PingOne Privilege

Configuring MCP Gateways

Model Context Protocol (MCP) offers an open standard to connect artificial intelligence (AI) agents and IDEs to backend services through tools, prompts, and resources. By exposing services over MCP, you make them usable by AI agents.

To protect sensitive admin APIs, you need just-in-time, least-privilege access with full session visibility and control in front of MCP servers. PingOne Privilege acts as an in-line MCP security gateway to meet this need.

You can use PingOne Privilege to:

  • Enforce time-bound privileged access to MCP tools.

  • Insert the credentials that MCP servers need, without exposing them to AI agents directly.

  • Audit and review MCP activity.

  • Apply fine-grained access control at the level of individual tools, prompts, and resources.

Goals

When you complete this tutorial, you’ll know:

  • How to use PingOne Privilege to front MCP servers for AI-driven access.

  • How to deploy and configure the Privilege MCP Gateway and MCP Server applications.

  • How to define policies that control which MCP tools, prompts, and resources are available and under what conditions.

  • How to use Session Logs and Activity Logs to audit MCP access.

What you’ll do

  1. Prepare the MCP Gateway and MCP Server applications:

Preparation

Before getting started, complete the preparation tasks in this section.

Preparation task 1: Environment and access

Ensure that:

  1. You have a PingOne tenant with the PingOne Privilege service added.

  2. You can access the PingOne Privilege admin console as an administrator.

  3. Your network allows:

    • Outbound access from your MCPGW host to PingOne endpoints.

    • Access from your MCP clients to the MCPGW’s Frontend URL.

Preparation task 2: MCP servers and clients

To configure MCP support, ensure:

  1. You have at least one MCP server you want to protect, for example:

    • The PingOne MCP server, which exposes PingOne management APIs and DaVinci flows as MCP tools.

    • Another remote, local, or native MCP server for internal services.

  2. You have one or more MCP clients that your users will run, such as Claude Desktop, Cursor, VS Code Copilot Chat, Zed, or other MCP-compatible IDEs.

  3. For the MCP Gateway, you have:

    • A virtual machine (VM) or host where you can install Docker and run the MCPGW container.

    • A DNS name for the gateway, such as mcpgw.example.com.

Tutorial

After you prepare the environment, follow these tutorial tasks to configure MCP applications with PingOne Privilege.

Tutorial Task 1: Deploy the MCP Gateway (MCPGW)

Deploy the MCP Gateway host and configure it to authenticate users through PingOne and broker access to MCP servers.

Step 1: Prepare directories and environment file

On your MCPGW VM:

  1. Create configuration and SSL directories:

    sudo mkdir -p /var/lib/procyon/config
sudo mkdir -p /var/lib/procyon/ssl

  2. Create /var/lib/procyon/config/pingone.env and add:

    SERVER_URL=https://<mcpgw-dns>:<port>

# PingOne-specific configuration
OIDC_CLIENT_ID=<id>
OIDC_CLIENT_SECRET=<secret>
OIDC_AUTH_URL=https://auth.<pingurl>pingone.com/<env>/as/authorize
OIDC_TOKEN_URL=https://auth.<pingurl>pingone.com/<env>/as/token
OIDC_USER_URL=https://auth.<pingurl>pingone.com/<env>/as/userinfo
OIDC_SCOPES=openid profile email

    Replace <mcpgw-dns> and <port> with the public DNS name and port of your MCPGW. Replace <pingurl> and <env> with your PingOne tenant and environment.

Step 2: Install TLS certificates

  1. Obtain a certificate whose CN/SAN matches *.<mcpgw-dns>.

  2. Copy the certificate and key to:

    • /var/lib/procyon/ssl/mcpgw-cert.pem

    • /var/lib/procyon/ssl/mcpgw-key.pem

Step 3: Register the MCP Gateway in PingOne Privilege

  1. In the PingOne Privilege admin console, go to Cloud > Gateways.

  2. Click Add New. Click Add via Wizard.

  3. Follow the wizard to:

    • Provide the MCPGW host information.

    • Associate it with your PingOne environment.

    • Generate the Docker run command or configuration snippet for the MCPGW container.

  4. On the VM, run the generated Docker command to start MCPGW.

The MCP Gateway is now registered with PingOne Privilege and ready to be attached to the MCP Server applications.

