Skip to main content
Glama

authentik-mcp

by cdmx-in

Authentik MCP Servers

A collection of Model Context Protocol (MCP) servers for Authentik API integration, available in both Python and Node.js implementations.

Overview

This repository contains four MCP servers for integrating with Authentik:

  • authentik-mcp (Python) - Complete Authentik API integration with full CRUD capabilities
  • authentik-mcp (Node.js) - TypeScript implementation with complete API access

Diagnostic-Only Servers

  • authentik-diag-mcp (Python) - Read-only diagnostic and monitoring capabilities
  • authentik-diag-mcp (Node.js) - TypeScript implementation for diagnostics and monitoring

MCP Integration & Usage

This repository is designed for seamless integration with the Model Context Protocol (MCP) ecosystem. These servers are intended to be run and managed by MCP-compatible tools (such as VS Code extensions, automation platforms, or orchestration systems) rather than directly via the command line.

How to Use with MCP

  1. Install the desired package(s):
    • For full API access: authentik-mcp
    • For diagnostics/monitoring: authentik-diag-mcp
  2. Configure your MCP tool or platform to point to the installed server binary (e.g., authentik-mcp or authentik-diag-mcp) and provide the required Authentik API token and base URL as arguments or environment variables.
  3. Do not run these servers directly via CLI. Instead, let your MCP-compatible tool manage their lifecycle and communication.
  4. Interact with Authentik through the MCP tool interface, which will expose all available resources and tools for automation, monitoring, and diagnostics.
Example: VS Code Github Copilot MCP Extension

GitHub Copilot Workspace (settings.json) – Python (uvx):

"mcp": { "servers": { "authentik": { "command": "uvx", "args": [ "authentik-diag-mcp", "--base-url", "https://your-authentik-instance", "--token", "your-api-token" ] } } }

GitHub Copilot Workspace (settings.json) – Node.js (npx):

"mcp": { "servers": { "authentik": { "command": "npx", "args": [ "@cdmx/authentik-diag-mcp", "--base-url", "https://your-authentik-instance", "--token", "your-api-token" ] } } }

Claude Desktop (claude_desktop_config.json) – Python (uvx):

{ "mcpServers": { "authentik": { "command": "uvx", "args": [ "authentik-diag-mcp", "--base-url", "https://your-authentik-instance", "--token", "your-api-token" ] } } }

Claude Desktop (claude_desktop_config.json) – Node.js (npx):

{ "mcpServers": { "authentik": { "command": "npx", "args": [ "@cdmx/authentik-diag-mcp", "--base-url", "https://your-authentik-instance", "--token", "your-api-token" ] } } }

Quick Start

Python Packages

Note: These packages are not intended for direct CLI use. Integrate them with your MCP-compatible tool or platform as described above.

Node.js Packages

Note: These packages are not intended for direct CLI use. Integrate them with your MCP-compatible tool or platform as described above.

Full API Access

Managed by your MCP tool. No direct CLI usage required.

Diagnostic Only

Managed by your MCP tool. No direct CLI usage required.

Features Comparison

FeatureFull MCPDiagnostic MCP
User Management (CRUD)❌ (Read-only)
Group Management (CRUD)❌ (Read-only)
Application Management (CRUD)❌ (Read-only)
Event Monitoring
User Information✅ (Read-only)
Group Information✅ (Read-only)
Application Status✅ (Read-only)
Flow Management✅ (Read-only)
Provider Management✅ (Read-only)
Token Management
System Health Monitoring
Audit Trail Analysis

API Token Setup

For Full Access (authentik-mcp)

  1. Log in to Authentik as an administrator
  2. Navigate to Directory > Tokens
  3. Create a new token with full API permissions
  4. Copy the token for use with the full MCP server

For Diagnostic Access (authentik-diag-mcp)

  1. Log in to Authentik as an administrator
  2. Navigate to Directory > Tokens
  3. Create a new token with minimal read-only permissions
  4. Copy the token for use with the diagnostic MCP server

Available Tools

Full MCP Server Tools

User Management
  • authentik_list_users - List users with filtering
  • authentik_get_user - Get user details
  • authentik_create_user - Create new user
  • authentik_update_user - Update existing user
  • authentik_delete_user - Delete user
Group Management
  • authentik_list_groups - List groups
  • authentik_get_group - Get group details
  • authentik_create_group - Create new group
  • authentik_update_group - Update existing group
  • authentik_delete_group - Delete group
Application Management
  • authentik_list_applications - List applications
  • authentik_get_application - Get application details
  • authentik_create_application - Create new application
  • authentik_update_application - Update existing application
  • authentik_delete_application - Delete application
Event Monitoring
  • authentik_list_events - List system events
  • authentik_get_event - Get event details
Flow Management
  • authentik_list_flows - List authentication flows
  • authentik_get_flow - Get flow details
Provider Management
  • authentik_list_providers - List providers
  • authentik_get_provider - Get provider details
Token Management
  • authentik_list_tokens - List API tokens
  • authentik_create_token - Create new token

