Provides integration with Authentik identity management platform, offering tools for user, group, and application management, event monitoring, flow management, provider configuration, token management, and system health monitoring.
Authentik MCP Servers
A collection of Model Context Protocol (MCP) servers for Authentik API integration, available in both Python and Node.js implementations.
Overview
This repository contains four MCP servers for integrating with Authentik:
Full-Featured Servers
- authentik-mcp (Python) - Complete Authentik API integration with full CRUD capabilities
- authentik-mcp (Node.js) - TypeScript implementation with complete API access
Diagnostic-Only Servers
- authentik-diag-mcp (Python) - Read-only diagnostic and monitoring capabilities
- authentik-diag-mcp (Node.js) - TypeScript implementation for diagnostics and monitoring
MCP Integration & Usage
This repository is designed for seamless integration with the Model Context Protocol (MCP) ecosystem. These servers are intended to be run and managed by MCP-compatible tools (such as VS Code extensions, automation platforms, or orchestration systems) rather than directly via the command line.
How to Use with MCP
- Install the desired package(s):
- For full API access:
authentik-mcp
- For diagnostics/monitoring:
authentik-diag-mcp
- For full API access:
- Configure your MCP tool or platform to point to the installed server binary (e.g.,
authentik-mcp
orauthentik-diag-mcp
) and provide the required Authentik API token and base URL as arguments or environment variables. - Do not run these servers directly via CLI. Instead, let your MCP-compatible tool manage their lifecycle and communication.
- Interact with Authentik through the MCP tool interface, which will expose all available resources and tools for automation, monitoring, and diagnostics.
Example: VS Code Github Copilot MCP Extension
GitHub Copilot Workspace (settings.json) – Python (uvx):
GitHub Copilot Workspace (settings.json) – Node.js (npx):
Claude Desktop (claude_desktop_config.json) – Python (uvx):
Claude Desktop (claude_desktop_config.json) – Node.js (npx):
Quick Start
Python Packages
Note: These packages are not intended for direct CLI use. Integrate them with your MCP-compatible tool or platform as described above.
Node.js Packages
Note: These packages are not intended for direct CLI use. Integrate them with your MCP-compatible tool or platform as described above.
Full API Access
Managed by your MCP tool. No direct CLI usage required.
Diagnostic Only
Managed by your MCP tool. No direct CLI usage required.
Features Comparison
Feature | Full MCP | Diagnostic MCP |
---|---|---|
User Management (CRUD) | ✅ | ❌ (Read-only) |
Group Management (CRUD) | ✅ | ❌ (Read-only) |
Application Management (CRUD) | ✅ | ❌ (Read-only) |
Event Monitoring | ✅ | ✅ |
User Information | ✅ | ✅ (Read-only) |
Group Information | ✅ | ✅ (Read-only) |
Application Status | ✅ | ✅ (Read-only) |
Flow Management | ✅ | ✅ (Read-only) |
Provider Management | ✅ | ✅ (Read-only) |
Token Management | ✅ | ❌ |
System Health Monitoring | ✅ | ✅ |
Audit Trail Analysis | ✅ | ✅ |
API Token Setup
For Full Access (authentik-mcp)
- Log in to Authentik as an administrator
- Navigate to Directory > Tokens
- Create a new token with full API permissions
- Copy the token for use with the full MCP server
For Diagnostic Access (authentik-diag-mcp)
- Log in to Authentik as an administrator
- Navigate to Directory > Tokens
- Create a new token with minimal read-only permissions
- Copy the token for use with the diagnostic MCP server
Available Tools
Full MCP Server Tools
User Management
authentik_list_users
- List users with filteringauthentik_get_user
- Get user detailsauthentik_create_user
- Create new userauthentik_update_user
- Update existing userauthentik_delete_user
- Delete user
Group Management
authentik_list_groups
- List groupsauthentik_get_group
- Get group detailsauthentik_create_group
- Create new groupauthentik_update_group
- Update existing groupauthentik_delete_group
- Delete group
Application Management
authentik_list_applications
- List applicationsauthentik_get_application
- Get application detailsauthentik_create_application
- Create new applicationauthentik_update_application
- Update existing applicationauthentik_delete_application
