Workflow-centric MCP server for Authentik Identity Provider — Go, stdio transport
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"authentik-mcp-server": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Workflow-centric MCP server for the Authentik Identity Provider, written in Go with stdio transport.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
MCP Security Weekly
Get CVE alerts and security updates for Authentik Mcp Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Workflow-centric MCP server for the Authentik Identity Provider, written in Go with stdio transport.
Exposes Authentik identity operations as callable tools in Claude Code, enabling you to query user access, audit security events, and inspect your IAM posture directly from the CLI.
summarize_user_accessReturns a structured JSON summary of a user's identity, group memberships, recent activity, and accessible applications.
Input: username (string, required)
Output:
{
"username": "alice",
"email": "alice@example.com",
"is_active": true,
"last_login": "2026-01-15T09:00:00Z",
"groups": ["admins", "vpn-users"],
"recent_events": [
{"action": "login", "datetime": "2026-01-15T09:00:00Z", "client_ip": "192.0.2.10"}
],
"accessible_apps": ["Grafana", "Vault"]
}
audit_recent_security_eventsReturns a markdown table of recent security-relevant events: login_failed, policy_denied, and secret_view. Events are fetched in parallel across all three action types, merged, and sorted by timestamp descending.
Input: limit (int, optional, default 20)
Output:
| DateTime | Action | Username | ClientIP |
|----------|--------|----------|----------|
| 2026-01-15T09:00:00Z | login_failed | alice | 192.0.2.10 |
make build
# binary at bin/authentik-mcp
export AUTHENTIK_URL=https://your-authentik-instance:9443
export AUTHENTIK_TOKEN=your-api-token
./bin/authentik-mcp
make smoke-test
# OK: connected to Authentik at https://your-authentik-instance:9443
make docker-build
docker run -e AUTHENTIK_URL=... -e AUTHENTIK_TOKEN=... authentik-mcp:latest
Add to ~/.claude.json:
{
"mcpServers": {
"authentik": {
"command": "/path/to/bin/authentik-mcp",
"env": {
"AUTHENTIK_URL": "https://your-authentik-instance:9443",
"AUTHENTIK_TOKEN": "your-api-token"
}
}
}
}
Restart Claude Code, then use the tools directly in conversation:
> use the authentik mcp to audit recent security events
> summarize access for user alice
| Env var | Required | Default | Description |
|---|---|---|---|
AUTHENTIK_URL | ✅ | — | Base URL of your Authentik instance |
AUTHENTIK_TOKEN | ✅ | — | API token (Settings → System → Tokens) |
AUTHENTIK_TLS_SKIP_VERIFY | — | false | Set to true to disable TLS verification (default: verify — use for self-signed certs) |
oapi-codegen.yaml retained for future use)Authorization: Bearer <token> injected via transport middleware| Method | Endpoint | Purpose |
|---|---|---|
| GET | /api/v3/core/users/ | User search |
| GET | /api/v3/core/users/{id}/ | User details |
| GET | /api/v3/core/groups/?member_by_pk={id} | Group memberships |
| GET | /api/v3/events/events/?user_pk={id} | Per-user events |
| GET | /api/v3/events/events/?action={type} | Events by action type |
| GET | /api/v3/core/applications/ | Application list |
| GET | /api/v3/root/config/ | Instance capabilities (smoke test) |
list_groups, create_user, `set_user_passwor