Diagnostic MCP Server Tools

Event Monitoring
  • authentik_list_events - List system events with filtering
  • authentik_get_event - Get detailed event information
  • authentik_search_events - Search events by criteria
  • authentik_get_user_events - Get user-specific events
User Information (Read-Only)
  • authentik_get_user_info - Get user information
  • authentik_list_users_info - List users for diagnostics
  • authentik_get_user_events - Get user event history
Group Information (Read-Only)
  • authentik_get_group_info - Get group information
  • authentik_list_groups_info - List groups for diagnostics
  • authentik_get_group_members - Get group members
System Health
  • authentik_get_system_config - Get system configuration
  • authentik_get_version_info - Get version information
Application/Flow/Provider Status (Read-Only)
  • authentik_get_application_status - Check application status
  • authentik_list_applications_status - List application statuses
  • authentik_get_flow_status - Check flow status
  • authentik_list_flows_status - List flow statuses
  • authentik_get_provider_status - Check provider status
  • authentik_list_providers_status - List provider statuses

Use Cases

Full MCP Server

  • User Management: Create, update, and manage user accounts
  • Group Administration: Organize users into groups with appropriate permissions
  • Application Setup: Configure and deploy new applications
  • Flow Configuration: Set up and customize authentication flows
  • System Administration: Complete system management and configuration

Diagnostic MCP Server

  • Security Monitoring: Track authentication events and security incidents
  • Performance Analysis: Monitor system performance and user experience
  • Compliance Reporting: Generate audit reports and compliance documentation
  • Troubleshooting: Diagnose authentication and access issues
  • Health Monitoring: Monitor system health and configuration drift

Security Best Practices

Token Management

  • Use dedicated tokens for each server type
  • Rotate tokens regularly
  • Apply principle of least privilege
  • Monitor token usage

Environment Security

  • Always use HTTPS in production
  • Verify SSL certificates
  • Use environment variables for sensitive data
  • Implement proper access controls

Monitoring

  • Enable audit logging
  • Monitor API usage patterns
  • Set up alerting for suspicious activities
  • Regular security reviews

Development

Building All Packages

chmod +x build.sh ./build.sh

Publishing All Packages

chmod +x publish.sh ./publish.sh

Development Setup

Python Development
cd python/authentik-mcp # or authentik-diag-mcp uv sync uv run authentik-mcp --base-url http://localhost:9000 --token your-token
Node.js Development
cd nodejs/authentik-mcp # or authentik-diag-mcp npm install npm run dev -- --base-url http://localhost:9000 --token your-token

Requirements

Python

  • Python 3.10 or higher
  • uv package manager (recommended)

Node.js

  • Node.js 18.0.0 or higher

General

  • Valid Authentik API token with appropriate permissions
  • npm or yarn

Project Structure

authentik-mcp/ ├── python/ │ ├── authentik-mcp/ # Full Python MCP server │ └── authentik-diag-mcp/ # Diagnostic Python MCP server ├── nodejs/ │ ├── authentik-mcp/ # Full Node.js MCP server │ └── authentik-diag-mcp/ # Diagnostic Node.js MCP server ├── build.sh # Build all packages ├── publish.sh # Publish all packages └── README.md # This file

License

MIT License - see individual package LICENSE files for details.

Support

Contributing

We welcome contributions! Please see our Contributing Guide for details.

Changelog

See individual package CHANGELOG.md files for version history and changes.

-
security - not tested
A
license - permissive license
-
quality - not tested

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Authentik MCP provides seamless integration with Authentik's API, supporting both full-featured and diagnostic modes. These enable secure, automated user, group, and system management through MCP-compatible tools.

  1. Overview
    1. Full-Featured Servers
    2. Diagnostic-Only Servers
  2. MCP Integration & Usage
    1. How to Use with MCP
  3. Quick Start
    1. Python Packages
    2. Node.js Packages
  4. Features Comparison
    1. API Token Setup
      1. For Full Access (authentik-mcp)
      2. For Diagnostic Access (authentik-diag-mcp)
    2. Available Tools
      1. Full MCP Server Tools
      2. Diagnostic MCP Server Tools
    3. Use Cases
      1. Full MCP Server
      2. Diagnostic MCP Server
    4. Security Best Practices
      1. Token Management
      2. Environment Security
      3. Monitoring
    5. Development
      1. Building All Packages
      2. Publishing All Packages
      3. Development Setup
    6. Requirements
      1. Python
      2. Node.js
      3. General
    7. Project Structure
      1. License
        1. Support
          1. Contributing
            1. Changelog

              Related MCP Servers

              • -
                security
                F
                license
                -
                quality
                Our MCP Tools are designed to enhance AI-driven automated interview services by ensuring a seamless and contextually relevant candidate assessment process. These tools leverage advanced AI models to analyze responses, evaluate competencies, and provide real-time feedback, ma
                Last updated -
                Python
              • -
                security
                -
                license
                -
                quality
                A MCP server that requires user authentication via Auth0, allowing it to call protected APIs on behalf of authenticated users.
                Last updated -
                TypeScript
              • -
                security
                A
                license
                -
                quality
                A lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.
                Last updated -
                7
                Python
                MIT License
              • -
                security
                -
                license
                -
                quality
                An MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.
                Last updated -
                1
                Python

              View all related MCP servers

              MCP directory API

              We provide all the information about MCP servers via our MCP API.

              curl -X GET 'https://glama.ai/api/mcp/v1/servers/cdmx-in/authentik-mcp'

              If you have feedback or need assistance with the MCP directory API, please join our Discord server