MCP Authentik

MCP server for Authentik identity management. Manage users, groups, applications, flows, policies, providers, and more through natural language in Cursor, Claude Code, and Claude Desktop.

Features

• 297 tools across 22 categories covering the complete Authentik API
• Read-only mode via AUTHENTIK_ACCESS_TIER=read-only for safe monitoring
• Category filtering via AUTHENTIK_CATEGORIES to expose only the tools you need
• Type-safe SDK client via @goauthentik/api
• Docker images for linux/amd64 and linux/arm64 on GHCR
• Remote MCP via HTTP transport (MCP_TRANSPORT=http) using the Streamable HTTP protocol
• TypeScript/ESM with full type safety

API Compatibility

Built for Authentik 2026.5.

Quick Start

Run the server directly with npx:

AUTHENTIK_URL="https://auth.example.com" \
AUTHENTIK_TOKEN="your-api-token" \
npx -y @samik081/mcp-authentik

The server validates your Authentik connection on startup and fails immediately with a clear error if credentials are missing or invalid.

Docker

Run with Docker (stdio transport, same as npx):

docker run --rm -i \
  -e AUTHENTIK_URL=https://auth.example.com \
  -e AUTHENTIK_TOKEN=your-api-token \
  ghcr.io/samik081/mcp-authentik

To run as a remote MCP server with HTTP transport:

docker run -d -p 3000:3000 \
  -e MCP_TRANSPORT=http \
  -e AUTHENTIK_URL=https://auth.example.com \
  -e AUTHENTIK_TOKEN=your-api-token \
  ghcr.io/samik081/mcp-authentik

The MCP endpoint is available at http://localhost:3000 and a health check at http://localhost:3000/health.

Configuration

Claude Code CLI (recommended):

# Using npx
claude mcp add --transport stdio authentik \
  --env AUTHENTIK_URL=https://auth.example.com \
  --env AUTHENTIK_TOKEN=your-api-token \
  -- npx -y @samik081/mcp-authentik

# Using Docker
claude mcp add --transport stdio authentik \
  --env AUTHENTIK_URL=https://auth.example.com \
  --env AUTHENTIK_TOKEN=your-api-token \
  -- docker run --rm -i ghcr.io/samik081/mcp-authentik

# Using remote HTTP (connect to a running Docker container or HTTP server)
claude mcp add --transport http authentik http://localhost:3000

JSON config (works with Claude Code .mcp.json, Claude Desktop claude_desktop_config.json, Cursor .cursor/mcp.json):

{
  "mcpServers": {
    "authentik": {
      "command": "npx",
      "args": ["-y", "@samik081/mcp-authentik"],
      "env": {
        "AUTHENTIK_URL": "https://auth.example.com",
        "AUTHENTIK_TOKEN": "your-api-token"
      }
    }
  }
}

Docker (stdio):

{
  "mcpServers": {
    "authentik": {
      "command": "docker",
      "args": ["run", "--rm", "-i",
        "-e", "AUTHENTIK_URL=https://auth.example.com",
        "-e", "AUTHENTIK_TOKEN=your-api-token",
        "ghcr.io/samik081/mcp-authentik"
      ]
    }
  }
}

Remote MCP (connect to a running Docker container or HTTP server):

{
  "mcpServers": {
    "authentik": {
      "type": "streamable-http",
      "url": "http://localhost:3000"
    }
  }
}

Access Tiers

Control which tools are available using the AUTHENTIK_ACCESS_TIER environment variable:

Tier	Tools	Description
full (default)	297	Read and write -- full control
read-only	144	Read only -- safe for monitoring, no state changes

• full: All 297 tools. Includes creating, updating, and deleting users, groups, applications, flows, providers, and all other resources.
• read-only: 144 tools. Listing and viewing resources only. No state changes.

Tools that are not available in your tier are not registered with the MCP server. They will not appear in your AI tool's tool list, keeping the context clean.

Environment Variables

Variable	Required	Default	Description
AUTHENTIK_URL	Yes	--	Authentik instance URL (e.g., https://auth.example.com)
AUTHENTIK_TOKEN	Yes	--	API token with appropriate permissions
AUTHENTIK_ACCESS_TIER	No	full	read-only for read-only tools only, full for all tools
AUTHENTIK_CATEGORIES	No	(all)	Comma-separated category allowlist (e.g., core,admin,flows)
AUTHENTIK_TOOL_BLACKLIST	No	(none)	Comma-separated list of tool names to exclude (e.g., authentik_users_delete)
AUTHENTIK_TOOL_WHITELIST	No	(none)	Comma-separated list of tool names to force-include, bypassing access tier and category filters
DEBUG	No	false	Enable debug logging to stderr
MCP_TRANSPORT	No	stdio	Transport mode: stdio (default) or http
MCP_PORT	No	3000	HTTP server port (only used when MCP_TRANSPORT=http)
MCP_HOST	No	0.0.0.0	HTTP server bind address (only used when MCP_TRANSPORT=http)
MCP_EXCLUDE_TOOL_TITLES	No	false	Set true to omit tool titles from registration (saves tokens)

Available Categories

admin, authenticators, core, crypto, endpoints, enterprise, events, flows, managed, oauth2, outposts, policies, property-mappings, providers, rac, rbac, reports, root, sources, ssf, stages, tenants

Tools

mcp-authentik provides 297 tools organized by category. Each tool's Access column shows the minimum tier required: read-only (available in both tiers) or full (requires full tier). The Hints column shows tool behavior: read-only (no state changes), destructive (modifies existing state), idempotent (same result if called twice).

