PropelAuth MCP. Manage B2B identity lifecycle via conversation.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
PropelAuth MCP Server manages B2B identity lifecycles for your AI agent. It handles user creation, organization governance, role assignment, and full API key management without needing manual dashboard interaction.
Your agent can programmatically create users (`create_user`), manage memberships (`add_user_to_org`), or audit access via `get_api_key_usage` directly in conversation.
What your AI agents can do
Add user to org
Assigns a specified user to an existing organization.
Allow saml
Activates or deactivates SAML authentication for an entire organization.
Change user role in org
Updates a user's specific role within one of their organizations.
Create, update, disable, or delete individual user accounts and manage their passwords.
Build out multi-tenant environments by creating organizations and assigning users to specific tenants with defined roles.
Programmatically generate, validate, update, or delete end-user API keys while tracking usage metrics.
Configure enterprise identity standards like SAML and OIDC by setting metadata and generating setup links.
Find specific users or organizations using unique identifiers like email, username, or organization ID.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
PropelAuth (B2B Authentication) MCP Server: 42 Tools
Use these tools to programmatically manage user accounts, organizational structures, and API keys for B2B environments via your AI agent.
019e5d4badd user to org
Assigns a specified user to an existing organization.
019e5d4ballow saml
Activates or deactivates SAML authentication for an entire organization.
019e5d4bchange user role in org
Updates a user's specific role within one of their organizations.
019e5d4bclear user password
Resets and clears the password for any specified user account.
019e5d4bcreate access token
Generates a temporary access token, useful for testing or machine-to-machine calls.
019e5d4bcreate api key
Generates and provisions a brand new API key for an end-user.
019e5d4bcreate magic link
Creates a unique, time-sensitive magic link for a user's passwordless login.
019e5d4bcreate org
Establishes and provisions a new client organization within the platform.
019e5d4bcreate saml connection link
Generates the specific setup link needed to connect an organization via SAML SSO.
019e5d4bcreate user
Creates a new user account and profile in PropelAuth.
019e5d4bdelete api key
Removes an end-user API key from the system.
019e5d4bdelete org
Permanently deletes an entire organization and all associated data.
019e5d4bdelete user
Deletes a user account entirely from the system.
019e5d4bdisable user
Blocks or disables a specific user, preventing them from logging in.
019e5d4benable user
Restores account access by enabling a previously disabled user.
019e5d4bget active api keys
Retrieves a list of all currently active API keys across the system.
019e5d4bget api key usage
Pulls usage statistics and consumption data for specific API keys.
019e5d4bget custom role mappings
Fetches definitions of custom roles used within the platform.
019e5d4bget oauth tokens
Retrieves current OAuth tokens associated with a user's account.
019e5d4bget org
Fetches all details for a specific organization using its unique ID.
019e5d4bget saml sp metadata
Retrieves the Service Provider (SP) metadata needed to configure SAML SSO.
019e5d4bget user
Fetches all data for a user using their unique ID.
019e5d4bget user by email
Finds and returns a user's profile based on their registered email address.
019e5d4bget user by username
Locates a specific user account using only their unique username.
019e5d4bget users in org
Lists all users who belong to a specific organization.
019e5d4bgo live saml
Sets an existing SAML connection configuration to 'live' status, making it active for login.
019e5d4binvite user to org
Sends an invitation email and adds a user to an organization roster.
019e5d4blogout all user sessions
Invalidates all active sessions for a given user, forcing them to re-login.
019e5d4bmigrate user
Moves an existing user account from another system into PropelAuth's management scope.
019e5d4bquery orgs
Searches and lists multiple organizations based on provided criteria.
019e5d4bquery users
Lists all users, supporting filtering and pagination for large directories.
019e5d4brefresh provider token
Updates an expired OAuth provider token for a specific user's account.
019e5d4bremove user from org
Removes a user membership from one or more organizations.
019e5d4bset oidc idp metadata
Configures the necessary metadata for an OpenID Connect (OIDC) Identity Provider.
