From bde970724ff55d507dc81c3086dd911c9cb2266d Mon Sep 17 00:00:00 2001 From: dgirvin <153232367+dgirvin@users.noreply.github.com> Date: Mon, 8 Jun 2026 10:36:49 -0400 Subject: [PATCH 1/3] docs: add Claude desktop app (Cowork) MCP setup + Teams admin note - Add 'Configure in Claude Desktop App (Cowork)' section with claude_desktop_config.json path (macOS/Windows) and JSON config - Add Teams/Enterprise admin controls note (Admin > Capabilities) - Update Prerequisites to call out both supported clients - Update Known Limitations to clarify desktop app support - Clarify that org-level MCP directories are not a real config path" --- docs/api/mcp-server.md | 72 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 68 insertions(+), 4 deletions(-) diff --git a/docs/api/mcp-server.md b/docs/api/mcp-server.md index 0157b5300b..5b10237cc0 100644 --- a/docs/api/mcp-server.md +++ b/docs/api/mcp-server.md @@ -1,7 +1,7 @@ --- id: mcp-server title: Sumo Logic MCP Server -description: Connect your AI tools to Sumo Logic via MCP to query logs, manage insights, and investigate security incidents using Claude Code CLI. +description: Connect your AI tools to Sumo Logic via MCP to query logs, manage insights, and investigate security incidents using Claude Code CLI or the Claude desktop app. --- import useBaseUrl from '@docusaurus/useBaseUrl'; @@ -25,7 +25,7 @@ The Sumo Logic MCP server lets MCP clients (external AI models) connect to Sumo ## Prerequisites * **Sumo Logic Administrator role**. You'll need this to create OAuth clients. If you're unsure whether you have this role, check your [Preferences](/docs/get-started/onboarding-checklists/). -* **Sumo Logic OAuth client credentials**. The MCP client uses [OAuth client credentials](/docs/manage/security/oauth) to authenticate with Sumo Logic. For Claude Code CLI, you'll create them during the setup steps below. +* **Sumo Logic OAuth client credentials**. The MCP client uses [OAuth client credentials](/docs/manage/security/oauth) to authenticate with Sumo Logic. You'll create them during the setup steps below. * **MCP server URL for your deployment**. OAuth tokens are deployment-bound, so you must use the correct URL for your Sumo Logic deployment: | Deployment | MCP Server URL | | :--- | :--- | @@ -39,12 +39,18 @@ The Sumo Logic MCP server lets MCP clients (external AI models) connect to Sumo | US East (N. Virginia) | `https://mcp.sumologic.com/mcp` | | US East (N. Virginia) - FedRAMP | `https://mcp.fed.sumologic.com/mcp` | | US West (Oregon) | `https://mcp.us2.sumologic.com/mcp` | -* **An MCP-compatible client that supports OAuth 2.0 Authorization Code flow**. Any MCP client that supports OAuth 2.0 Authorization Code flow with a client ID and secret will work. - * We've documented setup below for [Claude Code CLI](https://code.claude.com/docs/en/quickstart) (requires a paid Claude subscription or Anthropic Console account). +* **A supported MCP client**. Setup instructions are provided below for: + * [Claude Code CLI](https://code.claude.com/docs/en/quickstart) — requires a paid Claude subscription or Anthropic Console account. + * [Claude desktop app (Cowork)](/docs/get-started/cowork) — requires a Claude Teams or Enterprise account. + +:::note Teams and Enterprise accounts +For Claude Teams and Enterprise accounts, your organization admin must allow MCP servers before members can connect them. Admins can manage this in **Admin settings > Capabilities**. If you cannot complete the setup steps below, contact your org admin to confirm MCP access is enabled. +::: ## Known limitations * **VS Code**. Recent VS Code releases do not work with the authorization code flow when an explicit client ID and secret are provided. +* **MCP config directories**. There is no shared org-level MCP directory that Claude reads automatically. MCPs must be registered per-client using the methods documented below. :::note If you have questions about client compatibility, [contact Sumo Logic Support](https://support.sumologic.com/support/s). @@ -95,6 +101,58 @@ Claude Code CLI uses OAuth 2.0 Authorization Code flow for authentication. Brows 1. Verify the connection with `/mcp` to confirm the server is connected.