Admin (8 tools)

Tool	Description	Access	Hints
authentik_admin_system_info	Get system information including HTTP host, runtime environment, server time, and embedded outpost status	read-only	read-only, idempotent
authentik_admin_version	Get Authentik version information including current version and build hash	read-only	read-only, idempotent
authentik_admin_settings_get	Get current system settings	read-only	read-only, idempotent
authentik_admin_settings_update	Update system settings (partial update)	full	destructive, idempotent
authentik_admin_apps	List installed Django applications in the Authentik instance	read-only	read-only, idempotent
authentik_admin_models	List all data models available in the Authentik instance	read-only	read-only, idempotent
authentik_admin_version_history	List Authentik version history entries	read-only	read-only, idempotent
authentik_admin_system_task_trigger	Trigger all system tasks (e.g., cleanup, cache clear)	full	—

Authenticators (5 tools)

Tool	Description	Access	Hints
authentik_authenticators_list	List all authenticator devices across all types for the current user	read-only	read-only, idempotent
authentik_authenticators_admin_by_type_list	List authenticator devices of a specific type (admin view)	read-only	read-only, idempotent
authentik_authenticators_admin_by_type_get	Get a single authenticator device by type and ID (admin view)	read-only	read-only, idempotent
authentik_authenticators_admin_by_type_delete	Delete an authenticator device by type and ID (admin view)	full	destructive
authentik_authenticators_user_by_type_list	List authenticator devices of a specific type for the current user	read-only	read-only, idempotent

Core (45 tools)

Users

Tool	Description	Access	Hints
authentik_users_list	List users with optional filters for username, email, name, active status, superuser status, path, groups, and search	read-only	read-only, idempotent
authentik_users_get	Get a single user by their numeric ID	read-only	read-only, idempotent
authentik_users_create	Create a new user	full	—
authentik_users_update	Update an existing user (partial update)	full	destructive, idempotent
authentik_users_delete	Delete a user by their numeric ID	full	destructive
authentik_users_me	Get information about the currently authenticated user	read-only	read-only, idempotent
authentik_users_set_password	Set a new password for a user	full	destructive, idempotent
authentik_users_create_service_account	Create a new service account user with an optional associated group and token	full	—
authentik_users_generate_recovery_link	Generate a temporary recovery link for a user to regain account access	full	—
authentik_users_send_recovery_email	Send a recovery email to a user using a specified email stage	full	—
authentik_users_list_paths	List all user paths configured in the system	read-only	read-only, idempotent
authentik_users_account_lockdown	Lock down a user account, deactivating it and terminating its active sessions	full	destructive
authentik_users_export	Trigger an export of users with optional filters, producing a downloadable export artifact	full	—

Groups

Tool	Description	Access	Hints
authentik_groups_list	List groups with optional filters for name, superuser status, members, and search	read-only	read-only, idempotent
authentik_groups_get	Get a single group by its UUID	read-only	read-only, idempotent
authentik_groups_create	Create a new group with optional parent group UUIDs, superuser status, users, and custom attributes	full	—
authentik_groups_update	Update an existing group (partial update)	full	destructive, idempotent
authentik_groups_delete	Delete a group by its UUID	full	destructive
authentik_groups_add_user	Add a user to a group by group UUID and user ID	full	idempotent
authentik_groups_remove_user	Remove a user from a group by group UUID and user ID	full	destructive

Applications

Tool	Description	Access	Hints
authentik_apps_list	List applications with optional filters for name, slug, group, search, and more	read-only	read-only, idempotent
authentik_apps_get	Get a single application by its slug	read-only	read-only, idempotent
authentik_apps_create	Create a new application with name, slug, and optional provider, group, and metadata	full	—
authentik_apps_update	Update an existing application (partial update)	full	destructive, idempotent
authentik_apps_set_icon_url	Set an application's icon to an external URL (sets the meta_icon field), or clear the current icon with clear: true	full	destructive, idempotent
authentik_apps_delete	Delete an application by its slug	full	destructive
authentik_apps_check_access	Check whether a specific user has access to an application	read-only	read-only, idempotent
authentik_apps_update_transactional	Create or update an application and its provider in a single atomic transaction	full	destructive, idempotent
authentik_app_entitlements_list	List application entitlements with optional filters	read-only	read-only, idempotent
authentik_app_entitlements_get	Get a single application entitlement by its UUID	read-only	read-only, idempotent
authentik_app_entitlements_create	Create a new application entitlement	full	—
authentik_app_entitlements_update	Update an existing application entitlement (partial update)	full	destructive, idempotent
authentik_app_entitlements_delete	Delete an application entitlement by its UUID	full	destructive