019e5d4bset saml idp metadata
Sets the required metadata for a SAML Identity Provider.
019e5d4bsubscribe org to mapping
Links an organization to a custom role mapping structure.
019e5d4bupdate api key
Modifies the details or scope of an existing end-user API key.
019e5d4bupdate org
Updates general metadata (like name or billing info) for an organization.
019e5d4bupdate user
Modifies a user's profile details, such as their name or phone number.
019e5d4bupdate user email
Changes the primary email address associated with a user account.
019e5d4bupdate user password
Allows an administrator to manually change a user's password.
019e5d4bvalidate api key
Checks if an API key is valid, active, and still within its usage limits.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with PropelAuth (B2B Authentication), then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
PropelAuth handles your entire B2B identity lifecycle so you don't have to touch a dashboard. Your agent treats user and organization management like simple natural language commands. You can build out complex, multi-tenant systems—creating new client organizations with create_org, querying multiple tenants using query_orgs, or updating general organizational details via update_org.
You'll also get full details on a specific tenant using get_org and you can permanently wipe an organization and all its data with delete_org.
When it comes to users, your agent manages the entire identity lifecycle. You can create new accounts for clients with create_user, or find existing people quickly by their email address with get_user_by_email, or just by username using get_user_by_username. If a user needs an update—say, changing their name via update_user or switching their primary email with update_user_email—you'll handle it.
For security, you can manually change passwords with update_user_password, reset the password and clear credentials using clear_user_password, and block an account entirely by calling disable_user; don't forget that you can restore access anytime with enable_user. You also have tools to manage membership: you can send out invites and add a user roster directly with invite_user_to_org, or remove them from a tenant using remove_user_from_org.
If someone needs to leave, your agent handles it by calling delete_user or delete_api_key.
For enterprise setups, you've got full control over federation. You can configure OpenID Connect (OIDC) and SAML identity providers by setting the required metadata using set_oidc_idp_metadata or set_saml_idp_metadata. To get a client connected via SAML SSO, your agent generates the exact setup link with create_saml_connection_link, and you can activate the connection globally using allow_saml or flip an existing config to 'live' status with go_live_saml.
You can also migrate existing users from other systems into PropelAuth's management scope via migrate_user, and if a user needs immediate lockout, your agent invalidates all their active sessions using logout_all_user_sessions.
API key governance is handled programmatically. Your agent generates brand new keys for end-users with create_api_key, or provisions temporary tokens for testing machine calls using create_access_token. When a key needs adjusting, you can modify its scope or details with update_api_key, and if it's stale, you delete it instantly with delete_api_key.
To keep tabs on usage, your agent pulls consumption data via get_api_key_usage and retrieves a list of all active keys using get_active_api_keys. You can also check key status in real-time by running the validate_api_key tool.
When you need to audit access or find specific records, your agent has multiple lookup options. You can pull every detail about a user with get_user, or list everyone belonging to a tenant using get_users_in_org. For deeper reads, you can check current OAuth tokens associated with an account via get_oauth_tokens and get the complete details for any organization with get_org.
You'll also find tools that let you query users and organizations in bulk, supporting filtering and pagination through query_users and query_orgs, respectively. For roles, you can fetch definitions of custom roles used across the platform by calling get_custom_role_mappings or linking a tenant to these structures with subscribe_org_to_mapping. Finally, if a user needs to log in without a password, your agent generates a unique, time-sensitive magic link using create_magic_link, and you can refresh an expired provider token for any account using refresh_provider_token.
How PropelAuth MCP Works
- 1 Subscribe to the PropelAuth server on Vinkius Marketplace.
- 2 Enter your API Key and Authentication URL from your PropelAuth dashboard into the connection settings.
- 3 Direct your AI client (Claude, Cursor, etc.) to execute actions like 'List all users in Organization X' or 'Reset user password for Y'.
The bottom line is that you control complex B2B identity operations entirely through conversational prompts.
Who Is PropelAuth MCP For?
