MCP Channel

Ask your AI assistant about identity data in plain English. The MCP channel connects Cursor, Claude Desktop, VS Code, and other MCP-compatible tools directly to your directory.

Enable the MCP channels:

export SCRIBE_MCP_ENABLED=true                # Data MCP at /mcp
export SCRIBE_MONITORING_MCP_ENABLED=true      # Observe MCP at /observe/mcp (optional)

Once connected, ask in plain English:

Find and explore data

“What entry types are in the directory?”

“Find users with @acme.com email addresses”

“Get the user with ID dXNlcjo5aXg”

“What did user 12345 look like yesterday?”

Track changes

“What changed in the last 24 hours?”

“Show me the history for user dXNlcjo5aXg”

Check system health

“Is the system healthy?”

“Show me the error rates”

“What does error SCRIBE-1001 mean?”

OAuth first. MCP prefers bearer tokens: clients obtain a JWT from your IdP and send it in the Authorization: Bearer header. Most MCP clients (Cursor, Claude Desktop, VS Code) handle OAuth flows automatically — register an OAuth client in your IdP, configure credentials in the client, and it manages the token flow.

Fallbacks when OAuth is unavailable. If clients cannot obtain tokens, use HTTP Basic auth. Scribe validates Authorization: Basic via ROPC (exchanges credentials with the IdP for a JWT) or LDAP bind (direct directory validation). Bearer is always checked first; Basic is used only when no Bearer token is present.

See Authentication for server-side setup, MCP Cursor callback issues for OAuth callback troubleshooting, and Configuration Reference for all MCP settings.