authentik-mcp

authentik-mcp

Authentik MCP provides seamless integration with Authentik's API, supporting both full-featured and diagnostic modes. These enable secure, automated user, group, and system management through MCP-compatible tools.

Category
Visit Server

README

Authentik MCP Servers

A collection of Model Context Protocol (MCP) servers for Authentik API integration, available in both Python and Node.js implementations.

Overview

This repository contains four MCP servers for integrating with Authentik:

Full-Featured Servers

  • authentik-mcp (Python) - Complete Authentik API integration with full CRUD capabilities
  • authentik-mcp (Node.js) - TypeScript implementation with complete API access

Diagnostic-Only Servers

  • authentik-diag-mcp (Python) - Read-only diagnostic and monitoring capabilities
  • authentik-diag-mcp (Node.js) - TypeScript implementation for diagnostics and monitoring

MCP Integration & Usage

This repository is designed for seamless integration with the Model Context Protocol (MCP) ecosystem. These servers are intended to be run and managed by MCP-compatible tools (such as VS Code extensions, automation platforms, or orchestration systems) rather than directly via the command line.

How to Use with MCP

  1. Install the desired package(s):
    • For full API access: authentik-mcp
    • For diagnostics/monitoring: authentik-diag-mcp
  2. Configure your MCP tool or platform to point to the installed server binary (e.g., authentik-mcp or authentik-diag-mcp) and provide the required Authentik API token and base URL as arguments or environment variables.
  3. Do not run these servers directly via CLI. Instead, let your MCP-compatible tool manage their lifecycle and communication.
  4. Interact with Authentik through the MCP tool interface, which will expose all available resources and tools for automation, monitoring, and diagnostics.

Example: VS Code Github Copilot MCP Extension

GitHub Copilot Workspace (settings.json) – Python (uvx):

"mcp": {
  "servers": {
    "authentik": {
      "command": "uvx",
      "args": [
        "authentik-diag-mcp",
        "--base-url", "https://your-authentik-instance",
        "--token", "your-api-token"
      ]
    }
  }
}

GitHub Copilot Workspace (settings.json) – Node.js (npx):

"mcp": {
  "servers": {
    "authentik": {
      "command": "npx",
      "args": [
        "@cdmx/authentik-diag-mcp",
        "--base-url", "https://your-authentik-instance",
        "--token", "your-api-token"
      ]
    }
  }
}

Claude Desktop (claude_desktop_config.json) – Python (uvx):

{
  "mcpServers": {
    "authentik": {
      "command": "uvx",
      "args": [
        "authentik-diag-mcp",
        "--base-url",
        "https://your-authentik-instance",
        "--token",
        "your-api-token"
      ]
    }
  }
}

Claude Desktop (claude_desktop_config.json) – Node.js (npx):

{
  "mcpServers": {
    "authentik": {
      "command": "npx",
      "args": [
        "@cdmx/authentik-diag-mcp",
        "--base-url",
        "https://your-authentik-instance",
        "--token",
        "your-api-token"
      ]
    }
  }
}

Quick Start

Python Packages

Note: These packages are not intended for direct CLI use. Integrate them with your MCP-compatible tool or platform as described above.

Node.js Packages

Note: These packages are not intended for direct CLI use. Integrate them with your MCP-compatible tool or platform as described above.

Full API Access

Managed by your MCP tool. No direct CLI usage required.

Diagnostic Only

Managed by your MCP tool. No direct CLI usage required.

Features Comparison

Feature Full MCP Diagnostic MCP
User Management (CRUD) ❌ (Read-only)
Group Management (CRUD) ❌ (Read-only)
Application Management (CRUD) ❌ (Read-only)
Event Monitoring
User Information ✅ (Read-only)
Group Information ✅ (Read-only)
Application Status ✅ (Read-only)
Flow Management ✅ (Read-only)
Provider Management ✅ (Read-only)
Token Management
System Health Monitoring
Audit Trail Analysis

API Token Setup

For Full Access (authentik-mcp)

  1. Log in to Authentik as an administrator
  2. Navigate to Directory > Tokens
  3. Create a new token with full API permissions
  4. Copy the token for use with the full MCP server

For Diagnostic Access (authentik-diag-mcp)

  1. Log in to Authentik as an administrator
  2. Navigate to Directory > Tokens
  3. Create a new token with minimal read-only permissions
  4. Copy the token for use with the diagnostic MCP server

