PingOne Advanced Identity Cloud MCP Server

Official

by pingidentity

Overview Schema Related Servers Score Discussions

TypeScript

Hybrid

Get Managed Object Schema

getManagedObjectSchema

Read-only

Retrieve the schema definition for a managed object type in PingOne Advanced Identity Cloud, optionally including full configuration details.

Instructions

Retrieve schema definition for a managed object type in PingOne AIC

Input Schema

TableJSON Schema

Name	Required	Description	Default
`objectType`	Yes	Managed object type (e.g., alpha_user, bravo_user, alpha_role, bravo_role, alpha_group, bravo_group, alpha_organization, bravo_organization). Use listManagedObjects to discover all available types.
`includeFullDefinition`	No	When true, returns the complete managed object definition including script hooks, lifecycle metadata, notifications, and other configuration. Defaults to false for a concise schema-only response.

Implementation Reference

src/tools/managedObjects/getManagedObjectSchema.ts:1-72 (handler)

The complete tool definition for getManagedObjectSchema, including the toolFunction that retrieves managed object schema definitions from PingOne AIC

// src/tools/getManagedObjectSchema.ts
import { z } from 'zod';
import { makeAuthenticatedRequest, createToolResponse } from '../../utils/apiHelpers.js';
import { formatSuccess } from '../../utils/responseHelpers.js';
import { EXAMPLE_TYPES_STRING } from '../../utils/managedObjectHelpers.js';

const aicBaseUrl = process.env.AIC_BASE_URL;

const SCOPES = ['fr:idm:*'];

export const getManagedObjectSchemaTool = {
  name: 'getManagedObjectSchema',
  title: 'Get Managed Object Schema',
  description: 'Retrieve schema definition for a managed object type in PingOne AIC',
  scopes: SCOPES,
  annotations: {
    readOnlyHint: true,
    openWorldHint: true
  },
  inputSchema: {
    objectType: z
      .string()
      .min(1)
      .describe(
        `Managed object type (e.g., ${EXAMPLE_TYPES_STRING}). Use listManagedObjects to discover all available types.`
      ),
    includeFullDefinition: z
      .boolean()
      .default(false)
      .describe(
        'When true, returns the complete managed object definition including script hooks, lifecycle metadata, notifications, and other configuration. Defaults to false for a concise schema-only response.'
      )
  },
  async toolFunction({
    objectType,
    includeFullDefinition = false
  }: {
    objectType: string;
    includeFullDefinition?: boolean;
  }) {
    const url = `https://${aicBaseUrl}/openidm/config/managed`;

    try {
      const { data, response } = await makeAuthenticatedRequest(url, SCOPES);

      const config = data as any;

      // Find the specific managed object by name
      const managedObject = config.objects?.find((obj: any) => obj.name === objectType);

      if (!managedObject) {
        return createToolResponse(
          `Managed object type '${objectType}' not found. Available types: ${config.objects?.map((obj: any) => obj.name).join(', ') || 'none'}`
        );
      }

      if (includeFullDefinition) {
        return createToolResponse(formatSuccess(managedObject, response));
      }

      const schemaInfo = {
        name: managedObject.name,
        required: managedObject.schema?.required || [],
        properties: managedObject.schema?.properties || {}
      };

      return createToolResponse(formatSuccess(schemaInfo, response));
    } catch (error: any) {
      return createToolResponse(`Failed to retrieve managed object schema: ${error.message}`);
    }
  }
};

src/tools/managedObjects/getManagedObjectSchema.ts:20-33 (schema)

Zod input schema defining objectType (required string) and includeFullDefinition (optional boolean, defaults false)

inputSchema: {
  objectType: z
    .string()
    .min(1)
    .describe(
      `Managed object type (e.g., ${EXAMPLE_TYPES_STRING}). Use listManagedObjects to discover all available types.`
    ),
  includeFullDefinition: z
    .boolean()
    .default(false)
    .describe(
      'When true, returns the complete managed object definition including script hooks, lifecycle metadata, notifications, and other configuration. Defaults to false for a concise schema-only response.'
    )
},

src/index.ts:27-43 (registration)