Claude Code CLI showing Sumo Logic MCP server connected 1. Prompt Claude Code to `List my available MCP tools` to see what you can do. You can also refer to [Available MCP Tools](#available-mcp-tools). +## Configure in Claude Desktop App (Cowork) + +The Claude desktop app (including Cowork) uses a JSON configuration file rather than CLI commands to register MCP servers. + +### Authentication + +The desktop app uses OAuth 2.0 Authorization Code flow. A browser window opens on first use to complete authentication with Sumo Logic. Token refresh is handled automatically. + +### Setup + +1. In Sumo Logic, create an OAuth client: + 1. Go to **Administration** > **Security** > **OAuth Clients**. + 1. Click **+ Add Client**. + 1. For **Type**, select **Authorization Code**. + 1. Enter a **Name** and optional **Description**. + 1. For **Redirect URI**, enter: + ``` + http://localhost:8888/callback + ``` + 1. Click **Save**. + 1. Copy the **Client ID** and **Client Secret**. + For more details, see [OAuth Client Setup](/docs/manage/security/oauth#authorization-code-flow). +1. Open your Claude desktop app configuration file in a text editor: + * **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json` + * **Windows**: `%APPDATA%\Claude\claude_desktop_config.json` + + If the file doesn't exist yet, create it. +1. Add the Sumo Logic MCP server under `mcpServers`. Replace ``, ``, and `` with your values from the steps above: + ```json + { + "mcpServers": { + "sumo-logic": { + "type": "http", + "url": "", + "oauth": { + "clientId": "", + "clientSecret": "", + "callbackPort": 8888 + } + } + } + } + ``` + If you have existing entries in `mcpServers`, add the `sumo-logic` block alongside them. +1. Save the file and **restart the Claude desktop app** for the change to take effect. +1. On first use, the app will open a browser window to authenticate with Sumo Logic. Log in to complete the OAuth flow. +1. To verify the connection, start a new conversation and ask Claude to `List my available MCP tools`. + +:::note +The `mcpServers` config is per-machine and per-user. Each team member needs to add the config to their own `claude_desktop_config.json`. There is no shared org-level config file. +::: + ## Available MCP tools Our MCP server provides access to Sumo Logic through these tool categories: @@ -360,3 +418,9 @@ For bulk data retrieval or model training, the [Search Job API](/docs/api/search ### Where does my agent run? Agents connected via MCP run in your own environment, not within Sumo Logic infrastructure. + +### Can I share my MCP configuration with my whole team at once? + +No. MCP servers must be registered individually on each team member's machine — either via `claude mcp add` (Claude Code CLI) or by editing `claude_desktop_config.json` (Claude desktop app). There is no shared org-level config directory that Claude reads automatically. + +For Teams and Enterprise accounts, your org admin must first enable MCP access under **Admin settings > Capabilities**. From ea08e4bd849c80217d3b2341dd8179a4e543df1c Mon Sep 17 00:00:00 2001 From: dgirvin <153232367+dgirvin@users.noreply.github.com> Date: Mon, 8 Jun 2026 10:49:05 -0400 Subject: [PATCH 2/3] docs: fix Cowork/desktop MCP setup - correct config file and JSON format - Replace incorrect claude_desktop_config.json references with ~/.claude.json (claude_desktop_config.json is for the separate Claude Desktop chat app, not Claude Code or Cowork) - Remove clientSecret from JSON config - it is stored in system keychain, not in the config file - Reframe desktop/Cowork section: CLI command is the recommended path; Connectors UI (Code tab) and direct JSON edit are alternatives - Correct JSON format per official docs: {type, url, oauth: {clientId, callbackPort}} --- docs/api/mcp-server.md | 90 ++++++++++++++++++++++++++++-------------- 1 file changed, 60 insertions(+), 30 deletions(-) diff --git a/docs/api/mcp-server.md b/docs/api/mcp-server.md index 5b10237cc0..55fa13371b 100644 --- a/docs/api/mcp-server.md +++ b/docs/api/mcp-server.md @@ -41,7 +41,7 @@ The Sumo Logic MCP server lets MCP clients (external AI models) connect to Sumo | US West (Oregon) | `https://mcp.us2.sumologic.com/mcp` | * **A supported MCP client**. Setup instructions are provided below for: * [Claude Code CLI](https://code.claude.com/docs/en/quickstart) — requires a paid Claude subscription or Anthropic Console account. - * [Claude desktop app (Cowork)](/docs/get-started/cowork) — requires a Claude Teams or Enterprise account. + * [Claude desktop app (Cowork)](https://code.claude.com/docs/en/desktop) — requires a Claude Teams or Enterprise account. :::note Teams and Enterprise accounts For Claude Teams and Enterprise accounts, your organization admin must allow MCP servers before members can