gateway
One governed URL that aggregates many upstream MCP servers behind a single endpoint.
Any AI host, CLI, or agent
Compatible with Anthropic, OpenAI, and all MCP-compatible environments.
One-click client connection
A guided, reuse-friendly authorization flow for Claude, Cursor, and other clients.
All three server types
Deploy Remote, Managed, and Workstation MCP servers.
Remote MCP servers
Connect any HTTPS MCP endpoint, whether a SaaS vendor’s or your own self-hosted server.
Managed servers in your infra
Launch a server in your infrastructure with a command MCP Manager generates.
Managed stdio and HTTP
Run both command-based (stdio) and URL-based servers as managed endpoints.
Workstation MCP servers
Reach servers on a local machine through an encrypted tunnel, never exposed to the internet.
Server containers
Group multiple managed or workstation servers into one logical unit.
Unlimited gateways
Spin up gateways for dev, staging, production, or per-team use.
Unlimited servers per gateway
Scale without limits or concurrency concerns.
Auto URL and token creation
Secure endpoints and access tokens are generated for you.
Automatic feature discovery
MCP Manager learns and previews each server’s live tools, prompts, resources, and templates.
Deployment strategies
Run one org-wide gateway, one per team, one per server, or one per use case.
Gateway archiving
Soft-delete and later restore gateways without losing their history.
Identity and authentication
MCP Manager brokers identity between hosts and servers so credentials never live in the client. An administrator chooses, per server, between each user’s own identity and a shared service account.Enforced OAuth for all servers
Every server uses secure, standards-based authentication.
Dynamic client registration
Automates identity onboarding for new servers (RFC 7591).
Metadata discovery
Detects authorization endpoints from well-known metadata (RFC 8414 / RFC 9728).
Token refresh and rotation
Automatically refreshes and rotates tokens to eliminate stale credentials.
Admin-controlled identity scheme
Choose a shared service account or per-user identity for each server on a gateway.
Bring-your-own-identity
Each user authenticates with their own downstream identity; no shared keys in clients.
Identity forwarding and token exchange
Pass the end user’s identity to upstream servers so an agent acts as the real user.
Per-agent (machine) identity
Issue each headless agent its own identity, scoped to a gateway connection.
JWT validation and header forwarding
Validate caller JWTs and forward auth headers to upstream servers per request.
Header and API-key authentication
Support servers that authenticate with custom headers or API keys.
SSO via your identity provider
Broker enterprise single sign-on through Okta, Entra ID, and other IdPs.
Tool and feature provisioning
Decide exactly which tools, prompts, and resources each agent can reach. Provisioning is fail-closed by default — unprovisioned features are blocked until an administrator allows them.Block, allow, or condition features
Allow-all, allow-selected, or block-all for tools, resources, and prompts per server.
Governs all four feature types
Tools, prompts, resources, and resource templates, uniformly.
Tool metadata filtering
Limit the metadata agents receive to cut token usage, context overload, and cost.
Tool-change protection
Pin a tool by name, title, or description so unreviewed changes stop passing the gateway.
Fail-closed by default
Unprovisioned features are blocked until an administrator allows them.
Tool namespacing
Prefix tool names to prevent collisions between servers on the same gateway.
Per-team and per-identity scoping
Different teams or users see different curated tool sets.
Admin permissions for provisioning
Assign fine-grained provisioning control to specific roles.
Threat prevention
MCP Manager neutralizes the MCP-specific attack classes that put agents and data at risk, from prompt injection to rug pulls and server spoofing.Prompt injection
Blocks malicious prompt content — including indirect, second-order injection in tool results.
Rug pull attacks
Detects and halts when a server or tool changes behavior after initial approval.
Tool poisoning
Prevents modified or malicious tools from being served to agents.
Anti-mimicry
Stops attackers from creating look-alike servers that impersonate trusted ones.
Server spoofing
Authenticates each server connection using signed tokens and verifiable origins.
Cross-server shadowing
Prevents one server from secretly invoking another server’s tools without authorization.
Break-glass kill switches
Instantly disable a host, connection, or identity when something looks wrong.
Secret redaction
Sensitive payload keys are scrubbed before logs and alerts are stored.
Filtering and data loss prevention
Gateway rules inspect MCP messages in flight and pass, modify, or block them, with five enforcement actions and a choice of detection methods.Regex-based filtering
Detect and block sensitive patterns — phone numbers, SSNs, API keys, project IDs.
