TAKO MCP Server for Okta

# Fctr Okta MCP Server - Docker Build # # Build variants: # docker build --target http -t fctr-okta-mcp:http . # Default: HTTP transport for containers # docker build --target stdio -t fctr-okta-mcp:stdio . # For local MCP clients (Claude Desktop) # # Run HTTP server (default) - RECOMMENDED: bind to localhost only # docker run --rm \ # -p 127.0.0.1:8000:8000 \ # -v $(pwd)/logs:/app/logs \ # -v $(pwd)/okta_results:/app/okta_results \ # -e OKTA_CLIENT_ORGURL=https://your-org.okta.com \ # -e OKTA_API_TOKEN=your_token \ # fctr-okta-mcp:http # # HTTP server endpoints: # - MCP: http://localhost:8000/mcp # - CSV Results: http://localhost:8000/results/<uuid>.csv (auto-expires in 5 min) # # Run STDIO server (for Claude Desktop): # docker run -i --rm \ # -v $(pwd)/logs:/app/logs \ # -v $(pwd)/okta_results:/app/okta_results \ # -e OKTA_CLIENT_ORGURL=https://your-org.okta.com \ # -e OKTA_API_TOKEN=your_token \ # fctr-okta-mcp:stdio FROM python:3.13-slim AS base # Install uv for fast package management COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/ WORKDIR /app # Copy dependency files COPY pyproject.toml . # Copy application code COPY src/ ./src/ # Install the package and all dependencies using uv RUN uv pip install --system --no-cache -e . # Create directories for volumes RUN mkdir -p /app/logs /app/okta_results # Create non-root user RUN groupadd -g 1001 appgroup && \ useradd -u 1001 -g appgroup -s /bin/sh appuser && \ chown -R appuser:appgroup /app USER appuser # Common environment variables ENV PYTHONUNBUFFERED=1 ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONPATH=/app # Default environment (can be overridden) ENV ENABLE_AGENT_MODE=true ENV API_CONCURRENT_LIMIT=10 # ============================================================================= # HTTP variant (DEFAULT for containers) # ============================================================================= FROM base AS http ENV TRANSPORT_TYPE=http # HTTP transport configuration ENV MCP_HOST=0.0.0.0 ENV MCP_PORT=8000 EXPOSE 8000 # Container environment is isolated, so HTTP is acceptable here # Security: Use reverse proxy with authentication in production ENTRYPOINT ["python", "-m", "fctr_okta_mcp.server", "--http-transport", "--i-understand-the-risks"] # ============================================================================= # STDIO variant (for local MCP clients like Claude Desktop) # ============================================================================= FROM base AS stdio ENV TRANSPORT_TYPE=stdio ENTRYPOINT ["python", "-m", "fctr_okta_mcp.server"]