connect them. Admins can manage this in **Admin settings > Capabilities**. If you cannot complete the setup steps below, contact your org admin to confirm MCP access is enabled. @@ -50,7 +50,7 @@ For Claude Teams and Enterprise accounts, your organization admin must allow MCP ## Known limitations * **VS Code**. Recent VS Code releases do not work with the authorization code flow when an explicit client ID and secret are provided. -* **MCP config directories**. There is no shared org-level MCP directory that Claude reads automatically. MCPs must be registered per-client using the methods documented below. +* **MCP config directories**. There is no shared org-level MCP directory that Claude reads automatically. MCPs must be registered per-user using the methods documented below. :::note If you have questions about client compatibility, [contact Sumo Logic Support](https://support.sumologic.com/support/s). @@ -103,11 +103,15 @@ Claude Code CLI uses OAuth 2.0 Authorization Code flow for authentication. Brows ## Configure in Claude Desktop App (Cowork) -The Claude desktop app (including Cowork) uses a JSON configuration file rather than CLI commands to register MCP servers. +The Claude desktop app (including the Cowork tab) shares MCP configuration with Claude Code. The recommended setup path is the same `claude mcp add` terminal command used for the CLI — it registers the server at user scope in `~/.claude.json`, making it available across all Claude surfaces on your machine. + +:::note +`claude_desktop_config.json` is for the separate Claude Desktop chat app and is **not** read by the Claude Code desktop app or Cowork. Do not edit that file for this setup. +::: ### Authentication -The desktop app uses OAuth 2.0 Authorization Code flow. A browser window opens on first use to complete authentication with Sumo Logic. Token refresh is handled automatically. +OAuth 2.0 Authorization Code flow is used. A browser window opens on first use to authenticate with Sumo Logic. Token refresh is handled automatically. ### Setup @@ -123,34 +127,56 @@ The desktop app uses OAuth 2.0 Authorization Code flow. A browser window opens o 1. Click **Save**. 1. Copy the **Client ID** and **Client Secret**. For more details, see [OAuth Client Setup](/docs/manage/security/oauth#authorization-code-flow). -1. Open your Claude desktop app configuration file in a text editor: - * **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json` - * **Windows**: `%APPDATA%\Claude\claude_desktop_config.json` - - If the file doesn't exist yet, create it. -1. Add the Sumo Logic MCP server under `mcpServers`. Replace ``, ``, and `` with your values from the steps above: - ```json - { - "mcpServers": { - "sumo-logic": { - "type": "http", - "url": "", - "oauth": { - "clientId": "", - "clientSecret": "", - "callbackPort": 8888 - } - } - } - } +1. Open a Terminal window and run the following command. Replace `` and `` with your values. When prompted, enter your **Client Secret** — it is stored securely in your system keychain, not in any config file. + ```bash + claude mcp add --transport http \ + --scope user \ + --client-id "" --client-secret --callback-port 8888 \ + sumo-logic "" ``` - If you have existing entries in `mcpServers`, add the `sumo-logic` block alongside them. -1. Save the file and **restart the Claude desktop app** for the change to take effect. -1. On first use, the app will open a browser window to authenticate with Sumo Logic. Log in to complete the OAuth flow. -1. To verify the connection, start a new conversation and ask Claude to `List my available MCP tools`. +1. Open or restart the Claude desktop app. The server is now registered at user scope and will be available in both the Code and Cowork tabs. +1. To authenticate, open a session and run `/mcp`, select **sumo-logic**, then **Authenticate**. A browser window will open to complete the OAuth login. +1. To verify the connection, ask Claude to `List my available MCP tools`. + +### Alternative: Connectors UI + +If you have the **Code tab** available in your Claude desktop app, you can add the server through the Connectors UI instead of the terminal: + +1. In the Code tab, open **Settings** and navigate to **Connectors**. +1. Click **Add custom connector** and enter your deployment's MCP server URL. +1. Complete the OAuth authentication in the browser. + +The Connectors UI does not support entering a pre-registered client ID and secret directly. If the server returns an authentication