Tokens

Tool	Description	Access	Hints
authentik_tokens_list	List tokens with optional filters for identifier, intent, managed status, and search	read-only	read-only, idempotent
authentik_tokens_get	Get a single token by its identifier	read-only	read-only, idempotent
authentik_tokens_create	Create a new token with an identifier, optional intent, description, and expiration settings	full	—
authentik_tokens_update	Update an existing token (partial update)	full	destructive, idempotent
authentik_tokens_delete	Delete a token by its identifier	full	destructive
authentik_tokens_view_key	View the raw key value of a token (privileged, logged)	full	read-only, idempotent
authentik_tokens_set_key	Set a custom key value for a token	full	destructive, idempotent

Brands

Tool	Description	Access	Hints
authentik_brands_list	List brands with optional filters for UUID, domain, and search	read-only	read-only, idempotent
authentik_brands_get	Get a single brand by its UUID	read-only	read-only, idempotent
authentik_brands_create	Create a new brand with domain, branding settings, flow assignments, and optional attributes	full	—
authentik_brands_update	Update an existing brand (partial update)	full	destructive, idempotent
authentik_brands_delete	Delete a brand by its UUID	full	destructive
authentik_brands_current	Get the brand configuration for the current domain	read-only	read-only, idempotent

Crypto (8 tools)

Tool	Description	Access	Hints
authentik_crypto_list	List certificate keypairs with optional filters	read-only	read-only, idempotent
authentik_crypto_get	Get a single certificate keypair by its UUID	read-only	read-only, idempotent
authentik_crypto_create	Create a new certificate keypair from PEM-encoded certificate and optional private key data	full	—
authentik_crypto_update	Update an existing certificate keypair (partial update)	full	destructive, idempotent
authentik_crypto_delete	Delete a certificate keypair by its UUID	full	destructive
authentik_crypto_generate	Generate a new self-signed certificate keypair (RSA, ECDSA, ED25519, or ED448)	full	—
authentik_crypto_view_certificate	View the PEM-encoded certificate data for a keypair	read-only	read-only, idempotent
authentik_crypto_view_private_key	View the PEM-encoded private key data for a keypair (sensitive)	full	read-only, idempotent

Endpoints (41 tools)

Enterprise device and endpoint management: managed devices, device access groups, device-to-policy bindings, and connectors for agents, enrollment, Fleet, Google Chrome, and Apple ISE-PSSO.

Devices

Tool	Description	Access	Hints
authentik_endpoints_devices_list	List managed endpoint devices with optional filtering by name or identifier, search, and ordering	read-only	read-only, idempotent
authentik_endpoints_devices_get	Retrieve a single endpoint device by its UUID	read-only	read-only, idempotent
authentik_endpoints_devices_summary	Retrieve aggregate summary statistics about managed endpoint devices	read-only	read-only, idempotent
authentik_endpoints_devices_update	Update an endpoint device (partial update)	full	destructive, idempotent
authentik_endpoints_devices_delete	Delete an endpoint device by its UUID (irreversible)	full	destructive

Device Access Groups

Tool	Description	Access	Hints
authentik_endpoints_device_access_groups_list	List device access groups with optional filtering by name, search, and ordering	read-only	read-only, idempotent
authentik_endpoints_device_access_groups_get	Retrieve a single device access group by its UUID	read-only	read-only, idempotent
authentik_endpoints_device_access_groups_create	Create a new device access group (bundles devices for policy targeting)	full	—
authentik_endpoints_device_access_groups_update	Update a device access group (partial update)	full	destructive, idempotent
authentik_endpoints_device_access_groups_delete	Delete a device access group by its UUID (irreversible)	full	destructive

Device Bindings

Tool	Description	Access	Hints
authentik_endpoints_device_bindings_list	List device-to-user policy bindings with optional filtering	read-only	read-only, idempotent
authentik_endpoints_device_bindings_get	Retrieve a single device binding by its UUID	read-only	read-only, idempotent
authentik_endpoints_device_bindings_create	Create a new device binding linking a policy, group, or user to a target with an evaluation order	full	—
authentik_endpoints_device_bindings_update	Update a device binding (partial update)	full	destructive, idempotent
authentik_endpoints_device_bindings_delete	Delete a device binding by its UUID (irreversible)	full	destructive

Agent Connectors

Tool	Description	Access	Hints
authentik_endpoints_agent_connectors_list	List endpoint agent connectors with optional filtering	read-only	read-only, idempotent
authentik_endpoints_agent_connectors_get	Retrieve a single agent connector by its UUID	read-only	read-only, idempotent
authentik_endpoints_agent_connectors_create	Create a new endpoint agent connector	full	—
authentik_endpoints_agent_connectors_update	Update an agent connector (partial update)	full	destructive, idempotent
authentik_endpoints_agent_connectors_delete	Delete an agent connector by its UUID (irreversible)	full	destructive

