Add IdP integration guides for vMCP (Entra ID and Okta)#810
Open
Add IdP integration guides for vMCP (Entra ID and Okta)#810
Conversation
Teams running VirtualMCPServer on Kubernetes want to use their existing corporate SSO (Entra ID or Okta) instead of maintaining a separate credential store. These guides cover the full setup: configuring the IdP to issue group membership in access tokens, deploying the VirtualMCPServer with the embedded auth server as the broker, and writing Cedar policies that map IdP groups to fine-grained per-tool access control. Three new pages under integrations/: - vmcp-idp-overview.mdx: landing page with prerequisites and IdP picker - vmcp-entra-id.mdx: app registration, API scope exposure, App Roles, user/group assignments, VirtualMCPServer YAML; all portal steps have CLI equivalents in collapsible blocks; uses the roles claim - vmcp-okta.mdx: custom authorization server, OIDC app, groups scope and claim, access policy, VirtualMCPServer YAML; uses the groups claim; documents API Access Management add-on requirement for custom AS Both guides include consistency checklists (group name matching across IdP, claim filter, and Cedar policies), deploy steps with a Kubernetes secret for the client secret, and troubleshooting sections covering the most common configuration mistakes. Also: inbound links from guides-vmcp/authentication.mdx and intro.mdx, nested "Identity provider integration" sub-category in sidebars.ts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
vmcp-idp-overview.mdx) as an IdP picker with prerequisites, linking to the per-IdP guidesCloses #407
Files added
integrations/vmcp-idp-overview.mdx— landing page, prerequisites, IdP pickerintegrations/vmcp-entra-id.mdx— app registration, API scope exposure, App Roles, user/group assignments, VirtualMCPServer YAML; all portal steps have CLI equivalents in collapsible blocks; uses therolesclaimintegrations/vmcp-okta.mdx— custom authorization server, OIDC app, groups scope and claim, access policy, VirtualMCPServer YAML; uses thegroupsclaim; documents API Access Management add-on requirementBoth guides include consistency checklists (group name matching across IdP, claim filter, and Cedar policies), deployment steps, and troubleshooting sections.
Files updated
guides-vmcp/authentication.mdxandguides-vmcp/intro.mdx— inbound links to the new guidessidebars.ts— nested "Identity provider integration" sub-category under IntegrationsTest plan
npm run buildpasses with no new broken anchors🤖 Generated with Claude Code