Available Tools

Full MCP Server Tools

User Management

  • authentik_list_users - List users with filtering
  • authentik_get_user - Get user details
  • authentik_create_user - Create new user
  • authentik_update_user - Update existing user
  • authentik_delete_user - Delete user

Group Management

  • authentik_list_groups - List groups
  • authentik_get_group - Get group details
  • authentik_create_group - Create new group
  • authentik_update_group - Update existing group
  • authentik_delete_group - Delete group

Application Management

  • authentik_list_applications - List applications
  • authentik_get_application - Get application details
  • authentik_create_application - Create new application
  • authentik_update_application - Update existing application
  • authentik_delete_application - Delete application

Event Monitoring

  • authentik_list_events - List system events
  • authentik_get_event - Get event details

Flow Management

  • authentik_list_flows - List authentication flows
  • authentik_get_flow - Get flow details

Provider Management

  • authentik_list_providers - List providers
  • authentik_get_provider - Get provider details

Token Management

  • authentik_list_tokens - List API tokens
  • authentik_create_token - Create new token

Diagnostic MCP Server Tools

Event Monitoring

  • authentik_list_events - List system events with filtering
  • authentik_get_event - Get detailed event information
  • authentik_search_events - Search events by criteria
  • authentik_get_user_events - Get user-specific events

User Information (Read-Only)

  • authentik_get_user_info - Get user information
  • authentik_list_users_info - List users for diagnostics
  • authentik_get_user_events - Get user event history

Group Information (Read-Only)

  • authentik_get_group_info - Get group information
  • authentik_list_groups_info - List groups for diagnostics
  • authentik_get_group_members - Get group members

System Health

  • authentik_get_system_config - Get system configuration
  • authentik_get_version_info - Get version information

Application/Flow/Provider Status (Read-Only)

  • authentik_get_application_status - Check application status
  • authentik_list_applications_status - List application statuses
  • authentik_get_flow_status - Check flow status
  • authentik_list_flows_status - List flow statuses
  • authentik_get_provider_status - Check provider status
  • authentik_list_providers_status - List provider statuses

Use Cases

Full MCP Server

  • User Management: Create, update, and manage user accounts
  • Group Administration: Organize users into groups with appropriate permissions
  • Application Setup: Configure and deploy new applications
  • Flow Configuration: Set up and customize authentication flows
  • System Administration: Complete system management and configuration

Diagnostic MCP Server

  • Security Monitoring: Track authentication events and security incidents
  • Performance Analysis: Monitor system performance and user experience
  • Compliance Reporting: Generate audit reports and compliance documentation
  • Troubleshooting: Diagnose authentication and access issues
  • Health Monitoring: Monitor system health and configuration drift

Security Best Practices

Token Management

  • Use dedicated tokens for each server type
  • Rotate tokens regularly
  • Apply principle of least privilege
  • Monitor token usage

Environment Security

  • Always use HTTPS in production
  • Verify SSL certificates
  • Use environment variables for sensitive data
  • Implement proper access controls

Monitoring

  • Enable audit logging
  • Monitor API usage patterns
  • Set up alerting for suspicious activities
  • Regular security reviews

Development

Building All Packages

chmod +x build.sh
./build.sh

Publishing All Packages

chmod +x publish.sh
./publish.sh

Development Setup

Python Development

cd python/authentik-mcp  # or authentik-diag-mcp
uv sync
uv run authentik-mcp --base-url http://localhost:9000 --token your-token

Node.js Development

cd nodejs/authentik-mcp  # or authentik-diag-mcp
npm install
npm run dev -- --base-url http://localhost:9000 --token your-token

Requirements

Python

  • Python 3.10 or higher
  • uv package manager (recommended)

Node.js

  • Node.js 18.0.0 or higher

General

  • Valid Authentik API token with appropriate permissions
  • npm or yarn

Project Structure

authentik-mcp/
├── python/
│   ├── authentik-mcp/           # Full Python MCP server
│   └── authentik-diag-mcp/      # Diagnostic Python MCP server
├── nodejs/
│   ├── authentik-mcp/           # Full Node.js MCP server
│   └── authentik-diag-mcp/      # Diagnostic Node.js MCP server
├── build.sh                     # Build all packages
├── publish.sh                   # Publish all packages
└── README.md                    # This file

License

MIT License - see individual package LICENSE files for details.

Support

Contributing

We welcome contributions! Please see our Contributing Guide for details.

Changelog

See individual package CHANGELOG.md files for version history and changes.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured