Adobe Learning Manager MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Adobe Learning Manager MCP Serverlist the first 20 users"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Adobe Learning Manager (ALM) MCP Server
Wraps the ALM Prime API v2 so an LLM client can look up learners, browse learning objects, manage enrollments, check badges, and kick off async jobs (CSV exports, certificate generation).
Reference docs: https://learningmanager.adobe.com/docs/primeapi/v2/
Auth: you need an OAuth access token first
ALM's Prime API uses OAuth 2.0, not a static API key. Before this server is useful you need:
An ALM integration registered (Admin > Integrations in ALM, or via your Adobe admin console) to get a client ID/secret.
An OAuth access token obtained through ALM's auth flow using that client ID/secret.
This server takes a already-issued access token via ALM_ACCESS_TOKEN
as a fallback default — but if multiple people connect to this server
(the point of hosting it remotely), each person should call
set_access_token with their own token instead of relying on the
shared default. See "Multi-user auth model" below for why. This server
does not handle the OAuth exchange or refresh itself — for long-lived
use, either:
refresh the token externally and call
set_access_tokenagain, orextend
_get_token()/ add a token-refresh helper if you have refresh tokens available.
Requests are sent as Authorization: oauth <token> (ALM's documented
header format) with JSON:API content types.
Related MCP server: OpenProject MCP Server
Multi-user auth model (read this before deploying for a team)
This server is designed to be safely used by multiple people connected at once — e.g. several Adobe employees, each with their own ALM identity. Tokens are stored per MCP session, not globally:
Each connecting client gets its own isolated token once they call
set_access_token.One person's token can never leak into or affect another person's requests, even if both are using the server at the same time.
If a session hasn't called
set_access_tokenyet, it falls back to the server'sALM_ACCESS_TOKENenv var (if set) — fine for solo testing, but every real user should set their own token rather than share that default once this is used by more than one person.
This is still simpler than full OAuth: there's no real login flow, and
nothing stops someone from pasting in a token that isn't theirs. The
proper next step is a real OAuth Resource Server backed by Adobe IMS
(TokenVerifier + AuthSettings from mcp.server.auth), where each
person authenticates via an actual login redirect instead of manually
copying a token. That requires registering an OAuth client in Adobe
IMS's console — an Adobe-internal identity/IT action — so it's a
deliberately separate, bigger step from what's implemented here.
Setup
cd alm-mcp-server
uv venv
source .venv/bin/activate
uv syncTools included
Users
list_users(page_limit, page_offset, filter_field, filter_value)get_user(user_id)create_user(name, email, user_type, user_unique_id)update_user(user_id, attributes)delete_user(user_id)list_user_groups(user_id, page_limit)
Learning objects & catalogs
list_learning_objects(lo_types, page_limit)get_learning_object(lo_id, include)list_catalogs(page_limit)
Enrollments
list_enrollments(user_id, lo_types, sort)enroll_user(user_id, lo_id, lo_instance_id, allow_multi_enrollment)get_enrollment(user_id, enrollment_id, include)unenroll_user(user_id, enrollment_id)
Badges
list_user_badges(user_id)
Jobs (async)
create_job(job_type, job_params)get_job_status(job_id)
Auth maintenance
set_access_token(new_token)— set your own OAuth token for your session only, without restarting the server. Use this when you first connect, or when you hit a 401 "Token expired" error. Isolated per-session — does not affect or get affected by any other connected user.
Test it
npx @modelcontextprotocol/inspector python server.pyTry list_users with a small page_limit first to confirm auth works
before attempting writes.
Connect to Claude Desktop
{
"mcpServers": {
"adobe_learning_manager": {
"command": "uv",
"args": [
"--directory",
"/absolute/path/to/alm-mcp-server",
"run",
"server.py"
],
"env": {
"ALM_BASE_URL": "https://learningmanager.adobe.com",
"ALM_ACCESS_TOKEN": "your-oauth-access-token"
}
}
}
}Use https://learningmanagereu.adobe.com (or your account's assigned
region) instead if your ALM tenant is EU-hosted.
Known gotcha: eventual consistency on create-then-enroll
If you call create_user and immediately call enroll_user for that
same user, ALM's enrollment lookup can briefly fail with "object
doesn't exist" — the new user hasn't finished indexing yet. If you hit
this, add a short delay (a few seconds) and retry once or twice with
backoff before treating it as a real error.
Scope note
This server is read-heavy for learning objects and read/write for users + enrollments, which matches how the API is actually used in practice — ALM's write API is oriented around learners and their relationship to content (enroll, track progress) rather than authoring course content itself, which is typically done through the ALM UI.
Before production use
Scope the OAuth integration's permissions as narrowly as ALM allows (e.g. a service account without full admin rights) rather than using a personal admin token.
Treat
delete_userandunenroll_useras destructive — consider requiring the caller to have just fetched the record viaget_user/get_enrollmentbefore deleting, so the model is acting on a confirmed ID rather than a guessed one.Add retry/backoff for the eventual-consistency gotcha above if you automate create+enroll flows.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Vijender001223/ALM-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server