.png?fit=max&auto=format&n=gKqTvJPtsRi2bLNx&q=85&s=8abbce3efb590630de2102c43d32aadf)
.png?fit=max&auto=format&n=Dy9YsIECUbR9JZiT&q=85&s=a1f404cd7f7aeb1727c89d81137ae1ac)
An app or agent is any AI client that connects to an MCP Manager gateway — an interactive app such as Claude, ChatGPT, or Cursor, or a headless agent your team builds. In MCP Manager, each connecting client is tracked as a host, so you can see what is connected to your gateways, control which clients are allowed, and attribute every request in your logs to the app or agent that made it.Documentation Index
Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
Use this file to discover all available pages before exploring further.
The Apps & Agents area and its controls are gated by capabilities — for example Create and manage API tokens (for token-based agents) and Disable and enable hosts. If you don’t see the area or a control, your role doesn’t have the relevant capability. See the capabilities reference.
How apps and agents appear
A client connects to a gateway in one of two ways, and that determines whether it shows up on its own or you set it up ahead of time:- Headed apps (OAuth). Interactive clients connect through an OAuth flow and appear automatically the first time a user connects one to a gateway — there is nothing to register in advance. The connecting user’s identity rides in their OAuth token.
- Headless agents (token-based). An agent with no human at a browser connects with an API token instead. You create a token-based host to represent the agent and generate credentials to insert into it. This path — and how an agent passes each end user’s identity through to downstream servers — is covered in Agents that Pass Identities to MCP Manager.
Connecting an app or agent to a gateway
A host reaches MCP servers only through a gateway, which is provisioned to the teams that should use it. When an app or agent connects, the gateway authenticates it, applies your rules, and brokers the right identity to each upstream server — so the same governance applies no matter which client is calling. A given host can hold connections to more than one gateway.Controlling which apps and agents are allowed
An administrator can disable any app or agent to block its access immediately. This is how you standardize on some clients and not others — for example, allowing Claude across the organization while blocking ChatGPT — or cut off a specific agent. When a host is disabled, any request using its credentials is rejected before it reaches a server, and access resumes the moment it is re-enabled (no credentials are deleted). Disabling and enabling hosts is gated by the Disable and enable hosts capability.Seeing what an app or agent did
Because every request flows through the gateway, each one is logged against the app or agent that made it and the user it acted as. Use Viewing Logs to review activity by host, gateway, connection, or user — the audit trail of what each app and agent did, with which tool.Further reading
Architecture & Trust
How the gateway is secured as the control point in the path of every call.
MCP Gateways
The single governed URL that apps and agents connect to.
Agents Passing Identities
The advanced path for headless agents and token-based hosts.
Viewing Logs
Review what each app and agent did, attributed to the real user.
Capabilities
The host capabilities that gate creating and disabling apps and agents.