# Casdoor (IAM) MCP for AI Agents MCP

> Casdoor (IAM) connects your identity services directly to any AI agent. It lets you manage user accounts, audit organizational structures, and control registered applications—all via natural conversation. You can provision users, check permissions, and maintain compliance without leaving your coding environment.

## Overview
- **Category:** developer-tools
- **Price:** Free
- **Tags:** iam, authentication, user-management, casdoor, access-control

## Description

Managing identities used to mean jumping between dashboards: one for users, another for groups, and a third for application keys. This MCP changes that by giving your AI client direct access to your Casdoor IAM instance. You can now handle the entire user lifecycle through chat prompts alone. Need to create a new employee account? Your agent handles it. Want to check if an app still needs its credentials updated? Just ask. Because this connector manages everything from individual profiles to complete organization oversight, you get a single point of control for your identity infrastructure. By connecting via Vinkius, you gain access to robust identity and access management tools directly in the conversational layer of your favorite AI client.

## Tools

### add_user
Creates a new user account, requiring the organization owner and the desired username.

### delete_user
Removes an existing user account after confirming both the organization and the specific username.

### get_application
Retrieves all defined details for a single, specified application within Casdoor.

### get_organization
Fetches the full configuration and details for one specific organization unit.

### get_user
Pulls detailed profile information for a user when given their unique ID.

### list_applications
Generates a list of every application registered within the current organization scope.

### list_organizations
Returns a comprehensive list of all organizational units managed by your Casdoor instance.

### list_users
Lists every user account belonging to a specific organization unit.

### update_user
Modifies existing details for an account, requiring the owner/organization and username format.

### get_userinfo
Immediately retrieves the profile information for the user who is currently logged in or authenticated.

## Prompt Examples

**Prompt:** 
```
Show me all user accounts in the 'marketing-dept' and list their current roles.
```

**Response:** 
```
**Marketing Department User Audit**

*   `john.doe`: Active | Role: Marketing Lead | Last Login: 2024-10-15
*   `jane.smith`: Inactive | Role: Content Writer | Last Login: N/A
*   `test_user_mktg`: Active | Role: Trainee | Last Login: Today

**Next Steps:** Would you like to update John Doe's permissions or archive Jane Smith's account?
```

**Prompt:** 
```
What applications are currently linked and who owns them?
```

**Response:** 
```
**Registered Applications Summary**

| App Name | Owner Org | Status |
| :--- | :--- | :--- |
| Billing API | built-in | Active |
| Auth Service v2 | engineering-team | Needs Review |
| CMS Gateway | marketing-dept | Active |

*Note: The 'Auth Service v2' owner needs to update their credentials.*
```

**Prompt:** 
```
I need a new user for the QA team. Can you set it up?
```

**Response:** 
```
Okay, I can create that account right away. Please confirm the username and whether this belongs in the 'engineering-team' organization.

*Confirmation Needed: Username & Organization*

Once confirmed, I'll use the appropriate tool to add them and report back with their new profile details.
```

## Capabilities

### Provisioning and Updating Users
Add new user accounts or modify existing profiles by providing specific details like the owner organization and username.

### Auditing Organizations
List all organizations within your Casdoor account and pull specific configuration data for any given IAM hierarchy.

### Managing Applications
Query a list of registered applications or fetch the full details for one specific application instance.

### Viewing User Details
Instantly retrieve the profile and current status of any user by providing their unique ID.

### Checking Authentication Status
Get a real-time view of the currently authenticated user's full profile to confirm permissions immediately.

## Use Cases

### Onboarding a new team member
A DevOps engineer needs to provision five temporary test accounts for a project. Instead of running through the web UI multiple times, they prompt their agent: 'Create five dev users in the engineering organization.' The agent uses `add_user` repeatedly and reports success.

### Quarterly Security Audit
A security analyst must verify who has access to critical systems. They ask the agent to list all organizations (`list_organizations`) and then check application ownership by listing every registered app using `list_applications`.

### Revoking Old Credentials
A developer needs to terminate an employee's access immediately. They instruct their agent to find the user's record via `get_user` and then execute a full deletion using `delete_user`, logging the action instantly.

### Reviewing Service Dependencies
A team needs to know which applications are running on an old platform. The agent uses `list_applications` to get the names, then runs `get_application` for each one to check its current status and owner.

## Benefits

- Automate user provisioning: Use the `add_user` tool to create new accounts, or `update_user` to modify profiles, eliminating manual dashboard logins.
- Centralize auditing: Quickly list every organization using `list_organizations`, giving you a complete map of your IAM structure in one go.
- Secure credential management: Use `list_applications` and `get_application` to maintain an accurate inventory of all linked services.
- Instant compliance checks: The `get_userinfo` tool lets you confirm the permissions and profile of any authenticated user on demand.
- Simplify user discovery: Need to find a specific account? Use `list_users` or `get_user` to pull detailed records without guessing usernames.

## How It Works

The bottom line is: you use natural language prompts to trigger structured administrative tasks, letting your AI client do the heavy lifting across your identity systems.

1. Subscribe to this MCP on Vinkius and provide your Casdoor Endpoint, Client ID, and Client Secret credentials.
2. Your AI client authenticates with the connection details, establishing a secure link to your IAM instance.
3. You simply ask your agent—'Show me all users in the marketing department'—and it executes the required actions using the connected tools.

## Frequently Asked Questions

**How can I use Casdoor (IAM) MCP to audit my user accounts?**
You connect this MCP, then ask your agent to list all users in a specific organization. The agent uses the necessary tools to pull comprehensive data on every account and their current status.

**Does Casdoor (IAM) MCP let me delete user accounts?**
Yes, it does. If you confirm the owner and the username, your agent executes a secure deletion command, removing the user from your identity system instantly.

**What kind of organizations can Casdoor (IAM) MCP manage?**
The tool manages all organizational units within your Casdoor instance. You simply ask the agent to list them, and you get a full breakdown of every department or division you've set up.

**Can I check my own permissions using this MCP?**
Absolutely. By asking the agent for your user info, it instantly fetches your profile details, letting you verify exactly what access rights are assigned to your account right now.

**If I need to change a username or role, can Casdoor (IAM) MCP help?**
Yes. You use the update function by giving the agent the required details for both the organization and the user's current ID. It handles modifying existing accounts seamlessly.