Where all tools are registered via getAllTools() and server.registerTool(). The getManagedObjectSchemaTool is included via managedObjectTools export.

allTools.forEach((tool) => {
  const toolConfig: ToolConfig = {
    title: tool.title,
    description: tool.description
  };

  // Only add inputSchema if it exists (some tools like getLogSources don't have one)
  if ('inputSchema' in tool && tool.inputSchema) {
    toolConfig.inputSchema = tool.inputSchema;
  }

  // Add annotations if present
  if ('annotations' in tool && tool.annotations) {
    toolConfig.annotations = tool.annotations;
  }

  server.registerTool(tool.name, toolConfig, tool.toolFunction as any);

src/utils/managedObjectHelpers.ts:1-31 (helper)

Provides EXAMPLE_TYPES_STRING used in the inputSchema description to list example managed object types

/**
 * Managed object specific helpers.
 *
 * Includes:
 * - Example managed object types for documentation and tool descriptions
 *
 * IMPORTANT: The example types are NOT exhaustive. The MCP server supports ANY
 * managed object type defined in your PingOne AIC environment, including custom types.
 * Use the listManagedObjects tool to discover all available types in your tenant.
 */

/**
 * Example managed object types for use in tool descriptions.
 * These are common types but not exhaustive - any managed object type works.
 */
export const EXAMPLE_MANAGED_OBJECT_TYPES = [
  'alpha_user',
  'bravo_user',
  'alpha_role',
  'bravo_role',
  'alpha_group',
  'bravo_group',
  'alpha_organization',
  'bravo_organization'
];

/**
 * Formatted string of example types for use in tool descriptions.
 */
export const EXAMPLE_TYPES_STRING = EXAMPLE_MANAGED_OBJECT_TYPES.join(', ');

src/utils/apiHelpers.ts:14-58 (helper)

makeAuthenticatedRequest used by the handler to make the HTTP call, and createToolResponse used to format the response

export async function makeAuthenticatedRequest(
  url: string,
  scopes: string[],
  options: RequestInit = {}
): Promise<{ data: unknown; response: Response }> {
  const token = await getAuthService().getToken(scopes);

  const response = await fetch(url, {
    ...options,
    headers: {
      Authorization: `Bearer ${token}`,
      'User-Agent': USER_AGENT,
      // Only add Content-Type header if the request has a body
      ...(options.body && { 'Content-Type': 'application/json' }),
      ...options.headers
    }
  });

  if (!response.ok) {
    const errorBody = await response.text();
    throw new Error(formatError(response, errorBody));
  }

  // Handle empty responses (e.g., 204 No Content or DELETE operations)
  const contentLength = response.headers.get('content-length');
  const data = response.status === 204 || contentLength === '0' ? null : await response.json();

  return { data, response };
}

/**
 * Creates a standardized MCP tool response
 * @param text - The text content to return to the MCP client
 * @returns MCP-formatted response object
 */
export function createToolResponse(text: string) {
  return {
    content: [
      {
        type: 'text' as const,
        text
      }
    ]
  };
}

Tool Definition Quality

B3.4/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true and openWorldHint=true. The description only restates 'Retrieve' and adds no behavioral details such as response structure, data source, or limitations. Minimal value beyond annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Single, concise sentence that clearly states the tool's purpose. No extraneous information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite good annotations and high schema coverage, the description lacks detail about the return format or what the schema definition contains (e.g., fields, types, required attributes). This is a gap for a retrieval tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% and parameter descriptions are self-contained. The description adds no extra meaning beyond what the schema provides, so baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description uses a specific verb ('Retrieve') and resource ('schema definition for a managed object type'), clearly distinguishing it from siblings like getManagedObject (instance) and listManagedObjects (discovery).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description itself lacks usage guidance, but the input schema for objectType advises using listManagedObjects for discovery, providing implicit context. No explicit when/to-use alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/pingidentity/aic-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server