# MCP Manager > MCP Manager by Usercentrics is the governance and security layer for Model Context Protocol — connect, control, and monitor MCP servers and gateways across your organization. ## Docs - [Agents that Pass Identities to MCP Manager](https://docs.mcpmanager.ai/advanced/agents-passing-identities.md): How to whitelist a headless agent for use with Claude and proxy credentials at the calling-user level through MCP Manager: create one token-based host for the agent, let each end user enroll and bring their own identity to mint a per-user access token, and have the agent map each user to their token… - [Building a Custom Rule Engine](https://docs.mcpmanager.ai/advanced/building-a-custom-rule-engine.md): The developer reference for building a custom rule-engine webhook for MCP Manager: the request envelope, the pass/block/modify/error response shapes, modifiedPayload.body validation, the 30-second timeout, retries, the 16 MiB cap, and a complete Express example. - [Building vs. Buying an MCP Gateway](https://docs.mcpmanager.ai/advanced/building-vs-buying.md): An honest look at building an MCP gateway in-house versus adopting one: why the proxy is the easy 5% and identity brokering, per-upstream OAuth, inline inspection, audit, and a constantly moving spec are where the real cost lives — the same reason teams don't build their own identity provider — plus… - [Frequently Asked Questions](https://docs.mcpmanager.ai/advanced/faq.md): Answers to common MCP Manager questions: restricting a data source to specific tables, projects, channels, or folders; scoping who can use a single server such as Salesforce; whether a user can hold multiple roles and teams; applying different rules or tools to different groups by using separate gat… - [Access Control](https://docs.mcpmanager.ai/deployment/access-control.md): How access control works in MCP Manager: roles grant capabilities (what you can do), teams grant gateways (which you can reach), and a user's access is the intersection of the two — why each user has exactly one role but can belong to many teams, plus the per-server identity and feature-provisioning… - [Enterprise Strategy & Lockdown](https://docs.mcpmanager.ai/deployment/enterprise-strategy-and-lockdown.md): Where MCP Manager fits in an enterprise AI control stack and the levers admins use to lock it down: funneling all MCP usage through the gateway with client-side connector allowlists, MDM/EDR, and static egress IPs; what MCP Manager governs versus what the endpoint layer controls on the device; the i… - [Gateway Deployment Strategies](https://docs.mcpmanager.ai/deployment/gateway-deployment-strategies.md): How to choose a gateway topology in MCP Manager: the building blocks (servers, gateways, teams, roles), the picker versus locked connection URLs, and four strategies — one organization-wide gateway, one per team, one per server, and one per use case — with when each fits and the trade-offs. - [Hosting & Data Residency](https://docs.mcpmanager.ai/deployment/hosting-and-data-residency.md): Where MCP Manager is hosted — Google Cloud Platform in the United States — whether a self-hosted or on-premise version exists and why the hosted model usually fits, what you keep in your own environment (your servers, an EU copy of your logs, redaction before logging, static egress IPs), and the sta… - [Capabilities](https://docs.mcpmanager.ai/deployment/rbac-and-roles/capabilities.md): The complete reference of MCP Manager capabilities — every permission you can grant to a role, grouped by area (Identities, Servers, Gateways, Hosts, People, Workspace settings, Logging, Alerting, Reporting, Integrations) — and exactly what each one allows. - [Roles](https://docs.mcpmanager.ai/deployment/rbac-and-roles/overview.md): How roles and capabilities govern what users can do in MCP Manager: the three built-in roles, creating and duplicating custom roles, how a role is assigned at invite and through SSO, and how roles combine with teams to control access. - [Teams](https://docs.mcpmanager.ai/deployment/teams.md): How teams in MCP Manager grant users access to gateways: provisioning a gateway to a team, team membership, disabling and deleting teams, how access resolves across multiple teams, and how teams combine with roles. - [Export to SIEM](https://docs.mcpmanager.ai/enterprise/export-to-siem.md): How MCP Manager forwards structured MCP request logs to any OpenTelemetry (OTLP/HTTP) collector or SIEM — what gets sent, how to set the collector URL and request headers, how to verify delivery, and how to troubleshoot export failures. - [Datadog](https://docs.mcpmanager.ai/enterprise/export-to-siem/datadog.md): How to forward MCP Manager logs to Datadog over OpenTelemetry: the per-site OTLP logs endpoint, the dd-api-key header, and the JSON-vs-protobuf caveat to verify before relying on it. - [Grafana Cloud](https://docs.mcpmanager.ai/enterprise/export-to-siem/grafana-cloud.md): How to forward MCP Manager logs to Grafana Cloud over OpenTelemetry: the /otlp/v1/logs gateway URL, building the instanceID:token Basic auth header, the logs:write access-policy token, and querying logs in