Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/archestra-ai/archestra/llms.txt

Use this file to discover all available pages before exploring further.

MCP authentication in Archestra operates across two independent layers: the client-facing gateway layer and the upstream MCP server layer. This separation matters because the MCP client should not need to know how every upstream system is authenticated. Cursor, Claude Desktop, Copilot CLI, Open WebUI, or a custom agent authenticates once to an MCP Gateway. Archestra then decides which installed MCP server connection and which upstream credential should be used for each tool call — meaning one gateway can expose tools backed by different credential models simultaneously. The two layers are:
  • Gateway authentication — how a client proves it can call POST /v1/mcp/<gateway-id>
  • Upstream MCP server authentication — how Archestra authenticates to the MCP server or external system behind that gateway when a tool actually runs
Clients only send the gateway-facing token. Archestra resolves upstream MCP server authentication separately at execution time, using the caller identity, the gateway or Agent tool assignment, and the installed MCP server credential configuration.

Gateway Authentication

The MCP Gateway supports four client authentication paths.
MCP-native clients such as Claude Desktop, Cursor, Copilot CLI, and Open WebUI authenticate automatically using the MCP Authorization spec. The gateway acts as both the resource server and the authorization server.Supported flows:
  • Authorization Code + PKCE — standard browser-based flow with user login and consent
  • DCR (RFC 7591) — dynamic client registration at POST /api/auth/oauth2/register
  • CIMD — clients use an HTTPS URL as their client_id; the gateway fetches the client metadata document directly
Discovery endpoints exposed automatically:
  • /.well-known/oauth-protected-resource (RFC 9728)
  • /.well-known/oauth-authorization-server (RFC 8414)
The default access token lifetime is 1 year, reducing unnecessary reconnects for desktop apps. Admins can change this in Settings > Organization > Auth. The setting applies to newly issued tokens organization-wide.

ID-JAG vs. JWKS

ID-JAG and JWKS both rely on enterprise-issued JWTs, but they solve different problems.
ID-JAGJWKS
What the client sendsEnterprise assertion → exchanged for Archestra MCP tokenEnterprise JWT sent directly
Token at the gatewayArchestra-issued MCP access tokenExternal IdP JWT
Gateway token bound toSpecific MCP Gateway resourceNot bound
Use whenClient uses the ID-JAG token exchange flow; you want Archestra to mint its own MCP tokenClient already has a bearer JWT; you want direct validation and JWT propagation

Upstream MCP Server Authentication

MCP servers that connect to external services need their own credentials. Archestra manages this with a two-token model: the Gateway Token authenticates the client to Archestra; the Upstream MCP Server Token authenticates Archestra to the upstream server. The client only ever sends the gateway token — Archestra resolves the upstream token behind the scenes. There are five types of upstream credentials:
API keys or personal access tokens set once at install time and used for all requests. When a tool assignment is pinned to a specific installed connection, Archestra validates the connection scope:
  • Team-installed connection — can only be assigned to a team-scoped Agent or MCP Gateway that includes that same team
  • Personal connection — can only be assigned to a resource the connection owner could access directly
The primary credential is injected as Authorization, Authorization: Bearer, or a custom header such as x-api-key, depending on what the upstream server expects.
Obtained by running an OAuth flow against the upstream provider during installation. Archestra stores both the access token and refresh token. When the upstream server returns a 401, Archestra uses the stored refresh token to obtain a new access token and retries the request automatically. Refresh failures are tracked per server and visible in the MCP server status page.If the MCP server URL is different from the OAuth issuer or metadata host, configure explicit OAuth overrides in the catalog item — Archestra supports a separate authorization server URL, direct well-known metadata URLs, or direct authorization and token endpoints.
Use grant_type=client_credentials for shared machine-to-machine access. Archestra stores the client_id, client_secret, and optional audience, exchanges them for a short-lived bearer token at call time, and reuses the token until the refresh window is reached. Install one connection per team or shared scope.
Archestra exchanges the caller’s IdP token at tool-call time using one of three strategies:
  • RFC 8693 token exchange — Archestra exchanges the user’s token at the IdP token endpoint and injects the returned bearer token
  • Okta managed credential exchange — Archestra exchanges the user’s token for an Okta-managed credential or secret
  • Microsoft Entra on-behalf-of (OBO) — Archestra exchanges the signed-in user’s Entra access token for the downstream API token
Configure all three of the following to enable this mode:
  1. Identity Provider — fill in the Enterprise-Managed Credentials section in Settings > Identity Providers
  2. MCP catalog item — choose Identity Provider Token Exchange in the server’s multitenant authorization settings
  3. Tool assignment — select Resolve at call time
Token Exchange Configuration fields on the catalog item:
FieldPurpose
Requested CredentialType of value to request — bearer token, secret, ID-JAG, service account, or opaque JSON
Injection ModeHow Archestra sends the value upstream — Authorization: Bearer, raw Authorization, or custom header
Managed Resource IdentifierAudience or resource ID that tells the IdP which downstream token to mint
External Provider AliasBroker-specific selector when one IdP can mint tokens for multiple downstream providers
Response Field PathField to extract when the IdP returns a structured payload
Header NameExact upstream header name when using a custom header injection mode
Archestra forwards the caller’s enterprise IdP JWT to the upstream MCP server as Authorization: Bearer <jwt>, so the upstream server can validate it against the IdP’s JWKS directly — statelessly, without any Archestra-specific integration.Use this mode when the upstream MCP server already understands the enterprise IdP’s JWTs and should make its own authorization decisions from those claims.Configure on the catalog item by choosing Identity Provider JWT / JWKS in the multitenant authorization settings, then selecting Resolve at call time on the tool assignment.

