Skip to main content
Version: Next

Centralized User Management

As your enterprise's agentic systems scale, managing who can connect to which tools becomes a key part of maintaining governance and consistency. Lunar MCPX Enterprise gives you centralized user management that unifies authentication and access control under one framework.

Centralized user management combines Identity Provider (IdP) integration with role-based access profiles, enabling identity-aware MCP usage across all your agents and tools.

dashboard

Identity-Aware MCP Usage​

MCPX Enterprise integrates directly with your organization’s IdP, allowing every user to authenticate through your existing identity infrastructure. This ensures a consistent authentication flow across all connected MCP servers and tools.

  • Single Sign-On via Your IdP – Use providers like Okta or Azure AD to authenticate users and agents without introducing new credentials.
  • Identity-Aware Operations – Each request within MCPX Enterprise is linked to a verified identity, so you can apply policies and permissions at the user or team level.
  • Standards-Based Integration – Built on OIDC, MCPX Enterprise connects seamlessly to your existing identity systems and aligns with your governance model.

For details on how identity context ties into system visibility and event tracking, see Full Auditability.

Role-Based Access Profiles​

Building on IdP integration, Role-Based Profiles let you define reusable access structures that apply across agents, servers, and tools. Rather than managing permissions per instance, profiles ensure consistent access logic across your organization.

profiles

  • Centralized Policy Definition – Create profiles such as developer, analyst, or admin to define access to specific MCP servers and tools.
  • Reusable and Scalable – Assign profiles to users or teams authenticated through your IdP to standardize permissions.
  • Dynamic Policy Enforcement – When you update a profile, those changes automatically apply to all associated users, ensuring consistent configuration with minimal effort.

Together, IdP integration and Role-Based Profiles give you a single control surface for managing who can connect to what, across every layer of your MCP ecosystem.

How It Works​

  1. Connect your IdP – Configure MCPX Enterprise to authenticate users through your existing provider.
  2. Define profiles – Set up reusable role profiles with access rules for tools and servers.
  3. Assign and enforce – Apply profiles to users or agents authenticated through your IdP.
  4. Monitor usage – View connected identities and profile assignments through the Control Plane.

Benefits​

  • Unified identity and access management across all your MCP tools
  • Simplified onboarding and offboarding through your existing IdP flows
  • Consistent and scalable policy enforcement
  • Reduced configuration drift through centralized role definitions
  • Seamless OAuth support for servers without native integration through hosted STDIO servers