From 186d058ea2e84b6e70615b31e36104673a02dc93 Mon Sep 17 00:00:00 2001 From: philip-ellis-sp Date: Wed, 24 Jun 2026 22:28:44 -0400 Subject: [PATCH 1/2] updated docs for MCP urls --- .../getting-started.mdx | 51 +++++++++++++------ 1 file changed, 35 insertions(+), 16 deletions(-) diff --git a/docs/extensibility/model-context-protocol/getting-started.mdx b/docs/extensibility/model-context-protocol/getting-started.mdx index a80bc20b41bb5..925fb60ae83d0 100644 --- a/docs/extensibility/model-context-protocol/getting-started.mdx +++ b/docs/extensibility/model-context-protocol/getting-started.mdx @@ -53,34 +53,57 @@ In the MCP Inspector sidebar, locate the **Transport Type** dropdown menu and se ### Enter Your Server URL -In the **URL field**, enter your SailPoint MCP server endpoint: +SailPoint provides two MCP URL options: + +**Global URL (recommended):** + +``` +https://mcp.sailpoint.com/latest/access-requests/mcp +``` + +This URL works for all tenants without any tenant-specific configuration. It is the recommended entry point for AI client integration. + +**Tenant-specific URL:** ``` -https://[tenant].api.identitynow.com/v2025/access-requests/mcp +https://[tenant].api.identitynow.com/latest/access-requests/mcp ``` -**Replace `[tenant]` with your actual tenant name.** For example: -- If your SailPoint URL is `https://acme.identitynow.com`, use `acme` -- Full URL would be: `https://acme.api.identitynow.com/v2025/access-requests/mcp` +Replace `[tenant]` with your actual tenant name. For example, if your SailPoint URL is `https://acme.identitynow.com`, the full URL would be `https://acme.api.identitynow.com/latest/access-requests/mcp`. + +:::note FedRAMP and data sovereignty +Customers with FedRAMP or data sovereignty requirements should continue using the tenant-specific URL instead of the global URL. +::: ## Step 3: Set Up Authentication -### Prepare Your Access Token +### Using the Global URL (OAuth Discovery) + +AI clients that support OAuth discovery via `.well-known` endpoints will **automatically discover** the authorization and token endpoints from the global MCP URL — no manual endpoint configuration is needed. -You'll need a valid SailPoint API access token. If you don't have one yet: +If your AI client cannot determine the tenant from your client ID, you will be prompted to enter your tenant name during the OAuth flow. -1. Follow our [Authentication documentation](../../api/authentication.md) to generate a token +If you need to configure OAuth endpoints manually, use these global URLs: + +| Endpoint | URL | +|---|---| +| Authorization | `https://login.sailpoint.com/oauth/authorize` | +| Token | `https://api.identitynow.com/oauth/token` | + +### Using the Tenant-Specific URL (Bearer Token) + +If you are using the tenant-specific URL, you can authenticate with a bearer token directly: + +1. Follow our [Authentication documentation](../../api/authentication.md) to generate an access token 2. Ensure your token has the necessary permissions for MCP operations -3. Copy the token value - you'll need it in the next step -### Configure Authentication in MCP Inspector +In the MCP Inspector: -1. Select the **Authentication** tab in the MCP Inspector +1. Select the **Authentication** tab 2. Set the following values: - **Header Name**: `Authorization` - **Bearer Token**: Paste your access token (include the "Bearer " prefix) - ### Connect to the Server Select **Connect** to establish the connection. @@ -105,10 +128,6 @@ Select **List Tools** to retrieve available MCP tools from the SailPoint server. The SailPoint MCP server currently provides four core tools. -## Test the connection by listing the available tools - -Select `List Tools` to see the available tools. If the connection is successful, you will see a list of tools: - ![Available Tools](./img/mcp-tools.png) ## Next Steps From