error, use the terminal method above instead. + +### Advanced: Edit `~/.claude.json` directly + +For scripted or automated setup, you can write the server entry directly to `~/.claude.json` under the top-level `mcpServers` key. The client secret must be provided separately via `--client-secret` (it is stored in the keychain, not in the file): + +```bash +claude mcp add-json sumo-logic \ + '{"type":"http","url":"","oauth":{"clientId":"","callbackPort":8888}}' \ + --client-secret +``` + +The JSON structure for reference: + +```json +{ + "mcpServers": { + "sumo-logic": { + "type": "http", + "url": "", + "oauth": { + "clientId": "", + "callbackPort": 8888 + } + } + } +} +``` :::note -The `mcpServers` config is per-machine and per-user. Each team member needs to add the config to their own `claude_desktop_config.json`. There is no shared org-level config file. +The `mcpServers` config in `~/.claude.json` is per-machine and per-user. Each team member must register the server on their own machine. There is no shared org-level config directory. ::: ## Available MCP tools @@ -421,6 +447,10 @@ Agents connected via MCP run in your own environment, not within Sumo Logic infr ### Can I share my MCP configuration with my whole team at once? -No. MCP servers must be registered individually on each team member's machine — either via `claude mcp add` (Claude Code CLI) or by editing `claude_desktop_config.json` (Claude desktop app). There is no shared org-level config directory that Claude reads automatically. +No. MCP servers must be registered individually on each team member's machine via `claude mcp add`. There is no shared org-level config directory that Claude reads automatically. For project-scoped sharing, you can commit `.mcp.json` to your repository — teammates will be prompted to approve it when they open the project. For Teams and Enterprise accounts, your org admin must first enable MCP access under **Admin settings > Capabilities**. + +### Why doesn't editing `claude_desktop_config.json` work? + +That file is for the separate **Claude Desktop chat app** and is not read by the Claude Code desktop app or the Cowork tab. For Cowork and Claude Code desktop, use `claude mcp add` from your terminal or edit `~/.claude.json` directly. From 0309ec9a3ceff726056c539b4486cce3ea9f761f Mon Sep 17 00:00:00 2001 From: dgirvin <153232367+dgirvin@users.noreply.github.com> Date: Mon, 8 Jun 2026 10:56:26 -0400 Subject: [PATCH 3/3] docs: split setup into admin (one-time) and user steps The OAuth client is an application credential, not per-user. The admin creates it once and shares client ID + secret with the team. Non-admin team members only need to run claude mcp add with those shared credentials and authenticate as themselves via browser OAuth. Previous doc implied every user needed admin access, which made team rollout impossible. --- docs/api/mcp-server.md | 182 +++++++++++++++++------------------------ 1 file changed, 75 insertions(+), 107 deletions(-) diff --git a/docs/api/mcp-server.md b/docs/api/mcp-server.md index 55fa13371b..43fc16d4b6 100644 --- a/docs/api/mcp-server.md +++ b/docs/api/mcp-server.md @@ -22,11 +22,27 @@ The Sumo Logic MCP server lets MCP clients (external AI models) connect to Sumo +## How setup works + +Setup has two stages that are done by different people: + +1. **Admin setup (once)**. A Sumo Logic Administrator creates one OAuth client for the whole org and shares the **Client ID** and **Client Secret** with the team. No one else needs admin access. +2. **User setup (each team member)**. Each person runs a single terminal command with the shared credentials, then authenticates with their own Sumo Logic login via browser. + +:::note Teams and Enterprise accounts +For Claude Teams and Enterprise accounts, your org admin must also enable MCP server access under **Admin settings > Capabilities** before team members can connect. If setup fails, check there first. +::: + ## Prerequisites -* **Sumo Logic Administrator role**. You'll need this to create OAuth clients. If you're unsure whether you have this role, check your [Preferences](/docs/get-started/onboarding-checklists/). -* **Sumo Logic OAuth client credentials**. The MCP client uses [OAuth client credentials](/docs/manage/security/oauth) to authenticate with Sumo Logic. You'll create them during the setup steps below. -* **MCP server URL for your deployment**. OAuth tokens are deployment-bound, so you must use the correct URL for your Sumo Logic