Loki with LogQL. - [Honeycomb](https://docs.mcpmanager.ai/enterprise/export-to-siem/honeycomb.md): How to forward MCP Manager logs to Honeycomb over OpenTelemetry: the US and EU endpoints, the x-honeycomb-team ingest key, and how dataset routing works via x-honeycomb-dataset or service.name. - [New Relic](https://docs.mcpmanager.ai/enterprise/export-to-siem/new-relic.md): How to forward MCP Manager logs to New Relic over OpenTelemetry: generating a License (ingest) key, choosing the regional OTLP endpoint, configuring the api-key request header, and verifying logs with NRQL. - [Self-hosted OpenTelemetry Collector](https://docs.mcpmanager.ai/enterprise/export-to-siem/self-hosted-collector.md): How to forward MCP Manager logs to a self-hosted OpenTelemetry Collector: the OTLP/HTTP receiver on port 4318, the /v1/logs path, adding authentication with collector auth extensions, and using the collector as a universal fallback to any backend. - [Splunk Observability Cloud](https://docs.mcpmanager.ai/enterprise/export-to-siem/splunk-observability-cloud.md): Why MCP Manager cannot forward logs directly to Splunk Observability Cloud — it has no OTLP logs intake — and how to deliver logs instead using a self-hosted OpenTelemetry Collector that translates OTLP to Splunk HEC. - [Programmatic Access](https://docs.mcpmanager.ai/enterprise/programmatic-access.md): Whether you can create and manage MCP Manager gateways, connections, and identities programmatically: a control-plane API, CLI, and MCP-based provisioning are in active development with design partners, and how that differs from the token-based agent connection and per-user identity passing that shi… - [SCIM Provisioning](https://docs.mcpmanager.ai/enterprise/scim.md): How MCP Manager acts as a SCIM 2.0 service provider so your IdP automatically creates, updates, and deactivates users and syncs IdP groups to MCP Manager teams: the base URL and bearer token, configuring Okta or Entra ID, mapping groups to teams, the user lifecycle, and supported SCIM operations. - [Single Sign-On (SSO)](https://docs.mcpmanager.ai/enterprise/sso.md): How MCP Manager brokers enterprise single sign-on through Auth0: how IdP federation and email-domain routing work, what you provide to connect Okta or Entra ID, the direct-login IdP dashboard tile, the end-user sign-in experience, just-in-time provisioning, and keeping a break-glass account. - [Supported Identity Providers](https://docs.mcpmanager.ai/enterprise/supported-identity-providers.md): The identity providers MCP Manager works with for enterprise SSO and SCIM provisioning, in one searchable table. Because sign-in is standards-based OpenID Connect (OIDC) federated through Auth0 and provisioning is SCIM 2.0 (RFC 7643 and RFC 7644), any conformant IdP works — Okta, Microsoft Entra ID,… - [Alerts](https://docs.mcpmanager.ai/features/alerts.md): What the MCP Manager Alerts page surfaces — the error, warning, and info events it raises, what triggers each one, what an alert record contains, and how alerts differ from logs and reporting. - [Amazon Bedrock](https://docs.mcpmanager.ai/features/amazon-bedrock.md): What AWS Bedrock Guardrails is and how to connect one to MCP Manager as a custom rule engine: the guardrail policy types, the model-agnostic ApplyGuardrail API integration, the ARN/version/Authorization setup, and the tier, pricing, and logging details to plan for. - [API Tokens & Headless Agents](https://docs.mcpmanager.ai/features/api-tokens-and-headless-agents.md): How headless agents connect to MCP Manager with API access tokens: how token-based hosts differ from headed OAuth apps, creating a token-based host and generating, copying, and revoking an API access token scoped to a gateway connection, managing connections, and the break-glass toggles that disable… - [Connection Experience](https://docs.mcpmanager.ai/features/connection-experience.md): What an end user experiences when connecting a gateway in MCP Manager: adding the gateway URL in a client like Claude, the tab that opens back to MCP Manager to authorize, how only apps administrators allow can connect, how the flow guides you server by server so you end fully connected, how identit… - [Feature Provisioning](https://docs.mcpmanager.ai/features/feature-provisioning.md): How to provision which MCP features a gateway exposes in MCP Manager: for each server, choose to allow all, allow only selected, or block all tools (and the same for resources and prompts), preview a server's live tools using an identity, and pin a tool by its name, title, or description so unreview… - [Custom Rule Engines](https://docs.mcpmanager.ai/features/gateway-rules/custom-rules-engines.md): How to add and manage custom rule engines in MCP Manager: the Rule Engines section, provider choices, endpoint/method/header configuration, HTTPS-only and private-IP rejection, header forwarding, IP allowlisting, testing, and deletion rules. - [Gateway Rules Overview](https://docs.mcpmanager.ai/features/gateway-rules/overview.md): How gateway rules work in MCP Manager: the per-gateway Rules tab, the detection methods (regex, Microsoft Presidio, custom