ba3a4344d14e0c81e1877e0a46e32443573b5332 Mon Sep 17 00:00:00 2001 From: philip-ellis-sp Date: Fri, 26 Jun 2026 09:27:30 -0400 Subject: [PATCH 2/2] added new auth links to example docs --- .../integrations/claude-code.md | 10 +++------- .../integrations/claude-desktop.md | 9 +++------ .../model-context-protocol/integrations/cursor.md | 11 ++++------- .../model-context-protocol/integrations/vs-code.md | 9 +++------ 4 files changed, 13 insertions(+), 26 deletions(-) diff --git a/docs/extensibility/model-context-protocol/integrations/claude-code.md b/docs/extensibility/model-context-protocol/integrations/claude-code.md index 089a7ccf431e0..26256a5067b4c 100644 --- a/docs/extensibility/model-context-protocol/integrations/claude-code.md +++ b/docs/extensibility/model-context-protocol/integrations/claude-code.md @@ -58,13 +58,10 @@ To make the environment variable persistent across sessions, add it to your shel Once your authentication is configured, you can add the MCP server to Claude Code using the following command: -**Replace `[tenant]` with your tenant name.** For example: - -- If your SailPoint URL is `https://acme.identitynow.com`, use `acme` -- Full URL would be: `https://acme.api.identitynow.com/v2025/access-requests/mcp` +The command below uses the global MCP URL, which works for all tenants without any tenant-specific changes. ```bash -claude mcp add-json sailpoint-mcp '{"type":"stdio","command":"npx","args":["mcp-remote@latest","https://[tenant].api.cloud.sailpoint.com/v2025/access-requests/mcp","--header","Authorization: Bearer ${AUTH_TOKEN}"]}' +claude mcp add-json sailpoint-mcp '{"type":"stdio","command":"npx","args":["mcp-remote@latest","https://mcp.sailpoint.com/latest/access-requests/mcp","--header","Authorization: Bearer ${AUTH_TOKEN}"]}' ``` ### Using the --scope Flag @@ -83,8 +80,7 @@ Let's break down the base command: - `"command": "npx"` - Uses npx to run the MCP remote package - `"args": [...]` - Array of arguments passed to the npx command: - `"mcp-remote@latest"` - The MCP remote package (always uses latest version) - - `"https://[tenant].api.cloud.sailpoint.com/v2025/access-requests/mcp"` - Your MCP server endpoint - - `"--debug"` - Enables debug logging for troubleshooting + - `"https://mcp.sailpoint.com/latest/access-requests/mcp"` - The global MCP server endpoint - `"--header"` - Specifies a custom header for authentication - `"Authorization: Bearer ${AUTH_TOKEN}"` - The authorization header using your environment variable diff --git a/docs/extensibility/model-context-protocol/integrations/claude-desktop.md b/docs/extensibility/model-context-protocol/integrations/claude-desktop.md index 0454c261d7953..3ab6c0d671a91 100644 --- a/docs/extensibility/model-context-protocol/integrations/claude-desktop.md +++ b/docs/extensibility/model-context-protocol/integrations/claude-desktop.md @@ -48,12 +48,9 @@ This will take you to the Claude Desktop config file in your filesystem `claude_ Copy and paste the following snippet. -**Replace `[tenant]` with your tenant name.** For example: +**Replace `your_auth_token_here` with your authorization token.** -- If your SailPoint URL is `https://acme.identitynow.com`, use `acme` -- Full URL would be: `https://acme.api.identitynow.com/v2025/access-requests/mcp` - -**Replace `your_auth_token_here` with your authorization token** +The configuration uses the global MCP URL, which works for all tenants without any tenant-specific changes. ```json { @@ -62,7 +59,7 @@ Copy and paste the following snippet. "command": "npx", "args": [ "mcp-remote@latest", - "https://[tenant].api.cloud.sailpoint.com/v2025/access-requests/mcp", + "https://mcp.sailpoint.com/latest/access-requests/mcp", "--debug", "--header", "Authorization: Bearer ${AUTH_TOKEN}" diff --git a/docs/extensibility/model-context-protocol/integrations/cursor.md b/docs/extensibility/model-context-protocol/integrations/cursor.md