Enrollment Tokens

Tool	Description	Access	Hints
authentik_endpoints_enrollment_tokens_list	List agent enrollment tokens with optional filtering	read-only	read-only, idempotent
authentik_endpoints_enrollment_tokens_get	Retrieve a single enrollment token by its UUID	read-only	read-only, idempotent
authentik_endpoints_enrollment_tokens_create	Create a new agent enrollment token bound to a connector (used to enroll devices)	full	—
authentik_endpoints_enrollment_tokens_update	Update an enrollment token (partial update)	full	destructive, idempotent
authentik_endpoints_enrollment_tokens_delete	Delete an enrollment token by its UUID (irreversible)	full	destructive

Fleet Connectors

Tool	Description	Access	Hints
authentik_endpoints_fleet_connectors_list	List Fleet device-management connectors with optional filtering	read-only	read-only, idempotent
authentik_endpoints_fleet_connectors_get	Retrieve a single Fleet connector by its UUID	read-only	read-only, idempotent
authentik_endpoints_fleet_connectors_create	Create a new Fleet connector pointing at a Fleet device-management instance	full	—
authentik_endpoints_fleet_connectors_update	Update a Fleet connector (partial update)	full	destructive, idempotent
authentik_endpoints_fleet_connectors_delete	Delete a Fleet connector by its UUID (irreversible)	full	destructive

Google Chrome Connectors

Tool	Description	Access	Hints
authentik_endpoints_google_chrome_connectors_list	List Google Chrome device-management connectors with optional filtering	read-only	read-only, idempotent
authentik_endpoints_google_chrome_connectors_get	Retrieve a single Google Chrome connector by its UUID	read-only	read-only, idempotent
authentik_endpoints_google_chrome_connectors_create	Create a new Google Chrome connector with service-account credentials	full	—
authentik_endpoints_google_chrome_connectors_update	Update a Google Chrome connector (partial update)	full	destructive, idempotent
authentik_endpoints_google_chrome_connectors_delete	Delete a Google Chrome connector by its UUID (irreversible)	full	destructive

ISE-PSSO Agents

Tool	Description	Access	Hints
authentik_endpoints_psso_ise_list	List Apple Independent Secure Enclave (ISE-PSSO) agents with optional filtering	read-only	read-only, idempotent
authentik_endpoints_psso_ise_get	Retrieve a single ISE-PSSO agent by its UUID	read-only	read-only, idempotent
authentik_endpoints_psso_ise_delete	Delete an ISE-PSSO agent by its UUID (irreversible)	full	destructive

Connectors (generic registry)

Tool	Description	Access	Hints
authentik_endpoints_connectors_list	List all endpoint connectors across types (generic registry view)	read-only	read-only, idempotent
authentik_endpoints_connectors_get	Retrieve a single endpoint connector by its UUID from the generic registry	read-only	read-only, idempotent
authentik_endpoints_connectors_delete	Delete an endpoint connector by its UUID from the generic registry (irreversible)	full	destructive

Enterprise (8 tools)

Tool	Description	Access	Hints
authentik_enterprise_license_list	List enterprise licenses with optional filters	read-only	read-only, idempotent
authentik_enterprise_license_get	Get a single enterprise license by its UUID	read-only	read-only, idempotent
authentik_enterprise_license_create	Install a new enterprise license key	full	—
authentik_enterprise_license_update	Update an existing enterprise license (partial update)	full	destructive, idempotent
authentik_enterprise_license_delete	Delete an enterprise license by its UUID	full	destructive
authentik_enterprise_license_summary	Get the total enterprise license status summary	read-only	read-only, idempotent
authentik_enterprise_license_forecast	Forecast how many users will be required in a year based on current growth	read-only	read-only, idempotent
authentik_enterprise_install_id	Get the authentik installation ID (used for license generation)	read-only	read-only, idempotent

Events (25 tools)

Events

Tool	Description	Access	Hints
authentik_events_list	List audit events with optional filters for action, username, client IP, and more	read-only	read-only, idempotent
authentik_events_get	Get a single audit event by its UUID	read-only	read-only, idempotent
authentik_events_create	Create a new audit event	full	—
authentik_events_actions_list	List all available event action types	read-only	read-only, idempotent
authentik_events_top_per_user	Get the top N events grouped by user count	read-only	read-only, idempotent
authentik_events_volume	Get event volume data for specified filters and timeframe	read-only	read-only, idempotent
authentik_events_stats	Get aggregated event statistics bucketed by the provided count steps, optionally filtered	read-only	read-only, idempotent
authentik_events_rules_list	List notification rules with optional filters	read-only	read-only, idempotent
authentik_events_rules_get	Get a single notification rule by its UUID	read-only	read-only, idempotent
authentik_events_rules_create	Create a new notification rule	full	—
authentik_events_rules_update	Update an existing notification rule (partial update)	full	destructive, idempotent
authentik_events_rules_delete	Delete a notification rule by its UUID	full	destructive
authentik_events_transports_list	List notification transports with optional filters	read-only	read-only, idempotent
authentik_events_transports_get	Get a single notification transport by its UUID	read-only	read-only, idempotent
authentik_events_transports_create	Create a new notification transport	full	—
authentik_events_transports_update	Update an existing notification transport (partial update)	full	destructive, idempotent
authentik_events_transports_delete	Delete a notification transport by its UUID	full	destructive
authentik_events_transports_test	Send a test notification using the specified transport	full	—
authentik_events_notifications_list	List notifications for the current user with optional filters	read-only	read-only, idempotent
authentik_events_notifications_update	Update a notification, typically to mark it as seen or unseen	full	destructive, idempotent
authentik_events_notifications_delete	Delete a notification by its UUID	full	destructive
authentik_events_notifications_mark_all_seen	Mark all notifications as seen for the current user	full	destructive, idempotent
authentik_events_export	Trigger an export of events with optional filters, producing a downloadable export artifact	full	—

