AI Agents and MCP
LumoAuth treats AI agents as first-class identities: each agent is a registered OAuth client with its own credentials, scopes, budget, and audit trail. This page covers how to register and operate agents, how agents authenticate, and how they connect to Model Context Protocol (MCP) servers — a protocol for LLM hosts (Claude, ChatGPT, Cursor) to discover and call external tools.
Why AI agent identity?
As AI agents become part of enterprise workflows, they need:
- Authentication — verify which agent is making a request.
- Authorization — control what each agent can access.
- Audit trail — track agent actions for compliance.
- Scoped access — limit agents to specific resources and operations.
- Revocation — disable agent access immediately.
LumoAuth treats AI agents as first-class identities, similar to users and service accounts.
Managing AI agents
Portal
Navigate to /orgs/{orgId}/portal/agents:
- Register Agent — create a new agent identity.
- Agent List — view all registered agents.
- Agent Detail — manage credentials, permissions, and MCP connections.
- Revoke Agent — disable an agent immediately.
Registering an agent
- Go to
/orgs/{orgId}/portal/agents. - Click Register Agent.
- Configure:
| Field | Description |
|---|---|
| Name | Display name for the agent |
| Description | What the agent does |
| Allowed Scopes | Which scopes the agent can request |
| Permissions | Specific permissions granted |
| Token Lifetime | How long agent tokens are valid |
- After creation, you receive:
- Client ID — the agent's identity.
- Client Secret — the agent's credential.
Agent authentication
Agents authenticate using the OAuth 2.0 client-credentials flow:
curl -X POST https://your-domain.com/orgs/{orgId}/api/v1/oauth/token \
-d grant_type=client_credentials \
-d client_id=AGENT_CLIENT_ID \
-d client_secret=AGENT_CLIENT_SECRET \
-d scope="agent:read agent:execute"
The returned access token contains agent-specific claims:
{
"sub": "agent-uuid",
"client_id": "agent-client-id",
"agent_name": "data-processor",
"scope": "agent:read agent:execute",
"organization": "acme-corp",
"iat": 1706400000,
"exp": 1706403600
}
Workload identity
For agents running on Kubernetes, AWS, GCP, or Azure, LumoAuth can trust the platform's own identity token — a K8s ServiceAccount JWT, an AWS IAM-signed identity, a GCP metadata-server token, or an Azure Managed Identity token — and exchange it for a LumoAuth access token via RFC 8693 — OAuth 2.0 Token Exchange (swap one token for another, recording the subject). No static client secret required. See Workload Identity Federation.
Model Context Protocol (MCP)
LumoAuth is the OAuth 2.1 authorization server for MCP servers: agents obtain a token from LumoAuth and present it to the MCP server, which validates it against LumoAuth.
What is MCP?
MCP lets LLM hosts discover and invoke external tools in a standardized way. MCP servers expose tools; MCP clients call them. LumoAuth authorizes those tool calls.
Configuring MCP servers
- Go to
/orgs/{orgId}/portal/agents→ MCP Servers. - Click Add MCP Server.
- Configure:
| Field | Description |
|---|---|
| Name | Display name for the MCP server |
| URL | MCP server endpoint |
| Authentication | How the agent authenticates to the MCP server |
| Allowed Agents | Which agents can use this MCP server |
| Scopes | What operations are permitted |
MCP authentication flow
- Agent authenticates with LumoAuth.
- LumoAuth issues a token scoped for the organization and audience-bound to the MCP server (
audclaim set to the server's Resource URI). - Agent presents the token to the MCP server.
- MCP server validates the token (JWT signature +
audcheck, or via introspection).
Agent permissions
Agents can be assigned:
- Roles — the same RBAC roles used for users.
- Scopes — OAuth scopes limiting API access.
- ABAC policies — attribute-based conditions (e.g., time restrictions, IP ranges).
- Zanzibar relations — fine-grained per-object access.
Principle of least privilege
Grant agents only the minimum permissions they need:
Audit trail
All agent actions are logged in the audit log:
| Event | Description |
|---|---|
agent.created | Agent registered |
agent.authenticated | Agent obtained a token |
agent.action | Agent performed an action |
agent.revoked | Agent access revoked |
mcp.connection | Agent connected to MCP server |
Use cases
| Scenario | Description |
|---|---|
| Data processing | Agent accesses databases and APIs to process data |
| Customer support | AI assistant accesses user information to help customers |
| Code review | Agent accesses repositories and review tools |
| Monitoring | Agent checks system health and triggers alerts |
| Content generation | Agent accesses CMS and publishes content |
Related
- Applications — register OAuth clients for agents
- OAuth 2.0 client credentials — M2M authentication
- Access control — agent permissions
- Audit logs — agent activity tracking