engines), detection hooks, failure modes, actions, alerts, rule ordering, and how rule activity appears in logs. - [Microsoft Presidio](https://docs.mcpmanager.ai/features/gateway-rules/presidio.md): How the Microsoft Presidio detection method finds and anonymizes PII in MCP Manager: the analyzer/anonymizer two-pass engine MCP Manager runs for you as a managed add-on, the selectable entity types, the 0.2 default confidence threshold, why it is less reliable for names in free-form text, the Allow… - [Regex](https://docs.mcpmanager.ai/features/gateway-rules/regex.md): How regular-expression gateway rules work in MCP Manager: JavaScript regex syntax with case-insensitive global matching, multiple OR patterns, the five actions (block, redact, replace, mask, hash), and ready-to-use patterns for prompt injection, SSNs, credit cards, and secrets. - [Identity Controls](https://docs.mcpmanager.ai/features/identity-controls.md): The per-server identity choice in MCP Manager: for each server on a gateway, an administrator decides whether every user connects with their own identity (bring your own identity) or everyone shares one service account — and what each choice looks like for the end user connecting the gateway, includ… - [Lakera Guard](https://docs.mcpmanager.ai/features/lakera-guard.md): What Lakera Guard is and how to connect it to MCP Manager as a custom rule engine: its threat-intelligence-driven detection of prompt injection, jailbreaks, PII, and toxic content, the gateway-level fit, the fixed /v2/guard setup, and the availability and pricing details to know. - [Features](https://docs.mcpmanager.ai/features/overview.md): A complete index of MCP Manager capabilities — gateways and server types, identity and OAuth, tool and feature provisioning, threat prevention, DLP filtering, platform security, observability, alerts, and team administration. - [PII Filtering](https://docs.mcpmanager.ai/features/pii-filtering.md): The role MCP Manager plays in keeping customer PII out of AI: why teams won't connect their most valuable MCP servers until PII is controlled, how the gateway filters PII inline before it reaches the model or an external tool, how detection and actions work at a high level (with links to the rule en… - [Reporting](https://docs.mcpmanager.ai/features/reporting.md): What the MCP Manager Reporting page shows — the Reports and Usage dashboards, every chart and KPI tile, the fixed 31-day window, and how the charts are derived live from MCP log data. - [Viewing Logs](https://docs.mcpmanager.ai/features/viewing-logs.md): Where to find MCP request logs in MCP Manager, what every log column and log type means, how the four-entry correlation model works, where to view logs scoped to a server, gateway, connection, or app, and how to export them. - [Introduction](https://docs.mcpmanager.ai/get-started/introduction.md): What MCP Manager is and the problem it solves: the Model Context Protocol connects AI to your tools but ships without enterprise controls, so MCP Manager puts one governed gateway between your AI clients and your MCP servers — adding identity, governance, runtime protection, and logging. Includes a… - [Use these docs with your AI agent](https://docs.mcpmanager.ai/get-started/use-docs-with-ai.md): How MCP Manager publishes its documentation for AI agents — a hosted docs MCP server, an agent skill (skill.md), llms.txt, and per-page Markdown — so your developers' coding agents can self-serve accurate, always-current answers about the platform, and how to register the docs MCP server behind your… - [Apps & Agents](https://docs.mcpmanager.ai/mcp-gateway-concepts/apps-and-agents.md): What apps and agents are in MCP Manager: the AI clients that connect to a gateway, how headed OAuth apps appear automatically while headless agents use token-based credentials, and how administrators disable a specific app or agent to control access. - [Architecture & Trust](https://docs.mcpmanager.ai/mcp-gateway-concepts/architecture-and-trust.md): How the MCP Manager gateway is secured as the control point in the path of every call: why it terminates and re-originates connections by design, encryption in transit and at rest (AES-256-GCM credential vault, key rotation), what it stores and what it never stores, network isolation and static egre… - [MCP Gateways](https://docs.mcpmanager.ai/mcp-gateway-concepts/mcp-gateways.md): What an MCP gateway is in MCP Manager: one governed URL that aggregates many upstream MCP servers, applies authentication, authorization, and rules to every request and response in the path, and logs everything — plus how clients and upstreams authenticate separately and how the same server can be a… - [Managed MCP Servers](https://docs.mcpmanager.ai/mcp-gateway-concepts/mcp-servers/managed.md): What managed MCP servers are — MCP servers you launch in your own infrastructure using a command MCP Manager generates, so MCP Manager can connect to them securely — when to choose Managed over Remote, the Managed-Dedicated and Managed-Shared patterns, the guided setup, locking the server to MCP Man… - [MCP Servers Overview](https://docs.mcpmanager.ai/mcp-gateway-concepts/mcp-servers/overview.md): What