System Tasks

Tool	Description	Access	Hints
authentik_tasks_list	List background tasks with optional filters by actor name, queue, state, aggregated outcome status (e.g. error/warning), or search	read-only	read-only, idempotent
authentik_tasks_get	Get details of a specific task by its message ID	read-only	read-only, idempotent
authentik_tasks_retry	Retry a failed task by its message ID	full	—

Flows (15 tools)

Tool	Description	Access	Hints
authentik_flows_list	List flows with optional filters for search, designation, and ordering	read-only	read-only, idempotent
authentik_flows_get	Get a single flow by its slug	read-only	read-only, idempotent
authentik_flows_create	Create a new flow with name, slug, title, and designation	full	—
authentik_flows_update	Update an existing flow (partial update)	full	destructive, idempotent
authentik_flows_delete	Delete a flow by its slug	full	destructive
authentik_flows_diagram	Get a visual diagram of a flow showing its stages and bindings	read-only	read-only, idempotent
authentik_flows_export	Export a flow as YAML	read-only	read-only, idempotent
authentik_flows_import	Import a flow/blueprint from YAML content via the managed blueprints import endpoint (merges/upserts into existing objects — does not wipe existing flows first)	full	—
authentik_flows_cache_info	Get information about cached flows	read-only	read-only, idempotent
authentik_flows_cache_clear	Clear the flow cache	full	destructive, idempotent
authentik_flows_bindings_list	List flow stage bindings with optional filters	read-only	read-only, idempotent
authentik_flows_bindings_get	Get a single flow stage binding by its UUID	read-only	read-only, idempotent
authentik_flows_bindings_create	Create a new flow stage binding to attach a stage to a flow	full	—
authentik_flows_bindings_update	Update an existing flow stage binding	full	destructive, idempotent
authentik_flows_bindings_delete	Delete a flow stage binding by its UUID	full	destructive

Managed (7 tools)

Tool	Description	Access	Hints
authentik_blueprints_list	List managed blueprint instances with optional filters	read-only	read-only, idempotent
authentik_blueprints_get	Get a single blueprint instance by its UUID	read-only	read-only, idempotent
authentik_blueprints_create	Create a new managed blueprint instance	full	—
authentik_blueprints_update	Update an existing blueprint instance (partial update)	full	destructive, idempotent
authentik_blueprints_delete	Delete a blueprint instance by its UUID	full	destructive
authentik_blueprints_available	List all available blueprint files that can be used to create blueprint instances	read-only	read-only, idempotent
authentik_blueprints_apply	Apply a blueprint instance, executing its configuration	full	destructive, idempotent

OAuth2 (9 tools)

Tool	Description	Access	Hints
authentik_oauth2_access_tokens_list	List OAuth2 access tokens with optional filters	read-only	read-only, idempotent
authentik_oauth2_access_tokens_get	Get a single OAuth2 access token by its numeric ID	read-only	read-only, idempotent
authentik_oauth2_access_tokens_delete	Delete (revoke) an OAuth2 access token by its ID	full	destructive
authentik_oauth2_auth_codes_list	List OAuth2 authorization codes with optional filters	read-only	read-only, idempotent
authentik_oauth2_auth_codes_get	Get a single OAuth2 authorization code by its numeric ID	read-only	read-only, idempotent
authentik_oauth2_auth_codes_delete	Delete an OAuth2 authorization code by its ID	full	destructive
authentik_oauth2_refresh_tokens_list	List OAuth2 refresh tokens with optional filters	read-only	read-only, idempotent
authentik_oauth2_refresh_tokens_get	Get a single OAuth2 refresh token by its numeric ID	read-only	read-only, idempotent
authentik_oauth2_refresh_tokens_delete	Delete (revoke) an OAuth2 refresh token by its ID	full	destructive

Outposts (15 tools)

Tool	Description	Access	Hints
authentik_outposts_list	List outpost instances with optional filters	read-only	read-only, idempotent
authentik_outposts_get	Get a single outpost instance by its UUID	read-only	read-only, idempotent
authentik_outposts_create	Create a new outpost instance	full	—
authentik_outposts_update	Update an existing outpost instance (partial update)	full	destructive, idempotent
authentik_outposts_delete	Delete an outpost instance by its UUID	full	destructive
authentik_outposts_health	Get the current health status of an outpost	read-only	read-only, idempotent
authentik_outposts_default_settings	Get the global default outpost configuration	read-only	read-only, idempotent
authentik_outposts_service_connections_list	List all service connections (Docker and Kubernetes) with optional filters	read-only	read-only, idempotent
authentik_outposts_service_connections_state	Get the current state of a service connection	read-only	read-only, idempotent
authentik_outposts_service_connections_types	List all available service connection types	read-only	read-only, idempotent
authentik_outposts_docker_create	Create a new Docker service connection	full	—
authentik_outposts_docker_update	Update an existing Docker service connection (partial update)	full	destructive, idempotent
authentik_outposts_kubernetes_create	Create a new Kubernetes service connection	full	—
authentik_outposts_kubernetes_update	Update an existing Kubernetes service connection (partial update)	full	destructive, idempotent
authentik_outposts_service_connections_delete	Delete a service connection by its UUID	full	destructive

