Zitadel MCP
Zitadel MCP Server
An MCP (Model Context Protocol) server for Zitadel identity management. Manage users, projects, applications, roles, and service accounts through natural language from AI tools like Claude Code.
"Provision jane@example.com as an Admin." — One tool call: creates the user, assigns the
adminproject role (v2 authorization), and grantsORG_USER_MANAGERso she can manage other users — no Super Admin required.
Tools (33)
Category | Tool | Description |
Users |
| List/search users |
| Get user details | |
| Create user (sends invite email; optional client-supplied | |
| Deactivate user | |
| Reactivate user | |
| Lock user | |
| Unlock user | |
| Permanently delete user | |
Projects |
| List projects |
| Get project details | |
| Create project | |
Applications |
| List apps in a project |
| Get app details + Client ID | |
| Create OIDC application | |
| Update app (redirect URIs, etc.) | |
Roles |
| List roles in a project |
| Create a role (standardized: | |
| List user's role grants | |
| Assign project roles (v2 authorization; flags off-vocabulary drift) | |
| Remove role grant | |
Org Managers |
| List supported manager roles (ORG_OWNER, ORG_USER_MANAGER, …) |
| List who holds manager grants (filter by role) | |
| Grant manager role(s) (default | |
| Revoke manager role(s); guards the last | |
Provisioning |
| Atomic + idempotent: create user + assign |
| Remove role + revoke manager + deactivate; guards last-Admin & self-demotion | |
Service Accounts |
| Create machine user |
| Generate key pair | |
| List keys (metadata only) | |
Organizations |
| Get current org details |
Utility |
| Get .env.local template for an app |
Portal |
| Register app in portal DB |
| One-click: Zitadel + portal setup |
Portal tools (portal_*) are only available when PORTAL_DATABASE_URL is configured.
Two-role model & no-super-admin (Renewal Initiatives SSO)
The provisioning tools implement a standardized RBAC model for the core apps:
Two project (business) roles only:
adminandstandard— these land in the OIDC token and gate what a user can do in the apps. The provisioning tools refuse any other key to prevent drift.No Super Admin: every Admin also receives an org-level
ORG_USER_MANAGERgrant (a manager role — administers Zitadel itself, not in the token), so any Admin can create/manage any user, including other Admins. Keep ≥2ORG_OWNERbreak-glass accounts for org configuration.Role assignment prefers the v2
AuthorizationService(POST /v2/authorizations) and automatically falls back to v1 user-grants if that endpoint is unavailable on the instance (some Zitadel Cloud versions return 404). Org-manager grants use the Management v1 org-member API.
Related MCP server: Remote MCP AuthKit
Prerequisites
A Zitadel instance (Cloud or self-hosted)
A service account with Org Owner or IAM Admin role
A JSON key for the service account
Creating a Service Account
In the Zitadel Console, go to Users > Service Users > New
Give it a name (e.g.,
mcp-admin) and select Bearer token typeGo to the service user's Keys tab > New > JSON
Save the downloaded key file — you'll need the
userId,keyId, and base64-encodedkeyGrant the service account the Org Owner role under Organization > Authorizations
Setup
git clone https://github.com/takleb3rry/zitadel-mcp.git
cd zitadel-mcp
npm install
npm run buildConfiguration
Add the server to your MCP client config. The JSON block below works for both options:
Global (all projects):
~/.claude.jsonunder the"mcpServers"keyPer-project:
.mcp.jsonin the project root
{
"mcpServers": {
"zitadel": {
"command": "node",
"args": ["/path/to/zitadel-mcp/build/index.js"],
"env": {
"ZITADEL_ISSUER": "https://your-instance.zitadel.cloud",
"ZITADEL_SERVICE_ACCOUNT_USER_ID": "...",
"ZITADEL_SERVICE_ACCOUNT_KEY_ID": "...",
"ZITADEL_SERVICE_ACCOUNT_PRIVATE_KEY": "...",
"ZITADEL_ORG_ID": "...",
"ZITADEL_PROJECT_ID": "..."
}
}
}
}Restart Claude Code after adding the config. The Zitadel tools will appear automatically.
Environment Variables
Variable | Required | Description |
| Yes | Zitadel instance URL |
| Yes | Service account user ID |
| Yes | Key ID from the JSON key file |
| Yes | Base64-encoded RSA private key (the |
| Yes | Organization ID |
| No | Default project ID for role operations |
| No | Postgres connection string (enables portal tools) |
| No |
|
Security
This server has admin-level access to your Zitadel instance. Understand what that means before using it:
The service account needs org-level management rights. Empirically (Zitadel Cloud, verified 2026-06):
ORG_USER_MANAGERis enough to create users and assign existing project roles, butORG_OWNERis required to create project roles, manage org-manager grants (the no-super-admin pattern), and manage applications. For the full provisioning workload, give the service accountORG_OWNER; human Admins can stay atORG_USER_MANAGER. Keep the key in a gitignored.env(not a shared dotfile) and useZITADEL_READ_ONLY=truefor non-mutating sessions.When you create an OIDC app (
zitadel_create_oidc_app), the client secret is returned in the tool response. It is only available at creation time. The AI assistant (and its conversation history) will see it — save it immediately and treat it as sensitive.When you generate a service account key (
zitadel_create_service_user_key), the full private key is returned in the tool response. Same caveat: save it, and be aware it's visible in your MCP client's conversation.All tool arguments containing PII (email, name, URLs) are redacted from debug logs. IDs and tool names are still logged.
All Zitadel IDs are validated against an alphanumeric format before being used in API paths.
Note for new users: I've scanned all source files in this repo and found nothing notable, but I always recommend you have your own AI or tooling audit the code before installing any MCP server that gets access to your infrastructure. The full source is ~800 lines of TypeScript — a quick review shouldn't take long.
Development
npm run dev # Run with tsx (hot reload)
npm run build # Compile TypeScript
npm start # Run compiled version
npm test # Run testsLicense
MIT
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/takleb3rry/zitadel-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server