MCP servers are and the three ways MCP Manager connects to them — Remote, Managed, and Workstation — with use cases, trade-offs, and how identities control access across all three. - [Remote MCP Servers](https://docs.mcpmanager.ai/mcp-gateway-concepts/mcp-servers/remote.md): What remote MCP servers are and how MCP Manager connects to them over HTTPS — whether a SaaS vendor's endpoint or your own self-hosted server — the three authentication methods (standard OAuth with dynamic client registration, OAuth with client pre-registration, and custom-header tokens), how to cho… - [Workstation MCP Servers](https://docs.mcpmanager.ai/mcp-gateway-concepts/mcp-servers/workstation.md): What workstation MCP servers are — MCP servers that run on a local machine and connect to MCP Manager through an encrypted tunnel so they're never exposed to the internet — including why to use them, how the tunnel and local router work, the TUI setup experience, and the governance benefits. - [Audit & Observability](https://docs.mcpmanager.ai/security/audit-and-observability.md): Why the MCP Manager gateway is the only place an organization can get a complete MCP audit trail, what every call records (full request and response, identity attribution, latency, token estimate, and the four-leg correlation model), how attribution and non-repudiation work, how logging stays non-bl… - [Authentication & Identity](https://docs.mcpmanager.ai/security/authentication-and-identity.md): How MCP Manager authenticates callers and brokers identity to downstream MCP servers: the two-authentications model, per-user versus shared identity schemes, the three server authentication methods (standard OAuth with dynamic client registration, OAuth pre-registration, and token headers), AES-256-… - [Feature Governance](https://docs.mcpmanager.ai/security/feature-governance.md): How MCP Manager applies least privilege to MCP capabilities: provisioning tools, resources, and prompts with an allow-all, allow-selected, or block-all scheme; pinning a capability by matching its name, title, and description so a changed description stops passing the gateway (a defense against tool… - [Security Overview](https://docs.mcpmanager.ai/security/overview.md): A short glossary of the key MCP security threats — prompt injection, tool poisoning, rug pulls, server spoofing, token theft, over-privileged access, data leakage, shadow MCP, and missing authentication — with a one-line definition of each and a link to the MCP Manager capability that addresses it. - [Runtime Protections](https://docs.mcpmanager.ai/security/runtime-protections.md): How MCP Manager inspects and acts on live MCP traffic: gateway rules that scan tool calls and results on the request and response legs, defenses against direct and indirect (second-order) prompt injection, the detection methods and actions for data-loss prevention, fail-open versus fail-closed behav… - [Connect your AI client to a gateway](https://docs.mcpmanager.ai/tutorials/connect-your-ai-client.md): A 5-minute walkthrough for end users: paste your MCP Manager gateway URL into Claude, Claude Code, Cursor, or VS Code, authorize in the browser, pick your gateway, and start using its tools. - [Add your first gateway rule](https://docs.mcpmanager.ai/tutorials/first-gateway-rule.md): A hands-on MCP Manager lesson: add a gateway rule that detects sensitive data in tool traffic, run it in a non-blocking alert configuration, trigger it with a test call, and see the alert and rule activity in your logs. - [Quickstart: Your first governed tool call](https://docs.mcpmanager.ai/tutorials/first-tool-call.md): A hands-on MCP Manager quickstart: add the public docs MCP server with no authentication, put it behind a gateway, connect Claude, call a tool, and watch the request appear in your audit log — end to end in about 15 minutes. - [Run a headless agent with an API token](https://docs.mcpmanager.ai/tutorials/headless-agent.md): A hands-on MCP Manager lesson for developers: create a token-based host in Apps & Agents, generate an API access token scoped to a gateway, call a tool over HTTP with an Authorization: Bearer token, and confirm the call is attributed and logged. - [Tutorials](https://docs.mcpmanager.ai/tutorials/overview.md): Hands-on, guaranteed-to-work lessons for MCP Manager: connect your first MCP server and call a tool, connect an AI client to a gateway, build a team gateway, add your first gateway rule, trace a tool call in the logs, and run a headless agent with an API token. - [Build a team gateway and invite a teammate](https://docs.mcpmanager.ai/tutorials/team-gateway.md): A hands-on lesson in MCP Manager's access model: create a team, build a gateway for it, provision a server with a trimmed tool allowlist, invite a teammate, and confirm they see only that gateway. - [Trace a tool call in your logs](https://docs.mcpmanager.ai/tutorials/trace-in-logs.md): A hands-on MCP Manager lesson in observability: follow the four correlated entries of one tool call, open a log entry to read its body and headers, and answer who did what, when, and through which tool.