This server targets security and development roles. It's for the DevOps engineer who hates manual audit reports, or the Customer Success Manager who needs to fix a user account in seconds during a support call without context switching. If your job involves managing access control across multiple client tenants, you need this.
Automating user offboarding procedures, running regular audits on API key usage (get_api_key_usage), and enforcing policy changes (e.g., disable_user).
Quickly looking up a client's details using their email, resetting passwords via clear_user_password, or manually inviting them to a new organization (invite_user_to_org).
Testing complex authentication flows (SAML/OIDC) by generating setup metadata or creating test access tokens (create_access_token) directly from the chat interface.
What Changes When You Connect
- You control user access without context switching. Instead of navigating deep into a dashboard to change roles, you simply ask your agent to 'Change the role of John Doe in Acme Corp to Read-Only.'
- API key governance becomes immediate. You can run
get_api_key_usageto see which keys are hitting limits or generating unnecessary traffic, stopping potential overspending before it happens. - Onboarding is faster and safer. Use the agent to
create_org, then immediately useinvite_user_to_orgfor the first three users, completing a multi-step workflow in one chat session. - Revoking access is comprehensive. If an employee leaves, your agent can run
logout_all_user_sessionsfollowed bydelete_api_keyand then finallydisable_user, ensuring all digital footprints are erased. - Federation setup is streamlined. You generate the necessary SAML or OIDC metadata (
set_saml_idp_metadata) using a simple prompt, eliminating complex XML file downloads and manual API calls.
Real-World Use Cases
Auditing User Access Post-Incident
A security analyst finds suspicious activity. They ask the agent to 'List all users in Org 123.' The agent runs get_users_in_org, identifies two accounts, and then uses get_user on both IDs to check their last login and current roles, allowing them to immediately decide if they need to run disable_user.
Client Expansion and Onboarding
A CSM signs a new client. They prompt the agent: 'Create a new organization called BetaTest.' The agent runs create_org. Next, they invite the core team via email using invite_user_to_org, setting their initial roles with change_user_role_in_org.
Debugging API Key Issues
A developer reports a service failing due to an expired key. They ask the agent to 'Check API usage for client X.' The agent runs get_api_key_usage, finds the key is stale, and automatically executes refresh_provider_token.
Deactivating a Former Employee
An HR manager needs to terminate an account. They ask the agent to 'Remove Jane Doe's access.' The agent runs logout_all_user_sessions, then finds all API keys using get_active_api_keys and runs delete_api_key on every single one, completing the cleanup.
The Tradeoffs
Treating user roles as static.
A developer manually updates a user's profile using generic tools, forgetting that their specific organization role needs updating too. This leaves them in an inconsistent state (e.g., 'user updated but still admin').
→
Always use update_user for metadata changes, but follow up with change_user_role_in_org to ensure the user's tenancy permissions are correctly synchronized.
Bypassing key rotation policy.
An engineer creates a permanent API key (create_api_key) and forgets to update it when the client mandates quarterly rotations. This leads to security debt and potential compliance failure.
→
Use update_api_key immediately after creation or when scope changes, and use validate_api_key regularly to confirm the key's status.
Assuming single-source truth for users.
Trying to find a user only by name leads to ambiguity. The agent might return multiple matches or fail entirely if the data is spread across different systems.
→
Always narrow your search using get_user_by_email or get_user_by_username. If that fails, use query_users with explicit filters.
When It Fits, When It Doesn't
Use this server if the core task is managing the full identity lifecycle: creating tenants, assigning specific roles within those tenants, and controlling API access. You need it when a change in user status (e.g., disabling an account or changing a role) requires multiple, interconnected steps across different data models.
Don't use this if you are only querying public-facing data or running simple reports that don't involve state changes. For example, just listing all organization names might work with simpler directory tools. But if you need to act on the data—like setting up SAML federation using set_saml_idp_metadata or changing a user’s role—this is necessary.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by PropelAuth. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 42 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Managing B2B access today requires jumping between five different internal dashboards.
