Skip to main content

Model Context Protocol (MCP)

Early Access

Try our newest feature! Only available through reach out. Contact us to join the early access program and get priority support.

Unizo offers an MCP server that integrates identity management platforms with any LLM provider supporting the MCP protocol. This enables your AI agent to perform user management operations, analyze access patterns, and automate security workflows across Okta, Auth0, Azure AD, and other identity providers via a single MCP server.

Supported Tools & Use Cases

The following tools are available in the Identity MCP Server:

Tool NameDescription
list_usersBrowse and search users across identity systems with advanced filtering
get_user_detailsRetrieve comprehensive user information including permissions and group memberships
list_groupsExplore groups, roles, and their associated permissions
manage_group_membersAdd or remove users from groups with change tracking
check_permissionsAnalyze and validate user access rights across resources
audit_accessReview authentication logs, access patterns, and security events

list_users

Browse and search users across identity systems with advanced filtering

Parameters:

  • integration: Target identity provider integration (required)
  • status: Filter by user status (active, inactive, suspended)
  • department: Filter by organizational department
  • role: Filter by assigned roles
  • page: Pagination control
  • limit: Number of results per page

get_user_details

Retrieve comprehensive user information including permissions and group memberships

Parameters:

  • integration: Target identity provider integration (required)
  • user_id: Unique user identifier (required)
  • include_permissions: Include detailed permission mappings
  • include_groups: Include group memberships
  • include_audit_logs: Include recent activity logs

list_groups

Explore groups, roles, and their associated permissions

Parameters:

  • integration: Target identity provider integration (required)
  • type: Filter by group type (security, distribution, role)
  • name_pattern: Search groups by name pattern
  • include_members: Include member count and details
  • page: Pagination control
  • limit: Number of results per page

manage_group_members

Add or remove users from groups with change tracking

Parameters:

  • integration: Target identity provider integration (required)
  • group_id: Target group identifier (required)
  • action: Operation type (add, remove, replace)
  • user_ids: List of user identifiers (required)
  • reason: Justification for change (for audit trail)

check_permissions

Analyze and validate user access rights across resources

Parameters:

  • integration: Target identity provider integration (required)
  • user_id: User to analyze (required)
  • resource: Specific resource to check (optional)
  • permission_type: Type of permission to verify
  • include_inherited: Include permissions from group memberships

audit_access

Review authentication logs, access patterns, and security events

Parameters:

  • integration: Target identity provider integration (required)
  • user_id: Filter by specific user
  • event_type: Filter by event type (login, permission_change, failed_auth)
  • start_date: Beginning of audit period
  • end_date: End of audit period
  • risk_level: Filter by risk score

Installation

Prerequisites

  • A Unizo API key
  • An active Identity integration (Office 365, Google Workspace, OKTA, Microsoft Entra ID, Ping, Auth0)
  • Node.js v20 or higher

MCP Configuration

Here is an example configuration for setting up the Unizo Identity MCP server:

{
  "mcpServers": {
    "unizo-identity": {
        "command": "npx",
      "args": [
        "mcp-remote",
        "http://api.unizo.ai/mcp/identity",
        "--allow-http",
        "--header",
        "apikey:${UNIZO_API_KEY}"
      ],
      "env": {
        "UNIZO_API_KEY": "your_api_key"
      }
    }
  }
}

Client Setup

For detailed setup instructions with specific AI clients:

Environment Variables

The following environment variables are required:

Error Handling

All tools return errors in a consistent format:

{
  "error": {
    "code": "USER_NOT_FOUND",
    "message": "User 'john.doe@example.com' not found"
  }
}

Common error codes:

  • INTEGRATION_NOT_FOUND: Invalid identity provider integration ID
  • USER_NOT_FOUND: User not found or inaccessible
  • GROUP_NOT_FOUND: Group ID not found
  • PERMISSION_DENIED: Access to the requested resource is denied
  • RATE_LIMIT_EXCEEDED: API quota exceeded
  • UNAUTHORIZED: Invalid API key or insufficient permissions