Dynamic Credential Resolution

By default, each MCP server installation has a single credential shared by all callers. Enabling Resolve at call time on an assignment makes Archestra resolve the credential per caller. Resolution priority order:
  1. The calling user’s own personal credential (highest priority)
  2. A credential owned by a team member on the same team
  3. If no credential is found, return an error with an install link

Missing Credentials

When no credential can be resolved, the gateway returns an actionable error message: 
Authentication required for "GitHub MCP Server".
No credentials found for your account (user: alice@example.com).
Set up credentials: https://archestra.example.com/mcp/registry?install=abc-123
The user follows the link, installs the server with their own credentials, and retries the tool call.

Archestra MCP Server Tools

The Archestra MCP Server ships built-in with the platform. All tools are prefixed with archestra__ and are always trusted — they bypass tool invocation and trusted data policies. RBAC is still enforced: every tool maps to a required permission, and tools/list dynamically filters tools so users only see those they can actually use. Three tools are especially relevant to the MCP tool layer:

search_tools

Searches available tools on demand using a natural-language query. Returns tool names, descriptions, argument signatures, and source information.
ParameterTypeRequiredDescription
querystringYesNatural-language search query describing the capability you need. Searches tool names, descriptions, argument names, and argument descriptions.
limitintegerNoMaximum number of matching tools to return
search_tools is automatically enabled on any gateway or agent that has Load tools when needed mode active. It does not appear in the built-in tool picker because it is implicitly included.

run_tool

Dispatches to any tool available to the agent or gateway, including built-in platform tools, agent delegation tools, and third-party MCP tools.
ParameterTypeRequiredDescription
tool_namestringYesExact tool name (e.g., archestra__whoami, context7__resolve-library-id, agent-{id})
tool_argsobjectNoArguments object matching the target tool’s input schema
run_tool does not bypass tool call policies. Input conditions, team conditions, untrusted-context rules, and approval-required rules still apply to the target tool.

query_knowledge_sources

Queries the organization’s knowledge sources to retrieve relevant information. Automatically assigned to any Agent or MCP Gateway that has at least one knowledge base or knowledge connector attached.
ParameterTypeRequiredDescription
querystringYesThe user’s original query, passed verbatim without rephrasing or expansion
Requires knowledgeSource:query RBAC permission.

End-to-End JWKS

When an MCP Gateway is configured with Identity Provider JWKS authentication and no upstream credentials are configured on the catalog item, the gateway propagates the caller’s JWT to upstream MCP servers. Your MCP server receives the JWT as Authorization: Bearer and can validate it directly against the IdP’s JWKS endpoint — statelessly, without any Archestra-specific integration. This pattern is useful when your MCP server needs to enforce its own access control based on IdP claims such as roles or groups, or when the server is deployed outside of Archestra and must authenticate users independently.

Build docs developers (and LLMs) love

Get started for freeTalk to us