Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Docebo MCP Serverecho back 'Hello from the Docebo MCP server'"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Docebo MCP Server
An MCP (Model Context Protocol) server that bridges Claude and other MCP clients to the Docebo Learning Platform API.
What is MCP?
MCP is an open standard that lets AI models interact with external tools and data through a consistent interface. This server gives any MCP-compatible client (Claude Desktop, Claude Code, Cursor, and others) the ability to read and manage your Docebo learning platform.
Prerequisites
Node.js >= 18
A Docebo platform instance with API credentials (see below)
A publicly accessible URL for the server (e.g. via a cloud provider or tunnel)
Docebo OAuth App Setup
Each MCP client requires an API Credentials app registered in your Docebo admin panel (Admin Menu > API and SSO > API Credentials). For each app:
Grant types: Enable Authorization Code + Implicit Grant and Resource Owner Password Credentials
Redirect URI: Set to the exact callback URL for your MCP client:
Client | Redirect URI |
Claude Desktop |
|
Claude Desktop (future) |
|
Note: Docebo enforces strict redirect URI matching. The URI must match exactly what the MCP client sends during the OAuth flow. ChatGPT only supports Dynamic Client Registration (DCR) and Docebo does not at this time.
Setup
1. Deploy the server
git clone https://github.com/riccardo-larosa/docebo-mcp-server.git
cd docebo-mcp-server
npm install && npm run buildConfigure environment variables (see below) and start:
npm start2. Connect Claude Desktop
Add a remote MCP server in Claude Desktop settings:
URL:
https://your-server-url.example.com/mcp
Claude Desktop will handle OAuth authorization automatically via the server's discovery endpoints.
3. Connect Claude Code
claude mcp add docebo --transport http https://your-server-url.example.com/mcpExample Usage
Once set up, try these example prompts:
My Dashboard
Show me my learner dashboard.
What courses have I completed and what's still in progress?
Team Training Reports
Give me a training report for the whole team.
Show completion status for the "Compliance" training across all users.
Which team members haven't completed their required courses?
Enroll by Name
Enroll Jane Doe in the Compliance 101 course.
Sign up John Smith for Leadership Training.
Search and Browse
Search for anything related to "data privacy".
Find all courses related to "leadership".
What training do we have about compliance?
Send Notifications
Send a training reminder email to Jane Smith.
Notify John Doe about his learning plan.
Tools
Workflow Tools
High-level tools that combine multiple API calls into a single operation:
Tool | Description |
| Returns the current user's profile (no admin permissions needed) |
| Returns user profile + all course enrollments with progress in one call |
| Generates a team-wide training report with filters (search, course, status) |
| Enrolls a user in a course by name — no IDs needed. Returns candidates if ambiguous |
| AI-powered semantic search across Docebo content (RAG-powered) |
| Fast keyword search across all Docebo content types |
Courses
Tool | Description |
| List and search courses with filters (name, category, status, sorting) |
| Get full details for a single course by ID |
Enrollments
Tool | Description |
| List enrollments with optional user/course/status filters |
| Get detailed enrollment info for a specific course + user |
| Get all enrollments for a user (progress summary) |
| Enroll a user into a course |
| Remove a user's enrollment from a course |
Users
Tool | Description |
| List platform users with pagination |
| Get details for a single user by ID |
Notifications
Tool | Description |
| Send a custom email to a user |
| Trigger a learning plan notification for a user |
Environment Variables
Single-tenant mode (development)
Variable | Required | Description |
| Yes | Your Docebo instance URL (e.g., |
| Yes | Public URL of this server (e.g. ngrok URL) |
| No | Server port (default: 3000) |
Multi-tenant mode (production)
Variable | Required | Description |
| Unset | Tenant derived from |
| Yes | Public URL (e.g. |
| No | Server port (default: 3000) |
Multi-tenant activates when API_BASE_URL is not set. Requests to acme.mcp.yourdomain.com route API calls to https://acme.docebosaas.com.
Note: OAuth credentials (client ID/secret) are provided by each MCP client during the OAuth flow. The server's token proxy forwards client-provided credentials to Docebo — no server-side credential storage needed.
Development
npm run dev:honoThe server listens on port 3000 by default and exposes the MCP endpoint at /mcp.
HTTP API
Endpoint | Method | Description |
| POST | All MCP client requests (initialize, tool calls, prompts). Sessions tracked via |
| GET | Health check. Returns |
| GET | Service info. Returns all endpoint URLs and OAuth configuration for the current tenant. |
| GET | RFC 9728 Protected Resource Metadata. Returns |
| GET | RFC 8414 Authorization Server Metadata. Returns |
| POST | Token proxy. Forwards the client's |
OAuth Discovery & Authentication Flow
The MCP server acts as both a Protected Resource (RFC 9728) and an Authorization Server metadata host (RFC 8414), proxying the actual OAuth exchange to Docebo. Here's how the two .well-known endpoints work together:
sequenceDiagram
participant C as MCP Client
participant S as MCP Server
participant D as Docebo (tenant)
Note over C,D: Step 1 — Discovery
C->>S: GET /.well-known/oauth-protected-resource
S-->>C: authorization_servers: ["https://mcp-server"]
C->>S: GET /.well-known/oauth-authorization-server
S-->>C: authorization_endpoint: "https://tenant.docebosaas.com/oauth2/authorize"<br/>token_endpoint: "https://mcp-server/oauth/token"
Note over C,D: Step 2 — User Authorization
C->>D: Redirect to /oauth2/authorize
D-->>C: Authorization code
Note over C,D: Step 3 — Token Exchange (proxied)
C->>S: POST /oauth/token (code + client_id + client_secret)
S->>D: POST /oauth2/token (forwarded)
D-->>S: access_token + refresh_token
S-->>C: Proxied token response
Note over C,D: Step 4 — Authenticated MCP Usage
C->>S: POST /mcp + Bearer access_token
S->>D: API calls with Bearer token
D-->>S: API response
S-->>C: MCP tool resultWhy The authorization_servers field in the Protected Resource Metadata tells clients where to fetch the Authorization Server Metadata — not the actual authorization endpoint. Since the MCP server hosts the /.well-known/oauth-authorization-server endpoint (which contains the real Docebo URLs) and proxies token exchange through /oauth/token, it correctly advertises itself as the AS metadata host. The actual Docebo authorization_endpoint is revealed in step 2.
Testing
npm test # All tests
npm run coverage # Tests with coverage
npm run test:contract # API contract tests (requires credentials)Debugging
Use the MCP Inspector:
npx @modelcontextprotocol/inspectorArchitecture
graph LR
subgraph "Your Computer"
C1[MCP Client]
end
subgraph "Remote"
S1[MCP Server]
API1[Docebo API]
end
C1 <-->|HTTP + OAuth| S1
S1 <--> API1
style C1 fill:#2e7d32,color:#ffffff
style S1 fill:#f57c00,color:#ffffff
style API1 fill:#c2185b,color:#ffffffThe server has two types of tools:
Declarative tools — Data structures (HTTP method, path template, parameter bindings, JSON Schema). The generic execution engine in
core.tshandles validation, URL construction, auth, and HTTP calls.Workflow tools — Class-based tools that combine multiple API calls into a single operation. Each extends
BaseTooland usesDoceboApiClientfor internal HTTP calls.