Today, if you need to audit one client's users and see who has elevated permissions, you start at the main dashboard. Then you click into the Organization view, filter by 'Admin Role,' download a CSV of emails, open your CRM, manually cross-reference those IDs with another security log, and finally update their status in a separate access management tool. It's slow, error-prone, and takes half an hour.
With this MCP server, you tell your agent: 'Find all Admins in Org X who haven't logged in for 60 days.' The agent executes `get_users_in_org`, filters the list using available metadata, and reports back the exact IDs. You get a single, actionable list of accounts needing immediate attention.
PropelAuth MCP Server: Automate user provisioning and org setup.
Before this server, setting up SAML SSO for a new client was a multi-day process involving downloading metadata files, manually updating XML configuration endpoints, and emailing key pairs back and forth. A single mistake broke the entire login chain.
Now, you simply ask your agent to 'Set up SAML connection for Acme Corp.' The server handles generating the correct `create_saml_connection_link` and provisioning the required metadata automatically. It’s a conversation, not an IT ticket.
Common Questions About PropelAuth MCP
How do I check if a user exists by email using PropelAuth MCP Server? +
You use get_user_by_email. This tool searches the system and returns all available data for that user ID, confirming existence and providing their current role and organization memberships.
What is the best way to audit API key usage with PropelAuth MCP Server? +
Run get_api_key_usage. This tool collects consumption data for specific keys, showing exactly how many calls were made and when. It's better than just listing active keys because it adds metrics.
Can I force a password reset using PropelAuth MCP Server? +
Yes, use clear_user_password. This tool resets the user's password and can be paired with create_magic_link to ensure they can log in immediately after the forced reset.
How do I manage organization membership using PropelAuth MCP Server? +
Membership is managed by two tools: first, use add_user_to_org to grant access. Second, if they leave, run remove_user_from_org to ensure clean separation.
Is there a way to list all current users in an organization? +
Use the get_users_in_org tool. It efficiently pulls every user ID and basic metadata for that specific tenant, saving you from running multiple general queries.
How do I set up Single Sign-On (SSO) by configuring identity provider metadata using `set_saml_idp_metadata`? +
You provide the necessary SAML Identity Provider (IdP) XML data. This action tells PropelAuth how to trust external login sources, enabling SSO for your B2B tenants. Your AI agent executes this setup by passing the metadata payload directly.
If a user's credentials are compromised, what is the best way to immediately terminate all sessions using `logout_all_user_sessions`? +
The tool forces an immediate log out across all devices and connected clients. This instantly revokes active access tokens without needing to change passwords first. It’s critical for rapid offboarding security.
If I only have a user's system ID, how do I pull their entire profile using the `get_user` tool? +
You pass the specific User ID to the agent. The server returns all associated metadata for that account, including roles, organization memberships, and status. This lets your AI client build comprehensive audit reports.
Can I find a user's details using only their email address? +
Yes. You can use the get_user_by_email tool. Simply provide the email address, and the agent will return the user's ID, metadata, and organization memberships.
How do I add an existing user to a specific organization? +
Use the add_user_to_org tool. You will need the user_id, the org_id, and the role you wish to assign to them (e.g., 'Admin' or 'Member').
Is it possible to monitor how many times an API key has been used? +
Yes. The get_api_key_usage tool allows you to retrieve usage statistics for a specific API key, helping you track activity and enforce limits.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
JSON Diff Visualizer
Generate human-readable visual diffs between two JSON objects — added lines in green, removed in red, unchanged in gray. Like 'git diff' but for JSON structures.
Aliyun OSS / 阿里云对象存储
China's leading object storage service — manage files, buckets, and metadata via AI.
Kontent.ai
Access headless content — list items, audit types, and query taxonomies.
You might also like
Osu!
Access Osu! player profiles, beatmap data, scores, and community discussions directly through your AI agent.
Altoviz
Business management and invoicing — manage customers, invoices, and expenses via AI.
Comet ML
Manage machine learning experiments via Comet — track model metrics, audit project workspaces, and inspect ML run parameters directly from any AI agent.