- Delete application
Event Monitoring
authentik_list_events
- List system eventsauthentik_get_event
- Get event details
Flow Management
authentik_list_flows
- List authentication flowsauthentik_get_flow
- Get flow details
Provider Management
authentik_list_providers
- List providersauthentik_get_provider
- Get provider details
Token Management
authentik_list_tokens
- List API tokensauthentik_create_token
- Create new token
Diagnostic MCP Server Tools
Event Monitoring
authentik_list_events
- List system events with filteringauthentik_get_event
- Get detailed event informationauthentik_search_events
- Search events by criteriaauthentik_get_user_events
- Get user-specific events
User Information (Read-Only)
authentik_get_user_info
- Get user informationauthentik_list_users_info
- List users for diagnosticsauthentik_get_user_events
- Get user event history
Group Information (Read-Only)
authentik_get_group_info
- Get group informationauthentik_list_groups_info
- List groups for diagnosticsauthentik_get_group_members
- Get group members
System Health
authentik_get_system_config
- Get system configurationauthentik_get_version_info
- Get version information
Application/Flow/Provider Status (Read-Only)
authentik_get_application_status
- Check application statusauthentik_list_applications_status
- List application statusesauthentik_get_flow_status
- Check flow statusauthentik_list_flows_status
- List flow statusesauthentik_get_provider_status
- Check provider statusauthentik_list_providers_status
- List provider statuses
Use Cases
Full MCP Server
- User Management: Create, update, and manage user accounts
- Group Administration: Organize users into groups with appropriate permissions
- Application Setup: Configure and deploy new applications
- Flow Configuration: Set up and customize authentication flows
- System Administration: Complete system management and configuration
Diagnostic MCP Server
- Security Monitoring: Track authentication events and security incidents
- Performance Analysis: Monitor system performance and user experience
- Compliance Reporting: Generate audit reports and compliance documentation
- Troubleshooting: Diagnose authentication and access issues
- Health Monitoring: Monitor system health and configuration drift
Security Best Practices
Token Management
- Use dedicated tokens for each server type
- Rotate tokens regularly
- Apply principle of least privilege
- Monitor token usage
Environment Security
- Always use HTTPS in production
- Verify SSL certificates
- Use environment variables for sensitive data
- Implement proper access controls
Monitoring
- Enable audit logging
- Monitor API usage patterns
- Set up alerting for suspicious activities
- Regular security reviews
Development
Building All Packages
Publishing All Packages
Development Setup
Python Development
Node.js Development
Requirements
Python
- Python 3.10 or higher
- uv package manager (recommended)
Node.js
- Node.js 18.0.0 or higher
General
- Valid Authentik API token with appropriate permissions
- npm or yarn
Project Structure
License
MIT License - see individual package LICENSE files for details.
Support
Contributing
We welcome contributions! Please see our Contributing Guide for details.
Changelog
See individual package CHANGELOG.md files for version history and changes.
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Authentik MCP provides seamless integration with Authentik's API, supporting both full-featured and diagnostic modes. These enable secure, automated user, group, and system management through MCP-compatible tools.
Related MCP Servers
- -securityFlicense-qualityOur MCP Tools are designed to enhance AI-driven automated interview services by ensuring a seamless and contextually relevant candidate assessment process. These tools leverage advanced AI models to analyze responses, evaluate competencies, and provide real-time feedback, maLast updated -Python
- -security-license-qualityA MCP server that requires user authentication via Auth0, allowing it to call protected APIs on behalf of authenticated users.Last updated -TypeScript
- -securityAlicense-qualityA lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.Last updated -7PythonMIT License
- -security-license-qualityAn MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.Last updated -1Python