Policies (19 tools)

Policies use a type+config pattern. Cross-type tools operate on any policy, while per-type tools accept a policy_type parameter. Available types: dummy, event_matcher, expression, geoip, password, password_expiry, reputation, unique_password.

Tool	Description	Access	Hints
authentik_policies_list	List all policies across all types with optional filters	read-only	read-only, idempotent
authentik_policies_get	Get a single policy by its UUID (cross-type)	read-only	read-only, idempotent
authentik_policies_delete	Delete a policy by its UUID (cross-type)	full	destructive
authentik_policies_types_list	List all available policy types	read-only	read-only, idempotent
authentik_policies_test	Test a policy against a specific user to see if it passes or fails	read-only	read-only, idempotent
authentik_policies_cache_info	Get information about cached policies	read-only	read-only, idempotent
authentik_policies_cache_clear	Clear the policy cache	full	destructive, idempotent
authentik_policies_by_type_list	List policies of a specific type with optional filters	read-only	read-only, idempotent
authentik_policies_by_type_get	Get a single policy of a specific type by its UUID	read-only	read-only, idempotent
authentik_policies_by_type_create	Create a new policy of a specific type	full	—
authentik_policies_by_type_update	Update an existing policy of a specific type	full	destructive, idempotent
authentik_policies_by_type_delete	Delete a policy of a specific type by its UUID	full	destructive
authentik_policy_bindings_list	List policy bindings with optional filters	read-only	read-only, idempotent
authentik_policy_bindings_get	Get a single policy binding by its UUID	read-only	read-only, idempotent
authentik_policy_bindings_create	Create a new policy binding to attach a policy to a target	full	—
authentik_policy_bindings_update	Update an existing policy binding	full	destructive, idempotent
authentik_policy_bindings_delete	Delete a policy binding by its UUID	full	destructive
authentik_reputation_scores_list	List reputation scores with optional filters	read-only	read-only, idempotent
authentik_reputation_scores_delete	Delete a reputation score by its UUID	full	destructive

Property Mappings (10 tools)

Property mappings use a type+config pattern. Cross-type tools operate on any mapping, while per-type tools accept a mapping_type parameter. Available types: notification, provider_google_workspace, provider_microsoft_entra, provider_rac, provider_radius, provider_saml, provider_scim, provider_scope, source_kerberos, source_ldap, source_oauth, source_plex, source_saml, source_scim.

Tool	Description	Access	Hints
authentik_property_mappings_list	List all property mappings across all types	read-only	read-only, idempotent
authentik_property_mappings_get	Get a single property mapping by its UUID (cross-type)	read-only	read-only, idempotent
authentik_property_mappings_delete	Delete a property mapping by its UUID	full	destructive
authentik_property_mappings_types_list	List all available property mapping types	read-only	read-only, idempotent
authentik_property_mappings_test	Test a property mapping by UUID	full	read-only, idempotent
authentik_property_mappings_by_type_list	List property mappings of a specific type	read-only	read-only, idempotent
authentik_property_mappings_by_type_get	Get a single property mapping by type and UUID	read-only	read-only, idempotent
authentik_property_mappings_by_type_create	Create a new property mapping of a specific type	full	—
authentik_property_mappings_by_type_update	Update an existing property mapping by type and UUID	full	destructive, idempotent
authentik_property_mappings_by_type_delete	Delete a property mapping by type and UUID	full	destructive

Providers (13 tools)

Providers use a type+config pattern. Cross-type tools operate on any provider, while per-type tools accept a provider_type parameter. Available types: oauth2, saml, ldap, proxy, radius, scim, rac, google_workspace, microsoft_entra, wsfed.

Tool	Description	Access	Hints
authentik_providers_list	List all providers across all types with optional filters	read-only	read-only, idempotent
authentik_providers_get	Get a single provider by its numeric ID (cross-type)	read-only	read-only, idempotent
authentik_providers_delete	Delete a provider by its numeric ID (cross-type)	full	destructive
authentik_providers_types_list	List all available provider types	read-only	read-only, idempotent
authentik_providers_by_type_list	List providers of a specific type with optional filters	read-only	read-only, idempotent
authentik_providers_by_type_get	Get a single provider of a specific type by its numeric ID	read-only	read-only, idempotent
authentik_providers_by_type_create	Create a new provider of a specific type	full	—
authentik_providers_by_type_update	Update an existing provider of a specific type	full	destructive, idempotent
authentik_providers_by_type_delete	Delete a provider of a specific type by its numeric ID	full	destructive
authentik_providers_oauth2_setup_urls	Get OAuth2 provider setup URLs (authorize, token, userinfo, etc.)	read-only	read-only, idempotent
authentik_providers_saml_metadata	Get SAML provider metadata XML	read-only	read-only, idempotent
authentik_providers_wsfed_metadata	Get WS-Federation provider metadata XML	read-only	read-only, idempotent
authentik_providers_wsfed_preview_user	Preview the property-mapping output a WS-Federation provider would generate for a user	read-only	read-only, idempotent

