# Clerk MCP MCP

> Clerk manages user authentication and multi-tenant structures directly through your AI client. Get instant programmatic control over user profiles, organizations, and invitation lifecycles without touching a dashboard. It's full auth governance via natural conversation.

## Overview
- **Category:** loved-by-devs
- **Price:** Free
- **Tags:** authentication, user-management, sso, multi-factor-auth, session-handling, user-profiles

## Description

Managing user access used to mean digging deep into separate dashboards or writing complex scripts just to check if an account was active. This MCP lets your agent handle that complexity in plain language. You can list and manage every registered account, pull detailed profiles for any specific user, and coordinate the entire organization structure programmatically. Need to bring a new team member on board? Your agent handles sending trackable invitations via email. If you need to check who's in what department or if an organization needs restructuring, it figures out the relationships for you. Because this MCP deals with sensitive credentials, Vinkius routes all keys through a zero-trust proxy; your secrets never sit on disk. This means you can treat user authentication as just another conversation topic—your AI acts like a dedicated auth architect managing everything from user directory listings to invitation tracking.

## Tools

### create_auth_invitation
Sends a new, trackable email invitation to a specified recipient's address.

### create_auth_organization
Establishes a new, isolated organizational environment within your application.

### get_auth_user_details
Fetches specific, detailed metadata for one individual user based on their ID.

### list_auth_invitations
Provides an overview of all pending and past user invitations that have been sent out.

### list_auth_organizations
Shows all multi-tenant containers or organizations that currently exist in the system.

### list_auth_users
Retrieves a comprehensive list of every registered user in the application's directory.

## Prompt Examples

**Prompt:** 
```
List all registered users in my Clerk application.
```

**Response:** 
```
I've retrieved your user directory. You currently have 5 registered users, including 'John Doe' (ID: user_123) and 'Jane Smith'. Would you like the full profile metadata for any of them?
```

**Prompt:** 
```
Send an invitation to 'newuser@example.com' with redirect to 'https://vinkius.com/start'.
```

**Response:** 
```
Invitation dispatched! I've successfully sent an email invite to newuser@example.com. The invitation ID is 'inv_456'. I'll alert you as soon as they complete their registration.
```

**Prompt:** 
```
Show all active organizations and their slugs.
```

**Response:** 
```
Accessing multi-tenant data... You have 2 active organizations: 'Vinkius Enterprise' (Slug: vinkius-ent) and 'Beta Testers'. Would you like me to check for any pending invites within these teams?
```

## Capabilities

### List all users
Retrieves the complete list of every active and dormant account in your application.

### Create an organization
Sets up a new multi-tenant container, allowing you to segment and manage different groups within one system.

### Get user profiles
Fetches detailed metadata for a single user, including their full contact information and authentication status.

### List organizations
Shows you all the distinct organizational structures currently set up in your system.

### Send invitations
Dispatches trackable email invites to new users, complete with custom redirect URLs for smooth onboarding.

## Use Cases

### Onboarding a new department
The Ops Manager needs 10 people added. They ask their agent to first create a new organization, then list all the users in that group, and finally dispatch invitations for every single person on the approved roster.

### Auditing team access rights
A Security Admin needs to confirm if anyone has suspicious credentials. They ask the agent to get user details for a specific ID and then list all organizations that ID belongs to, verifying least privilege.

### Reactivating dormant accounts
The Product Manager discovers an old organization needs updating. They use the tool to list existing organizations first, identify the correct slug, and then get user details on key personnel for review.

### Debugging a failed signup flow
A Developer notices a new signup link isn't working. They ask their agent to list invitations, find the specific invitation ID, and check its status to see if it was accepted or if there’s a redirect issue.

## Benefits

- List all users: Instead of exporting a CSV just to count accounts, asking your agent to list all users gives you an instant directory view. You know exactly who's registered right now.
- Organization architecture control: Need to see how many separate teams exist? Calling the tool to list organizations shows you every tenant boundary in real time, letting you coordinate complex team setups.
- Automated onboarding: Use the invitation tools to dispatch emails and track them. Your agent handles sending the invite and recording its status so you never lose a signup lead.
- Deep user visibility: Never guess about a profile again. You can retrieve detailed user profiles—getting all the metadata you need—without jumping through five different tabs.
- Auditability: Need to know who was supposed to get access? Listing invitations lets you monitor the entire onboarding pipeline, checking every sent invite's status.

## How It Works

The bottom line is that you manage complex user workflows by talking to your AI client instead of clicking through multiple developer portals.

1. First, subscribe to this MCP and retrieve your Secret Key from the Clerk Dashboard.
2. Next, you talk to your agent using natural language commands—for instance, asking it to list all users or create a new organization.
3. Finally, your agent executes the required actions, returning structured data on user status, invitation IDs, and organizational details.

## Frequently Asked Questions

**How do I check if an account exists using the list_auth_users tool?**
You use `list_auth_users` first to get a directory of all IDs. If you find the ID, then call `get_auth_user_details` to confirm its current status and full profile data.

**What is the difference between list_auth_organizations and create_auth_organization?**
`list_auth_organizations` reads the existing structure, showing you all active tenants. `create_auth_organization` actually builds a new container for an entirely separate group of users.

**Can I track invitations using list_auth_invitations?**
Yes. `list_auth_invitations` gives you a record of all sent invites, letting you see their status and ensuring no new user signups are falling through the cracks.

**Do I need to use get_auth_user_details when creating an invitation?**
No. While `get_auth_user_details` fetches existing data, you only need to call `create_auth_invitation` if the user does not yet have an active account.

**When I use get_auth_user_details, what specific high-fidelity data points can my agent pull on a user's authentication status?**
It pulls detailed metadata covering the full lifecycle of an account. You can access current contact info, historical authentication records, and the precise operational status of the user without needing to manually check separate logs.

**What is the process for ensuring I have multi-tenant visibility when running list_auth_organizations?**
You need access to view all organizations and their related team structures. The agent can monitor these environments in real time, allowing you to coordinate access control across multiple distinct operational silos.

**If I use create_auth_invitation, how do I verify that the invitation was sent correctly and track its unique ID?**
You run list_auth_invitations immediately after sending. This shows you a comprehensive directory of all invitations, confirming the dispatch and providing the specific ID for tracking purposes.

**If I need to build an automated workflow starting with list_auth_users, can my agent then use that data to perform another action?**
Yes. Your AI client uses the user directory from list_auth_users as input context for subsequent calls. For instance, it can take a list of users and automatically trigger multiple create_auth_invitation commands.