Casdoor (IAM) MCP. Control users, organizations, and applications from your chat client.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Casdoor (IAM) MCP Server lets you manage user accounts, organizational structure, and connected applications directly from your AI client. You can list users, add new accounts, update profiles, and audit permissions without leaving your IDE or terminal.
It provides full identity lifecycle control through natural conversation.
What your AI agents can do
Add user
Creates a new user account, requiring an owner organization and the username.
Delete user
Removes a user account; requires the owner organization and the username.
Get application
Fetches the specific details for one registered application.
Check the profile and active status of the currently authenticated user using get_userinfo.
Create new user profiles with add_user, modify existing user details with update_user, or remove accounts with delete_user.
List all organizational containers in your IAM and fetch detailed configuration for specific departments using list_organizations and get_organization.
See all connected applications in an organization (list_applications) and retrieve the full details for a single app (get_application).
Fetch detailed profiles for any specific user using get_user.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Casdoor (IAM) MCP Server: 10 Tools for Identity Management
Manage users, organizations, and applications using these 10 tools. Your AI agent calls them to execute identity lifecycle changes.
019e3874add user
Creates a new user account, requiring an owner organization and the username.
019e3874delete user
Removes a user account; requires the owner organization and the username.
019e3874get application
Fetches the specific details for one registered application.
019e3874get organization
Retrieves the full configuration and details for a specific organization.
019e3874get user
Gets the profile details for a user when you know their ID.
019e3874get userinfo
Retrieves the profile data for the user who is currently logged in.
019e3874list applications
Retrieves a list of all applications within a specific organization.
019e3874list organizations
Returns a list of every organization configured in your Casdoor instance.
019e3874list users
Lists all user accounts belonging to a specified organization.
019e3874update user
Modifies an existing user's profile, requiring the format <organization>/<username> for the ID.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Casdoor (IAM), then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Yo, if you're managing users, orgs, and apps through your AI client, you gotta run this Casdoor MCP Server. It hands your agent full control over your identity and access management. You can handle the whole lifecycle—adding, modifying, and deleting users—without ever leaving your IDE or terminal.
Managing Users: You can create new user accounts using add_user, modify existing profiles with update_user, or wipe out accounts completely with delete_user. Need to know who you are? get_userinfo checks the profile and active status of the user currently logged in. Want details on a specific user? get_user pulls up a profile using their ID.
Organizing the Chaos: To map out your structure, list_organizations gives you a list of every container in your IAM. You can then use get_organization to pull the full config and details for any specific department.
Tackling Apps: You can see every connected application in an organization by running list_applications. If you need the deep dive on just one app, get_application fetches all its specific details.
Putting It Together: You can list all users belonging to a specific organization using list_users. You've got the tools to audit who's on the books, see what apps they use, and control the entire user base.
How Casdoor (IAM) MCP Works
- 1 Subscribe to the server and provide your Casdoor Endpoint, Client ID, and Client Secret.
- 2 Your AI client connects to the server via the MCP protocol.
- 3 Tell your agent what you need—for example, 'List all users in the engineering team'—and the agent executes the necessary tools.
The bottom line is that your AI agent handles the connection and API calls, letting you manage all your identity data through natural chat.
Who Is Casdoor (IAM) MCP For?
The DevOps Engineer who needs to provision a test user and audit permissions without leaving their terminal. The Security Analyst who has to manually check user access logs across multiple systems. Full-stack Developers who need to manage test accounts and application settings directly while coding.
Automates user provisioning, organization audits, and environment setup without switching tools or leaving the IDE.
Quickly inspects user permissions, checks application configurations, and verifies access rights for compliance reviews.
Manages test users and application settings directly within their development environment to maintain coding flow.
What Changes When You Connect
- Manage user accounts without leaving your workflow. Instead of logging into the Casdoor UI, you tell your agent to
add_user,update_user, ordelete_userand it handles the API calls. - Audit your entire IAM structure in one go. Use
list_organizationsto see every department and thenlist_usersto get a count of people in that department. - Verify who's looking at the system.
get_userinfoinstantly pulls the profile of the currently authenticated user, making compliance checks fast. - Streamline app management. Use
list_applicationsto see what apps are connected, andget_applicationto check its specific permissions. - Stop manual lookups. Need to find a user? Use
get_userwith the ID, or uselist_usersto browse all users in an organization. - Handle complex changes. If a user needs a profile update, you just ask to
update_userinstead of navigating multiple forms.
Real-World Use Cases
Onboarding a New Team Member
A manager needs to set up a new user. They ask their agent to 'add a user named jsmith to the marketing team.' The agent executes add_user and confirms the account is live. No dashboard clicking required.
Security Audit of Department Access
A security engineer needs to audit access. They ask the agent to 'list all organizations' (list_organizations), then select 'finance-dept', and ask the agent to 'list users' (list_users) for that group. This generates a full access report instantly.
Fixing a Stale User Profile
A developer finds a test user's email is wrong. They tell the agent to 'update the profile for testuser.' The agent uses update_user to fix the email without needing to manually log in and edit the record.