Inline masking and redaction
Five enforcement actions on detected content: block, redact, replace, mask, and hash.
Microsoft Presidio
Pre-trained PII detection and anonymization, run as a managed add-on.
Custom DLP endpoints
Connect internal DLP systems or third-party review workflows via custom rule engines.
Lakera Guard
Managed prompt-injection, jailbreak, PII, and toxic-content detection.
Amazon Bedrock Guardrails
Apply Bedrock guardrails as a gateway rule engine.
Jailbreak detection
Detect and block jailbreak attempts via Lakera Guard and Bedrock Guardrails.
Pass, modify, or block verdicts
Every rule engine returns an enforcement action the gateway applies inline.
Fail-open or fail-closed rules
Choose whether a rule-engine outage allows or blocks traffic.
Custom resource blockers
Build a custom rule engine to block sensitive content or paths, such as a specific folder.
Platform security and trust
The gateway is hardened as the single control point in the path of every call, with encryption at rest and in transit, static egress IPs, and negligible added latency.AES-256-GCM credential vault
All stored credentials are encrypted at rest with authenticated encryption.
Automatic key rotation
Encryption keys are rotated without operator intervention.
Encryption in transit
Every connection is terminated and re-originated over TLS by design.
Static egress IPs
Lock down upstream servers to MCP Manager’s fixed egress IPs, with per-server shared secrets.
Network isolation
Workstation servers stay private behind an encrypted tunnel, never exposed to the internet.
Negligible added latency
The gateway adds roughly 150 ms or less, until inline rule engines run.
Observability and reporting
Every request and response is logged with rich context, attributed to the real user, and rolled up into charts and exports.Server registry
View and manage all connected servers from one dashboard.
Host and agent inventory
See every host and agent connecting through your gateways, attributed to an identity.
Contextual audit logs
Logs full requests and responses alongside 20+ metadata fields per call.
Identity attribution
Every call is attributed to the real user behind it, supporting non-repudiation.
Four-leg correlation
Correlate a single request across client, gateway, and downstream server legs.
Per-request token accounting
Token counts are estimated per call.
Usage attribution by user and team
Token counts and feature calls grouped by user, team, and server.
Observability charts
Token use, feature calls, server popularity, error rates, and latency percentiles.
Response-time percentiles
Median and 95th-percentile call duration per feature.
Log export
Export audit data as CSV or JSON.
Export to your SIEM
Forward structured logs to any OpenTelemetry (OTLP) collector.
Pre-built SIEM connectors
Datadog, Grafana Cloud, Honeycomb, New Relic, and a self-hosted collector for any backend.
Monitoring and alerts
MCP Manager surfaces operational and security events as alerts so administrators stay aware of access requests, new tools, policy violations, and outages.Gateway approval requests
Receive alerts when users request new gateway access.
New feature provisioned
Get notified when new tools are added to your servers.
Content filter triggers
Monitor sensitive data or policy violations in real time.
Outages and connection failures
Stay aware of broken connections or downtime instantly.
OAuth failure alerts
Get notified when a server’s OAuth callback or client registration fails.
Request rate limiting
Per-origin and per-key rate limits protect the gateway from abuse.
Administration, teams, and access control
Provision people, scope access by team and capability, and integrate your identity provider for SSO and SCIM.SSO support
Log in through your corporate identity provider.
SCIM provisioning
Automate user provisioning and de-provisioning (SCIM 2.0).
SCIM group-to-team mapping
Map Okta or Entra ID groups to MCP Manager teams, with just-in-time provisioning.
Capability-based RBAC
Build custom roles from granular capabilities across every area of the product.
Read-only auditor roles
Compose view-only roles — view reports, see alerts, view logs — for compliance reviewers.
Gateway access control
Define who can view or edit each gateway.
Gateway privacy settings
Restrict visibility and data access within a workspace.
Tool and server access control
Control what each team can deploy or modify.
Host and connection management
Register hosts, issue and revoke API tokens, and enable or disable connections.
Enterprise lockdown controls
Funnel all MCP usage through the gateway with connector allowlists, MDM/EDR, and static IPs.
Workspace settings
Configure workspace name, date and time formats, and your plan.
User invitations and deactivation
Invite users and revoke workspace access.
Further reading
Connection Experience
What an end user experiences when connecting a gateway, step by step.
Security model
Authentication, feature governance, runtime protections, and audit.
Gateway deployment strategies
Choose a gateway topology — org-wide, per team, per server, or per use case.