deployment: +### Admin prerequisites + +* **Sumo Logic Administrator role**. Required only to create the OAuth client in step 1 below. + +### User prerequisites + +* **Client ID and Client Secret** shared by your admin (from the admin setup below). +* **MCP server URL for your deployment**. OAuth tokens are deployment-bound — use the URL that matches your Sumo Logic deployment: | Deployment | MCP Server URL | | :--- | :--- | | Asia Pacific (Seoul) | `https://mcp.kr.sumologic.com/mcp` | @@ -39,118 +55,87 @@ The Sumo Logic MCP server lets MCP clients (external AI models) connect to Sumo | US East (N. Virginia) | `https://mcp.sumologic.com/mcp` | | US East (N. Virginia) - FedRAMP | `https://mcp.fed.sumologic.com/mcp` | | US West (Oregon) | `https://mcp.us2.sumologic.com/mcp` | -* **A supported MCP client**. Setup instructions are provided below for: +* **A supported MCP client**: * [Claude Code CLI](https://code.claude.com/docs/en/quickstart) — requires a paid Claude subscription or Anthropic Console account. * [Claude desktop app (Cowork)](https://code.claude.com/docs/en/desktop) — requires a Claude Teams or Enterprise account. -:::note Teams and Enterprise accounts -For Claude Teams and Enterprise accounts, your organization admin must allow MCP servers before members can connect them. Admins can manage this in **Admin settings > Capabilities**. If you cannot complete the setup steps below, contact your org admin to confirm MCP access is enabled. -::: - ## Known limitations * **VS Code**. Recent VS Code releases do not work with the authorization code flow when an explicit client ID and secret are provided. -* **MCP config directories**. There is no shared org-level MCP directory that Claude reads automatically. MCPs must be registered per-user using the methods documented below. +* **MCP config directories**. There is no shared org-level MCP directory that Claude reads automatically. Each team member registers the server on their own machine using the user setup steps below. :::note If you have questions about client compatibility, [contact Sumo Logic Support](https://support.sumologic.com/support/s). ::: -## Configure in Claude Code CLI - -### Authentication - -Claude Code CLI uses OAuth 2.0 Authorization Code flow for authentication. Browser-based login handles token refresh automatically. - -### Setup - -1. In Sumo Logic, create an OAuth client for Claude Code: - 1. Go to **Administration** > **Security** > **OAuth Clients**. - 1. Click **+ Add Client**. - 1. For **Type**, select **Authorization Code**. - 1. Enter a **Name** and optional **Description**. - 1. For **Redirect URI**, enter: - ``` - http://localhost:8888/callback - ``` - 1. Click **Save**. - 1. Copy the **Client ID** and **Client Secret**. You'll use these in the next step. - For more details about OAuth clients, see [OAuth Client Setup](/docs/manage/security/oauth#authorization-code-flow). -1. In a Terminal window, not in Claude Code, register the MCP server. Replace `` with your value from Sumo Logic, and replace `` with your deployment's MCP server URL from the [Prerequisites table](#prerequisites) above. When you run the command, Claude Code prompts you to enter the client secret securely. Choose a scope: - * **User scope** (available in all directories, recommended). - ```bash - claude mcp add --transport http \ - --scope user \ - --client-id "" --client-secret --callback-port 8888 \ - sumo-logic "" - ``` - * **Project scope** (available only in the current directory, writes to `.mcp.json`). - ```bash - claude mcp add --transport http \ - --scope project \ - --client-id "" --client-secret --callback-port 8888 \ - sumo-logic "" - ``` -1. Launch Claude Code. With **user scope**, run `claude` from any directory. With **project scope**, run it from the directory where you registered the server. +## Step 1: Admin creates the OAuth client (once) + +A Sumo Logic Administrator completes this step once for the whole organization. The resulting **Client ID** and **Client Secret** are shared with team members — they are application credentials, not tied to any individual user. + +1. In Sumo Logic, go to **Administration** > **Security** > **OAuth Clients**. +1. Click **+ Add Client**. +1. For **Type**, select **Authorization Code**. +1. Enter a **Name** (for example, `Sumo Logic MCP`) and optional **Description**. +1. For **Redirect URI**, enter: + ``` + http://localhost:8888/callback + ``` +1. Click **Save**. +1. Copy the **Client ID** and **Client