RAC (8 tools)

Tool	Description	Access	Hints
authentik_rac_endpoints_list	List RAC (Remote Access Control) endpoints with optional filters	read-only	read-only, idempotent
authentik_rac_endpoints_get	Get a single RAC endpoint by its UUID	read-only	read-only, idempotent
authentik_rac_endpoints_create	Create a new RAC endpoint for remote access	full	—
authentik_rac_endpoints_update	Update an existing RAC endpoint (partial update)	full	destructive, idempotent
authentik_rac_endpoints_delete	Delete a RAC endpoint by its UUID	full	destructive
authentik_rac_connection_tokens_list	List RAC connection tokens with optional filters (system-managed, no create)	read-only	read-only, idempotent
authentik_rac_connection_tokens_get	Get a single RAC connection token by its UUID	read-only	read-only, idempotent
authentik_rac_connection_tokens_delete	Delete a RAC connection token by its UUID	full	destructive

RBAC (11 tools)

RBAC permissions are role-only: assign permissions to roles, then grant a role to users via role membership.

Tool	Description	Access	Hints
authentik_rbac_roles_list	List RBAC roles with optional filters	read-only	read-only, idempotent
authentik_rbac_roles_get	Get a single RBAC role by its UUID	read-only	read-only, idempotent
authentik_rbac_roles_create	Create a new RBAC role	full	—
authentik_rbac_roles_update	Update an existing RBAC role (partial update)	full	destructive, idempotent
authentik_rbac_roles_delete	Delete an RBAC role by its UUID	full	destructive
authentik_rbac_permissions_list	List all available permissions, filterable by model and app	read-only	read-only, idempotent
authentik_rbac_permissions_by_role_list	List object permissions assigned to a specific model, filterable by role	read-only	read-only, idempotent
authentik_rbac_permissions_by_role_assign	Assign permission(s) to a role	full	idempotent
authentik_rbac_permissions_by_role_unassign	Unassign permission(s) from a role	full	destructive
authentik_rbac_roles_add_user	Add a user to a role by role UUID and user ID (permissions are granted via roles)	full	idempotent
authentik_rbac_roles_remove_user	Remove a user from a role by role UUID and user ID	full	destructive

Reports (3 tools)

Tool	Description	Access	Hints
authentik_reports_export_list	List data exports with optional search and ordering	read-only	read-only, idempotent
authentik_reports_export_get	Retrieve a single data export by its ID, including content type, query, file URL, and completion status	read-only	read-only, idempotent
authentik_reports_export_delete	Delete a data export by its ID (irreversible)	full	destructive

Root (1 tool)

Tool	Description	Access	Hints
authentik_root_config	Get root configuration including capabilities, error reporting settings, and UI configuration	read-only	read-only, idempotent

Sources (11 tools)

Sources use a type+config pattern. Cross-type tools operate on any source, while per-type tools accept a source_type parameter. Available types: oauth, saml, ldap, plex, kerberos, scim, telegram.

Tool	Description	Access	Hints
authentik_sources_list	List all sources across all types (OAuth, SAML, LDAP, Plex, Kerberos, SCIM)	read-only	read-only, idempotent
authentik_sources_get	Get a single source by its slug (cross-type)	read-only	read-only, idempotent
authentik_sources_delete	Delete a source by its slug	full	destructive
authentik_sources_types_list	List all available source types	read-only	read-only, idempotent
authentik_sources_by_type_list	List sources of a specific type	read-only	read-only, idempotent
authentik_sources_by_type_get	Get a single source by type and slug	read-only	read-only, idempotent
authentik_sources_by_type_create	Create a new source of a specific type	full	—
authentik_sources_by_type_update	Update an existing source by type and slug	full	destructive, idempotent
authentik_sources_by_type_delete	Delete a source by type and slug	full	destructive
authentik_sources_user_connections_list	List user-source connections across all source types	read-only	read-only, idempotent
authentik_sources_telegram_connect_user	Connect a user to a Telegram source using Telegram authentication data (login widget payload)	full	—

SSF (3 tools)

Tool	Description	Access	Hints
authentik_ssf_streams_list	List Shared Signals Framework (SSF) event streams with optional filters	read-only	read-only, idempotent
authentik_ssf_streams_get	Get a single SSF event stream by its UUID	read-only	read-only, idempotent
authentik_ssf_streams_delete	Delete a Shared Signals Framework (SSF) event stream by its UUID (irreversible)	full	destructive

Stages (19 tools)

Stages use a type+config pattern. Cross-type tools operate on any stage, while per-type tools accept a stage_type parameter. Available types: account_lockdown, authenticator_duo, authenticator_email, authenticator_endpoint_gdtc, authenticator_sms, authenticator_static, authenticator_totp, authenticator_validate, authenticator_webauthn, captcha, consent, deny, dummy, email, endpoint, identification, invitation, mtls, password, prompt, redirect, source, user_delete, user_login, user_logout, user_write.