index 70d6d5f331e23..3f83ac1ac3cbf 100644 --- a/docs/extensibility/model-context-protocol/integrations/cursor.md +++ b/docs/extensibility/model-context-protocol/integrations/cursor.md @@ -27,22 +27,19 @@ Before configuring this integration, please confirm with your organization's adm Cursor allows for deep links into its configuration. By clicking the button below, you will be asked to open the link in Cursor. This will take you to the MCP Server configuration with most of the configuration filled out for you. -[![Install MCP Server](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en/install-mcp?name=SailPoint%20MCP&config=ewogICAgImNvbW1hbmQiOiAibnB4IiwKICAgICJlbnYiOiB7CiAgICAgICAgIkFVVEhfVE9LRU4iOiAieW91cl9hdXRoX3Rva2VuX2hlcmUiCiAgICB9LAogICAgImFyZ3MiOiBbCiAgICAgICAgIm1jcC1yZW1vdGVAbGF0ZXN0IiwKICAgICAgICAiaHR0cHM6Ly9bdGVuYW50XS5hcGkuY2xvdWQuc2FpbHBvaW50LmNvbS92MjAyNS9hY2Nlc3MtcmVxdWVzdHMvbWNwIiwKICAgICAgICAiLS1kZWJ1ZyIsCiAgICAgICAgIi0taGVhZGVyIiwKICAgICAgICAiQXV0aG9yaXphdGlvbjogQmVhcmVyICR7QVVUSF9UT0tFTn0iCiAgICBdCn0=) +[![Install MCP Server](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en/install-mcp?name=SailPoint%20MCP&config=ewogICAgImNvbW1hbmQiOiAibnB4IiwKICAgICJlbnYiOiB7CiAgICAgICAgIkFVVEhfVE9LRU4iOiAieW91cl9hdXRoX3Rva2VuX2hlcmUiCiAgICB9LAogICAgImFyZ3MiOiBbCiAgICAgICAgIm1jcC1yZW1vdGVAbGF0ZXN0IiwKICAgICAgICAiaHR0cHM6Ly9tY3Auc2FpbHBvaW50LmNvbS9sYXRlc3QvYWNjZXNzLXJlcXVlc3RzL21jcCIsCiAgICAgICAgIi0tZGVidWciLAogICAgICAgICItLWhlYWRlciIsCiAgICAgICAgIkF1dGhvcml6YXRpb246IEJlYXJlciAke0FVVEhfVE9LRU59IgogICAgXQp9) Once in Cursor, following the prompt to install the SailPoint MCP server and select install to continue. ![cursor install](../img/cursor-install.png) -## Step 2: Add your tenant details +## Step 2: Add your authentication token Click the edit icon next to the newly installed SailPoint MCP server. This will bring up the `mcp.json` file in the editor. -**Replace `[tenant]` with your actual tenant name.** For example: +The configuration uses the global MCP URL (`https://mcp.sailpoint.com/latest/access-requests/mcp`), which works for all tenants without any tenant-specific changes. -- If your SailPoint URL is `https://acme.identitynow.com`, use `acme` -- Full URL would be: `https://acme.api.identitynow.com/v2025/access-requests/mcp` - -**Replace `your_auth_token_here` with your authorization token** +**Replace `your_auth_token_here` with your authorization token.** Save the file. diff --git a/docs/extensibility/model-context-protocol/integrations/vs-code.md b/docs/extensibility/model-context-protocol/integrations/vs-code.md index a47dfed92ee32..5ac5310fa41df 100644 --- a/docs/extensibility/model-context-protocol/integrations/vs-code.md +++ b/docs/extensibility/model-context-protocol/integrations/vs-code.md @@ -45,6 +45,8 @@ This setting allows VS Code to discover and connect to MCP servers defined in yo 3. Search for and select `MCP: Open User Configuration`. 4. Add the following configuration to `mcp.json`: +The configuration below uses the global MCP URL, which works for all tenants without any tenant-specific changes. + ```json { "servers": { @@ -53,7 +55,7 @@ This setting allows VS Code to discover and connect to MCP servers defined in yo "args": [ "mcp-remote@latest", // highlight-next-line - "https://[tenant].api.cloud.sailpoint.com/v2025/access-requests/mcp", + "https://mcp.sailpoint.com/latest/access-requests/mcp", "--debug", "--header", "Authorization: Bearer ${input:AUTH_TOKEN}" @@ -71,11 +73,6 @@ This setting allows VS Code to discover and connect to MCP servers defined in yo } ``` -**Replace `[tenant]` with your tenant name.** For example: - -- If your SailPoint URL is `https://acme.identitynow.com`, use `acme` -- Full URL would be: `https://acme.api.identitynow.com/v2025/access-requests/mcp` - ## Step 3: Connect to the MCP Server 1. Open the Command Palette.