Tutorial task 2: Configure MCP Server applications in PingOne Privilege

This task creates an MCP Server application in PingOne Privilege and attaches to the MCPGW.

Step 1: Create an MCP Server application

  1. In the PingOne Privilege admin console, go to Access Management > Agentic Apps.

  2. Click the Add Application tab.

  3. In the MCP Server tile, click Integrate.

  4. Configure the following fields:

    • Application Name: A name for the application, for example: mcp-pingone-admin.

    • Frontend URL: The URL MCP that clients will use to access the MCPGW, for example: https://<mcpgw-dns>.

    • MCP Server URL: The actual backend MCP server endpoint, including port and path, for example: https://mcp-server-internal:8080/mcp.

    • Headers: Optional custom HTTP headers to send when connecting to the MCP server.

    • Mesh Cluster: Leave this field empty for now. You’ll set it after associating the MCPGW.

  5. Click Create.

Step 2: Attach the MCPGW to the MCP Server application

  1. In the PingOne Privilege admin console, go to Access Management > Agentic Apps.

  2. Select the MCP Server application in the Active Applications tab.

  3. In the Mesh Cluster field, select the one you created in step 1.

  4. Save the configuration.

MCP clients that connect through the Frontend URL are now routed through the MCPGW, which authenticates users through PingOne and enforces PingOne Privilege policies.

Tutorial task 4: Configure policy for MCP tools, prompts, and resources

This task configures fine-grained access control for the MCP Server application.

Step 1: Open the MCP policy configuration

  1. In the PingOne Privilege admin console, go to Access Management > Agentic Apps.

  2. Select the MCP Server application.

  3. Go to the Access Control / Policy configuration for that application.

You should see UI controls that allow you to select specific tools, prompts, and resources from the MCP server’s capabilities.

Step 2: Select allowed tools, prompts, and resources

  1. In the PingOne Privilege admin console, go to Access Management > Agentic Apps.

  2. Select the MCP Server application.

  3. Go to the Access Control / Policy configuration for that application.

  4. Use the Tool selector to choose which tools should be available.

    Use the search with available RegEx support to quickly select groups or tools.

  5. (Optional) Enable particular prompts for guided flows.

  6. (Optional) Restrict resources by pattern, for example, by index names or environment tags.

Step 3: Bind policies to identities and approvals

  1. Configure which users or groups from PingOne can access the MCP Server application as well as specific tools, prompts, and resources.

  2. Define approval requirements, such as:

    • Just-in-time approvals for high-risk tools.

    • Multi-level approvals for production-critical actions.

  3. Configure time-bound access:

    • How long after approval the user can call the selected tools.

    • When access must be requested again.

  4. Save the policy.

MCP access now follows the standard PingOne Privilege approval request flow for that application. Additionally, only permitted tools are visible and callable from MCP clients.

Validation

This task verifies that MCP clients are using the MCPGW and that traffic is audited.

Validation Step 1: Connect an MCP client through the Frontend URL

  1. In a supported MCP client (such as Claude Desktop, Cursor, or a command-line interface (CLI)-based MCP inspector), configure an MCP server entry that points to the MCP Server application’s Frontend URL.

  2. Initiate a connection or call a tool.

  3. On first use in a session, the user is redirected through an OAuth 2.1 or OIDC flow with PingOne or another flow depending on your setup.

  4. After authentication and policy checks:

    • Only authorized tools appear in the MCP client.

    • Tool invocations are routed through the MCPGW to the backend MCP server.

Validation step 2: Review MCP Session logs

  1. In the PingOne Privilege admin console, go to Activity > Session Logs.

  2. Verify that:

    • Sessions list the user, device, service, and a resource type of MCP.

    • You can mark sessions as audited after review.

Validation step 3: Review MCP Activity logs

  1. In the PingOne Privilege admin console, go to Activity > Activity Logs.

  2. Filter by:

    • The MCP Server application.

    • The user who ran the test.

  3. Inspect individual events:

    • Confirm that you see the tool name, any arguments, and progress tokens.

    • Use the Event Information and Resources views to see more context about what was accessed.

  4. Confirm that logs match the behavior you saw in the MCP client.