Tool	Description	Access	Hints
authentik_stages_list	List all stages across all types with optional filters	read-only	read-only, idempotent
authentik_stages_get	Get a single stage by its UUID (cross-type)	read-only	read-only, idempotent
authentik_stages_delete	Delete a stage by its UUID (cross-type)	full	destructive
authentik_stages_types_list	List all available stage types	read-only	read-only, idempotent
authentik_stages_by_type_list	List stages of a specific type with optional filters	read-only	read-only, idempotent
authentik_stages_by_type_get	Get a single stage of a specific type by its UUID	read-only	read-only, idempotent
authentik_stages_by_type_create	Create a new stage of a specific type	full	—
authentik_stages_by_type_update	Update an existing stage of a specific type	full	destructive, idempotent
authentik_stages_by_type_delete	Delete a stage of a specific type by its UUID	full	destructive
authentik_invitations_list	List invitations with optional filters	read-only	read-only, idempotent
authentik_invitations_get	Get a single invitation by its UUID	read-only	read-only, idempotent
authentik_invitations_create	Create a new invitation	full	—
authentik_invitations_update	Update an existing invitation	full	destructive, idempotent
authentik_invitations_delete	Delete an invitation by its UUID	full	destructive
authentik_invitations_send_email	Send an invitation email to one or more recipients for an existing invitation	full	—
authentik_prompts_list	List prompt field definitions with optional filters	read-only	read-only, idempotent
authentik_prompts_get	Get a single prompt field definition by its UUID	read-only	read-only, idempotent
authentik_prompts_create	Create a new prompt field definition	full	—
authentik_prompts_update	Update an existing prompt field definition	full	destructive, idempotent
authentik_prompts_delete	Delete a prompt field definition by its UUID	full	destructive

Tenants (10 tools)

Tool	Description	Access	Hints
authentik_tenants_list	List tenants with optional filters	read-only	read-only, idempotent
authentik_tenants_get	Get a single tenant by its UUID	read-only	read-only, idempotent
authentik_tenants_create	Create a new tenant	full	—
authentik_tenants_update	Update an existing tenant (partial update)	full	destructive, idempotent
authentik_tenants_delete	Delete a tenant by its UUID (irreversible, removes all tenant data)	full	destructive
authentik_tenants_create_admin_group	Create an admin group for a tenant and add a user to it	full	—
authentik_tenants_create_recovery_key	Create a recovery key for a user in a tenant	full	—
authentik_tenants_domains_list	List tenant domains with optional filters	read-only	read-only, idempotent
authentik_tenants_domains_create	Create a new domain for a tenant	full	—
authentik_tenants_domains_delete	Delete a tenant domain by its numeric ID	full	destructive

Known Limitations

• Application icons are URL-only. authentik_apps_set_icon_url sets the meta_icon field to an external URL, or clears the current icon with clear: true. Uploading a binary icon file is not supported through this MCP server.
• Endpoint enrollment keys are not retrievable. Enrollment tokens can be created and managed, but the raw enrollment key value cannot be viewed back through the @goauthentik/api SDK.

Verify It Works

After configuring your MCP client, ask your AI assistant:

"What version of Authentik is running?"

If the connection is working, the assistant will call authentik_admin_version and return your server version and build hash.

Usage Examples

• "List all users in the admin group" -- calls authentik_users_list and authentik_groups_list to find and display admin group members.
• "What applications are configured?" -- calls authentik_apps_list to show all applications with their providers and groups.
• "Create a new user for john.doe@example.com" -- calls authentik_users_create to set up the new user account.
• "Show me a summary of all managed endpoint devices" -- calls authentik_endpoints_devices_summary to report aggregate device statistics.

Troubleshooting

Connection errors

• Verify AUTHENTIK_URL is reachable from the machine running the MCP server
• Ensure there is no trailing slash on the URL (use https://auth.example.com not https://auth.example.com/)
• Verify HTTPS is configured correctly if your instance uses TLS

Token permissions

• The API token must have sufficient permissions for the tools you intend to use
• Tools with full access tier will fail if your token only has read permissions -- set AUTHENTIK_ACCESS_TIER=read-only to limit exposure
• Create tokens in the Authentik admin interface under Directory > Tokens and App passwords

Category filtering

• Use AUTHENTIK_CATEGORIES with the actual category values listed above (e.g., core,admin,flows), not source file names
• Users, groups, applications, tokens, and brands are all under the core category, not separate categories
• Use comma-separated values with no spaces (e.g., core,admin,events)

Development

# Install dependencies
npm install

# Build the project
npm run build

# Run in development mode (auto-reload)
npm run dev

# Open the MCP Inspector for interactive testing
npm run inspect

License

MIT