Secret** and share them with your team. The Client Secret is shown only once — store it securely (for example, in a password manager or secrets vault). + +For more details about OAuth clients, see [OAuth Client Setup](/docs/manage/security/oauth#authorization-code-flow). + +## Step 2: Each user registers the server + +Each team member completes this step on their own machine using the Client ID and Client Secret from Step 1. No admin access is required. Each person authenticates with their own Sumo Logic credentials via browser, so access is controlled by their individual Sumo Logic permissions. + +Choose your client: + +### Claude Code CLI + +1. Open a Terminal window (not inside a `claude` session) and run the following command. Replace `` with the shared Client ID and `` with your deployment's URL from the [Prerequisites table](#user-prerequisites). When prompted, enter the shared **Client Secret** — it is stored securely in your system keychain and never written to disk in plaintext. + ```bash + claude mcp add --transport http \ + --scope user \ + --client-id "" --client-secret --callback-port 8888 \ + sumo-logic "" + ``` + Use `--scope user` to make the server available in all your projects. Use `--scope project` instead to limit it to the current directory (writes to `.mcp.json`). +1. Start Claude Code: ```bash claude ``` -1. In Claude Code, run `/mcp`. -1. Select **sumo-logic** and then **Authenticate**. -1. Claude Code will open a browser window to authenticate with Sumo Logic. Log in to complete the OAuth flow. -1. Verify the connection with `/mcp` to confirm the server is connected.
Claude Code CLI showing Sumo Logic MCP server connected -1. Prompt Claude Code to `List my available MCP tools` to see what you can do. You can also refer to [Available MCP Tools](#available-mcp-tools). +1. Run `/mcp`, select **sumo-logic**, then **Authenticate**. Your browser will open to Sumo Logic — log in with your own credentials to complete the OAuth flow. +1. Verify the connection with `/mcp`.
Claude Code CLI showing Sumo Logic MCP server connected +1. Run `List my available MCP tools` to confirm access. See also [Available MCP tools](#available-mcp-tools). -## Configure in Claude Desktop App (Cowork) +### Claude Desktop App (Cowork) -The Claude desktop app (including the Cowork tab) shares MCP configuration with Claude Code. The recommended setup path is the same `claude mcp add` terminal command used for the CLI — it registers the server at user scope in `~/.claude.json`, making it available across all Claude surfaces on your machine. +The Cowork tab shares MCP configuration with Claude Code. The setup uses the same terminal command — no config file editing required. :::note `claude_desktop_config.json` is for the separate Claude Desktop chat app and is **not** read by the Claude Code desktop app or Cowork. Do not edit that file for this setup. ::: -### Authentication - -OAuth 2.0 Authorization Code flow is used. A browser window opens on first use to authenticate with Sumo Logic. Token refresh is handled automatically. - -### Setup - -1. In Sumo Logic, create an OAuth client: - 1. Go to **Administration** > **Security** > **OAuth Clients**. - 1. Click **+ Add Client**. - 1. For **Type**, select **Authorization Code**. - 1. Enter a **Name** and optional **Description**. - 1. For **Redirect URI**, enter: - ``` - http://localhost:8888/callback - ``` - 1. Click **Save**. - 1. Copy the **Client ID** and **Client Secret**. - For more details, see [OAuth Client Setup](/docs/manage/security/oauth#authorization-code-flow). -1. Open a Terminal window and run the following command. Replace `` and `` with your values. When prompted, enter your **Client Secret** — it is stored securely in your system keychain, not in any config file. +1. Open a Terminal window and run: ```bash claude mcp add --transport http \ --scope user \ --client-id "" --client-secret --callback-port 8888 \ sumo-logic "" ``` -1. Open or restart the Claude desktop app. The server is now registered at user scope and will be available in both the Code and Cowork tabs. -1. To authenticate, open a session and run `/mcp`, select **sumo-logic**, then **Authenticate**. A browser window will open to complete the OAuth login. -1. To verify the connection, ask Claude to `List my available MCP tools`. + Replace `` with the shared Client ID and `` with your deployment's URL. Enter the shared Client Secret when prompted — it is stored in your system keychain. +1. Open