Bring Authentication
to Windsurf
Learn how to connect Logto (Auth Platform) to Windsurf and start using 23 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Logto (Auth Platform) MCP Server?
Connect your Logto authentication platform to any AI agent and take full control of your identity management and access control workflows.
What you can do
- User Management — List, fetch, update, or delete users from your tenant with full metadata access.
- RBAC & Permissions — Create and list global roles and API resources to manage granular access control.
- Organizations — Handle multi-tenant structures by creating organizations and managing their memberships.
- Security & Verification — Verify user passwords and manage account-level security settings.
- Account API — Access and update the current user's profile and MFA settings using end-user tokens.
How it works
- Subscribe to this server
- Provide your Logto Management API credentials (Endpoint, App ID, and App Secret)
- Start managing your auth infrastructure from Claude, Cursor, or any MCP-compatible client
Who is this for?
- DevOps & Security Engineers — Quickly audit user lists, roles, and resource permissions without leaving the terminal.
- Full-stack Developers — Manage test users and organization structures directly from the code editor.
- Support Teams — Inspect user metadata and account statuses to resolve identity-related tickets faster.
Built-in capabilities (23)
Bind a new MFA factor (TOTP, WebAuthn)
Create a new organization
Create a new API resource
Create a new role
Delete a Logto user
Retrieve current user profile (Account API)
Get details for a specific Logto user
List registered MFA factors for the current user
List members of an organization
List organizations in Logto
List API resources in Logto
List global roles in Logto
List roles assigned to a user
List Logto users
Remove an MFA factor
Send email/SMS code for verification
Update basic profile (username, name, avatar)
Update user password
Update or link primary email
Update extended profile (address, etc.)
Update an existing Logto user
Verify password to get a verification ID
Verify a user password (Management API)
Why Windsurf?
Windsurf's Cascade agent chains multiple Logto (Auth Platform) tool calls autonomously. query data, analyze results, and generate code in a single agentic session. Paste Vinkius Edge URL, reload, and all 23 tools are immediately available. Real-time tool feedback appears inline, so you see API responses directly in your editor.
- —
Windsurf's Cascade agent autonomously chains multiple tool calls in sequence, solving complex multi-step tasks without manual intervention
- —
Purpose-built for agentic workflows. Cascade understands context across your entire codebase and integrates MCP tools natively
- —
JSON-based configuration means zero code changes: paste a URL, reload, and all 23 tools are immediately available
- —
Real-time tool feedback is displayed inline, so you see API responses directly in your editor without switching contexts
Logto (Auth Platform) in Windsurf
Logto (Auth Platform) and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect Logto (Auth Platform) to Windsurf through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for Logto (Auth Platform) in Windsurf
The Logto (Auth Platform) MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 23 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in Windsurf only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
Logto (Auth Platform) for Windsurf
Every tool call from Windsurf to the Logto (Auth Platform) MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
Can I see which roles are assigned to a specific user?
Yes! Use the list_user_roles tool with the target User ID to retrieve all global roles associated with that account.
Is it possible to manage multi-tenant organizations through this server?
Absolutely. You can use list_organizations to see existing ones, create_organization to add new ones, and list_organization_users to audit membership.
Can I update user profiles or suspend accounts?
Yes, the update_user tool allows you to modify the username, name, avatar, and the isSuspended status of any user.
How does Windsurf discover MCP tools?
Windsurf reads the mcp_config.json file on startup and connects to each configured server via Streamable HTTP. Tools are listed in the MCP panel and available to Cascade automatically.
Can Cascade chain multiple MCP tool calls?
Yes. Cascade is an agentic system. it can plan and execute multi-step workflows, calling several tools in sequence to accomplish complex tasks without manual prompting between steps.
Does Windsurf support multiple MCP servers?
Yes. Add as many servers as needed in mcp_config.json. Each server's tools appear in the MCP panel and Cascade can use tools from different servers in a single flow.
Server not connecting
Check Settings → MCP for the server status. Try toggling it off and on.
Explore More MCP Servers
View all →
Hookdeck
52 toolsManage and monitor webhooks with Hookdeck — list connections, create sources, and control event routing directly from your AI agent.
Assembly
10 toolsManage Assembly clients, companies, workspaces, and notes.
ConfigCat
18 toolsManage feature flags and remote configurations via ConfigCat — list environments, create settings, and toggle features directly from your AI agent.
Bland AI
10 toolsAutomate phone calls via Bland AI — send outbound calls, manage agents, and retrieve transcripts directly from any AI agent.