Skip to main content
Version: 1.1.x

Centralized User Management

Lunar.dev MCPX Enterprise provides centralized user, authentication, and access management for enterprise AI and agentic environments. Through a unified governance framework, organizations control who has access to which MCP servers, tools, integrations, and resources while maintaining visibility and compliance as systems scale.

MCPX combines Identity Provider (IdP) integration with role-based access profiles, so you can plug MCPX into your existing security models and identity workflows without rebuilding them.

Centralized user management dashboard

Identity-Aware MCP Usage

  • Supported identity providers. Bring your own identity provider. MCPX Enterprise supports major identity providers including Okta, Microsoft Entra (formerly Azure AD), Google Workspace, JumpCloud, Keycloak, and more. Integration aligns with your existing cloud architecture, security requirements, and organizational access policies.
  • Identity-aware access control. Every request flowing through MCPX Enterprise carries verified identity context. Access policies and permissions can be enforced at the user, group, role, or agent level, enabling granular governance beyond static API keys or shared credentials.

For how identity context ties into system visibility and event tracking, see Full Auditability.

Role-Based Access Profiles

Role-Based Profiles define reusable access structures that apply across users, agents, servers, and tools.

Role-based access profiles

  • Centralized policy definition. Create reusable access profiles, such as developer, analyst, or admin, to define exactly which MCP servers and tools each role can access.
  • Scalable assignment. Assign profiles to individual users or entire groups, while authentication and authorization continue to be enforced through your existing RBAC policies and IdP definitions.
  • Dynamic policy enforcement. Any update to a profile is automatically propagated to all associated users and groups.

Together, IdP integration and Role-Based Profiles give you a single control surface for managing who can connect to what, across every layer of your MCP ecosystem.

How It Works

  1. Connect your IdP. Configure MCPX Enterprise to authenticate users through your existing provider.
  2. Define profiles. Set up reusable role profiles with access rules for tools and servers.
  3. Assign and enforce. Apply profiles to users or agents authenticated through your IdP.
  4. Monitor usage. View connected identities and profile assignments through the Control Plane.

Benefits

  • Unified identity and access management. Centrally manage authentication, permissions, and access policies across all MCP servers, tools, agents, and integrations.
  • Simplified onboarding and offboarding. Leverage your existing Identity Provider workflows to automatically provision, update, and revoke access without additional operational overhead.
  • Consistent and scalable policy enforcement. Apply organization-wide access controls and governance policies consistently across every connected MCP environment.
  • Reduced configuration drift. Maintain centralized role and access definitions to minimize inconsistencies between teams, environments, and deployed MCP servers.
  • Extended OAuth compatibility. Enable OAuth-based authentication flows even for MCP servers without native OAuth support, through hosted STDIO server integrations.