or restart the Claude desktop app. The server is now registered and available in both the Code and Cowork tabs. +1. Open a session, run `/mcp`, select **sumo-logic**, then **Authenticate**. Log in with your own Sumo Logic credentials in the browser to complete the OAuth flow. +1. Ask Claude to `List my available MCP tools` to verify the connection. -### Alternative: Connectors UI +#### Alternative: Connectors UI (Code tab only) -If you have the **Code tab** available in your Claude desktop app, you can add the server through the Connectors UI instead of the terminal: +If you have the **Code tab** in your Claude desktop app, you can add the server through **Settings > Connectors > Add custom connector** by entering the MCP server URL. Note that the Connectors UI does not support entering a pre-registered client ID and secret — if the server returns an authentication error, use the terminal method above instead. -1. In the Code tab, open **Settings** and navigate to **Connectors**. -1. Click **Add custom connector** and enter your deployment's MCP server URL. -1. Complete the OAuth authentication in the browser. +#### Advanced: `~/.claude.json` direct edit -The Connectors UI does not support entering a pre-registered client ID and secret directly. If the server returns an authentication error, use the terminal method above instead. - -### Advanced: Edit `~/.claude.json` directly - -For scripted or automated setup, you can write the server entry directly to `~/.claude.json` under the top-level `mcpServers` key. The client secret must be provided separately via `--client-secret` (it is stored in the keychain, not in the file): +For scripted rollout, use `claude mcp add-json` to write the entry and store the secret in the keychain in one step: ```bash claude mcp add-json sumo-logic \ @@ -158,27 +143,6 @@ claude mcp add-json sumo-logic \ --client-secret ``` -The JSON structure for reference: - -```json -{ - "mcpServers": { - "sumo-logic": { - "type": "http", - "url": "", - "oauth": { - "clientId": "", - "callbackPort": 8888 - } - } - } -} -``` - -:::note -The `mcpServers` config in `~/.claude.json` is per-machine and per-user. Each team member must register the server on their own machine. There is no shared org-level config directory. -::: - ## Available MCP tools Our MCP server provides access to Sumo Logic through these tool categories: @@ -427,6 +391,10 @@ For detailed guidance on securing MCP against cost-based attacks, see our blog p ## FAQ +### Do all team members need Sumo Logic admin access? + +No. Only the person creating the OAuth client in Step 1 needs admin access. That person creates one OAuth client for the whole org and shares the Client ID and Client Secret with the team. Each team member then runs the `claude mcp add` command with those shared credentials and authenticates with their own Sumo Logic login via browser — no admin role required. + ### Can MCP handle multiple operations in a single request? Yes. MCP supports multi-tool calls within a single conversational interaction. @@ -447,10 +415,10 @@ Agents connected via MCP run in your own environment, not within Sumo Logic infr ### Can I share my MCP configuration with my whole team at once? -No. MCP servers must be registered individually on each team member's machine via `claude mcp add`. There is no shared org-level config directory that Claude reads automatically. For project-scoped sharing, you can commit `.mcp.json` to your repository — teammates will be prompted to approve it when they open the project. +Each team member registers the server on their own machine via `claude mcp add` — there is no shared config directory Claude reads automatically. For project-scoped sharing via CLI, commit `.mcp.json` to your repository; teammates will be prompted to approve it when they open the project. For Teams and Enterprise accounts, your org admin must first enable MCP access under **Admin settings > Capabilities**. ### Why doesn't editing `claude_desktop_config.json` work? -That file is for the separate **Claude Desktop chat app** and is not read by the Claude Code desktop app or the Cowork tab. For Cowork and Claude Code desktop, use `claude mcp add` from your terminal or edit `~/.claude.json` directly. +That file is for the separate **Claude Desktop chat app** and is not read by the Claude Code desktop app or the Cowork tab. For Cowork and Claude Code desktop, use `claude mcp add` from your terminal or `claude mcp add-json` for scripted setup.