Checking Current User Permissions
Before running a script, a developer checks their own permissions. They ask the agent to 'get my profile details.' The agent runs get_userinfo and confirms their active status and email.
The Tradeoffs
Manual API Chaining
Writing code that first calls list_organizations, then takes the name, calls list_users with that name, and finally calls get_user for a specific ID. This is slow and fails if any single API call fails.
→
Tell your agent to perform the entire sequence in one prompt. The agent handles the calls: it runs list_organizations first, then uses the returned data to call list_users, completing the audit in a single, coherent interaction.
Ignoring Scope
Trying to update a user using only their username, even if that username exists in multiple organizations. The system will fail or update the wrong account.
→
Always specify the full scope. Use the format <organization>/<username> when calling update_user or get_user to guarantee you hit the right record.
Assumption of Data Availability
Assuming a user exists just because they were mentioned in a chat, and trying to run get_userinfo or update_user without confirming the account ID first.
→
Always check first. Run list_users to confirm the user exists and is in the right organization before attempting any write operation like update_user.
When It Fits, When It Doesn't
Use this server if you need to manage identity and access control (IAM) data. Specifically, if your workflow requires creating, reading, updating, or deleting user accounts, or listing connected applications. Don't use it if you only need to read static configuration data that isn't tied to a user or app. For instance, if you just need to check if a service is running, that's a different kind of tool. If you need to manage who can access what, this is the right tool.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Casdoor. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Managing user accounts usually means clicking through six different dashboards.
Today, if you need to see who has access to the finance app, you have to log into the IAM portal. You find the organization, click the 'Users' tab, search for the person, and then navigate to the 'Permissions' tab to check access. It's a lot of tabs, copy-pasting names, and endless clicking.
With this MCP server, you just tell your agent, 'Show me the users in the finance department.' The agent runs `list_users` and spits out the list, including their current status. You get the data you need in seconds, straight into your chat.
Casdoor (IAM) MCP Server: Audit user and app access
Previously, auditing access meant running reports that took hours to compile, or worse, manually checking permissions for dozens of users across different systems. You were limited by the UI's report generation limits.
Now, you ask the agent to 'list all organizations' and then 'get the application details' for a specific app. You get the raw, structured data instantly. The whole process shifts from manual report generation to a single conversational query.
Common Questions About Casdoor (IAM) MCP
How do I use the `add_user` tool in Casdoor (IAM) MCP Server? +
You tell your agent to add the user and specify the owner organization and the desired username. The agent handles the API call, and you get a confirmation message saying the user was created.
Can I check my own profile using the `get_userinfo` tool? +
Yes. Simply ask the agent to 'get my user profile' or 'get userinfo.' It instantly retrieves the profile of the account that is currently running the query.
What is the proper format for `update_user`? +
The update_user tool requires the ID parameter to be formatted as <organization>/<username>. Don't just give the username; you need both parts.
How do I list all applications with `list_applications`? +
You must first specify the organization name. Then, you ask the agent to run list_applications for that specific scope, and it will return all connected apps.
What if I want to delete a user account using `delete_user`? +
+
You must specify both the organization and the username. The agent uses delete_user to remove the account, and you get a confirmation of the deletion.
How do I check if a specific organization exists using `get_organization`? +
Use get_organization and provide the exact name you want to check. This tool returns the organization's details if it exists, or an error if it doesn't. This confirms the structure of your IAM hierarchy before you try to manage users or applications within it.
What tools can I use to list all users in a specific organization? +
You use list_users for this. Just provide the organization's identifier, and the tool returns a list of usernames and basic profiles. If you need more data on a specific user, you can then use get_user.
How do I list all users belonging to a specific organization? +
Use the list_users tool and provide the organization name in the 'owner' parameter. The agent will return a list of all users registered under that organization.
What format should I use to fetch a specific user's details? +
When using the get_user tool, the ID must be formatted as /. For example, to find user 'alice' in the 'built-in' organization, use 'built-in/alice'.
Can I manage applications and organizations as well? +
Yes. You can use list_organizations and get_organization to manage your hierarchy, and list_applications or get_application to inspect app-specific configurations.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Novu
Automate multi-channel notifications via Novu — trigger workflows, manage subscribers, and handle preferences directly from any AI agent.
Object Hash Engine
Generate deterministic SHA-256 fingerprints of any JSON object. Keys are automatically sorted so {b:2,a:1} and {a:1,b:2} always produce the exact same hash. Essential for deduplication.
Traefik Hub
Cloud-native API Management & Gateway evaluating proxy topologies explicitly running Kubernetes integrations.
You might also like
Acuity Scheduling
Manage appointments, availability, calendars, classes, and products for your Acuity Scheduling-powered business through natural conversation.
Vonage Alternative
Manage your Vonage communications — send SMS and audit account data via AI.
ZIP Codes API
Manage ZIP code data — audit locations, distances, and regions via AI.