Overview
AdminUI supports integration with the Model Context Protocol (MCP). This allows AI assistants and coding tools to interact directly with your IdentityServer configuration.
Once connected, you can ask your AI questions like:
- "When did Jon Doe last log in?"
- "Assign the Administrator role to Jon Doe"
- "Which clients are not compliant with FAPI 2.0?"
- "Create a new client with this configuration: ..."
What is MCP?
The Model Context Protocol (MCP) is an open protocol that enables AI applications to connect to external systems and use their functionality through structured tools. By exposing capabilities through MCP, a system can allow AI assistants to perform actions, retrieve information, or automate workflows.
AdminUI exposes its management capabilities through MCP, enabling tools like ChatGPT or Visual Studio Code to interact with your identity system.
AdminUI MCP Tools
The AdminUI's MCP server exposes 61 tools that allow AI assistants to do most of the things you can do from the AdminUI web portal:
- User Management: Manage Users, Roles and Claim types
- IdentityServer Management: Manage Clients, Resources and Scopes
- Audit Queries: Query audit records
MCP Server Configuration
McpOptions
The default MCP server configuration can be overridden in the McpOptions section, which provides the following settings:
TitleThe title displayed to MCP clients (default:AdminUI MCP Server API)RoutePathThe HTTP route path for the MCP endpoint (default:/mcp)ScopeNameThe base name of the MCP Scopes (default:admin_mcp)InstructionsInstructions for AI assistants on how to use this MCP server (you can see the default instructions here)
Configuration Example
We recommend using the default configuration but if you want you can modify it in your appsettings.json:
{
"McpOptions": {
"Title": "AdminUI MCP Server",
"RoutePath": "/mcp",
"ScopeName": "admin_mcp",
"Instructions": "This server contains a list of tools to manage..."
}
}
Endpoint Authentication
Your MCP client can authenticate to the AdminUI MCP server using:
- URL:
https://{your-adminui-domain}/mcp - Transport: HTTP POST message with JSON-RPC 2.0 protocol
- Require Scope: the MCP Access Scope (by default
admin_mcp_access)
Additional scopes are required for specific tool categories (e.g., admin_mcp_users.read, admin_mcp_idp.read, etc.).
Authentication flow
1. Initial Connection
The AdminUI MCP server exposes Protected Resource Metadata to support OAuth authentication. In this metadata, only the Access Scope is advertised (by default admin_mcp_access). As a result, when an OAuth client (MCP client) initiates authentication, it requests only this Access Scope. This scope allows the client to connect to the AdminUI MCP server and retrieve the list of tools available based on the user’s and client’s permissions. However, it does not allow to use any of these tools.
2. Using Tools
When the client later requests access to a specific tool, the user must provide explicit consent. If the client requests another tool that requires a different scope, the user will be prompted for consent again, gradually building up the set of permissions required. This approach enables fine-grained permission control and improves security, particularly in scenarios such as token leakage or misuse.
This behavior aligns with security best practices recommended in the MCP specification.
Recommendations
- Try it with VsCode If you don't have an MCP client you can quickly try AdminUI MCP server in VsCode
- Use capable AI models Higher-quality models (such as Claude Sonnet 4.5) perform better with MCP. Lower-capability models may choose incorrect tools or even ignore MCP features entirely
- Never expose secrets to AI (use the web app instead) Do not use AI to generate or handle sensitive data like client secrets
- Limit the number of enabled tools Avoid enabling too many MCP tools at once. The recommended limit is 100-120 tools (AdminUI provides 61). AI models have limited context capacity. As the number of tools increases, the model may become less accurate in selecting the correct one or may fail to use MCP capabilities altogether.
Upcomming tools
- Elicitation: Secure handling of sensitive inputs (like secrets)
- Dynamic Authentication tools