# HID Origo MCP MCP

> HID Origo MCP lets your AI agent manage physical and digital access for an entire campus or organization. You can list every issued mobile identity, monitor door readers across sites, check user group memberships, and instantly review system audit logs—all through natural conversation.

## Overview
- **Category:** cloud-infrastructure
- **Price:** Free
- **Tags:** mobile-identity, access-management, physical-security, user-provisioning, digital-cards, authentication

## Description

This MCP connects your cloud-based identity platform to any compatible AI client, giving you full command over physical access and digital credentials without logging into a complex web portal. Instead of hunting through dashboards for status updates, you talk to your agent. It handles everything from checking the current operational state of all IoT readers on site to listing every user group defined in your tenant. You can even initiate mobile identity enrollment by simply requesting it. If you're using Vinkius, this MCP adds deep access control intelligence directly into your existing AI workflow. It’s about treating access management like a conversation; asking the right questions and getting immediate, actionable answers.

## Tools

### create_enrollment_invitation
Sends a mobile identity invitation to a user, starting the process of them activating their digital card.

### get_audit_log_events
Pulls the complete history of administrative actions and access events for forensic review.

### get_mobile_identity
Retrieves specific details about a single issued digital card or mobile identity.

### get_organization_info
Shows the core metadata and configuration settings for your entire HID Origo setup.

### get_user_details
Pulls up a specific user's file to see their full account details, including group memberships.

### list_physical_credentials
Lists every physical access credential, like fobs or keycards, currently managed in the system.

### list_identity_groups
Displays the names of identity groups used to define your access control policies.

### list_identity_invitations
Shows a list of all outstanding and completed mobile identity enrollment invitations.

### list_mobile_identities
Provides an overview and status report for all digital cards that have been issued to users.

### list_access_readers
Lists all physical IoT readers and door controllers connected within the HID Origo system.

### list_identity_users
Retrieves a directory listing of every user account managed within your HID Origo tenant.

## Prompt Examples

**Prompt:** 
```
List all active mobile identities and their status.
```

**Response:** 
```
I've retrieved your mobile identities. You have 15 issued digital cards, including 12 'Activated' and 3 'Pending Enrollment'. Would you like to see the details for the pending identities to follow up with the users?
```

**Prompt:** 
```
Show me the status of the access readers in the 'London Office'.
```

**Response:** 
```
Accessing reader data... In the 'London Office' (ID: loc_552), all 5 HID Signo readers are currently ONLINE and reporting normal activity. Would you like to see the recent access events for these readers?
```

**Prompt:** 
```
Invite user 'user_992' to enroll for a mobile identity.
```

**Response:** 
```
Process started! I've initiated an enrollment invitation for user_992. I'll use your default part number for the digital card. An email will be sent to the user with instructions to activate their credential in the HID Origo app. Should I check the audit log to confirm the invite was sent?
```

## Capabilities

### Audit Access History
Retrieve detailed records of administrative actions or system access events for security reviews.

### Monitor Hardware Status
List and check the operational status of all connected physical readers and door controllers.

### Manage Identities
See a full list of issued digital cards, track their activation status, or find details for one specific credential.

### Handle User Provisioning
Pull up user files to check group memberships and send out enrollment invitations for new mobile identities.

### View Organizational Settings
Get metadata about your entire HID Origo setup, like configuration details and overall organization info.

## Use Cases

### Investigating Unauthorized Access
A security engineer notices unusual access patterns. They ask their agent to run `get_audit_log_events` for the last 48 hours, immediately locating a specific door controller's activity and confirming if the credentials used belonged to an active user.

### Mass Onboarding Event
An IT administrator is onboarding ten new users. Instead of logging into a batch portal ten times, they ask their agent to list all current users with `list_identity_users`, and then loop through the IDs to call `create_enrollment_invitation` for everyone.

### Facility Hardware Check
A facility manager gets a report that a door reader is offline. They ask their agent, which runs `list_access_readers`, instantly confirming the device's status and pinpointing exactly which site it belongs to.

### Compliance Review Prep
During an audit, a security officer needs proof of who has access. They ask their agent to list all identity groups (`list_identity_groups`) and cross-reference that with the physical credentials using `list_physical_credentials`.

## Benefits

- Audit trails are instant. Instead of digging through system logs manually, you can call `get_audit_log_events` to retrieve a history of administrative or access actions immediately for compliance reviews.
- Monitor physical assets at scale. You can use `list_access_readers` to get the live operational status of every reader and door controller across all sites, saving hours of site visits.
- Simplify onboarding. When a new employee starts, you don't have to manually invite them; your agent handles it by calling `create_enrollment_invitation` right from the chat interface.
- Unified view of credentials. You can use `list_mobile_identities` and `list_physical_credentials` together to get one place that shows both a user's physical keycard status and their digital card status.
- Quick user lookups. Need to know if 'Jane Doe' is in the correct group? Use `get_user_details` to pull up her file and verify her exact identity group membership instantly.

## How It Works

The bottom line is that your AI client acts like a dedicated, conversational administrator for all things identity and access control.

1. Subscribe to this MCP in Vinkius and provide your required client credentials (Client ID, Client Secret, Organization ID).
2. Tell your AI agent what you need—for example, 'List all active mobile identities' or 'What is the status of readers at Site B?'
3. The agent executes the necessary tool call against HID Origo and delivers the structured data back to you in plain language.

## Frequently Asked Questions

**How do I find my HID Origo Client ID and Secret?**
Log in to the **HID Origo Management Portal**, navigate to the **System Accounts** section, and create a new system account. You will be provided with a Client ID and Client Secret for that account.

**What is the Organization ID?**
The Organization ID is a unique UUID that identifies your company in the HID Origo cloud. You can find it in the Management Portal under the Organization settings or profile section.

**Can I send mobile identity invitations via the AI agent?**
Yes! Use the `create_enrollment_invitation` tool. You must provide a JSON string containing the `userId` and the `partNumber` for the mobile identity you wish to issue.

**Is the integration secure for access control data?**
Absolutely. The integration uses industry-standard OAuth 2.0 Client Credentials over HTTPS. Your credentials are encrypted and stored securely within the Vinkius Cloud infrastructure.

**If I use the `get_audit_log_events` tool, what kinds of administrative actions can I track?**
The tool retrieves a complete history of administrative actions and access events. You can pinpoint everything from policy changes or user account modifications to specific credential assignments across your entire system.

**When I call `get_user_details`, what comprehensive profile information do I receive for that specific User ID?**
It returns a detailed profile including the user's assigned groups, current status, and all linked physical and mobile credentials. It gives you one place to check their full access scope.

**Does listing readers using `list_access_readers` provide real-time operational status for every connected device?**
Yes, the list provides immediate status data for all IoT readers and door controllers. This lets you quickly identify which hardware is online, reporting normally, or if it's disconnected.

**Are there rate limits when running `list_mobile_identities` to check issuance status?**
The MCP supports high-volume querying for standard use cases. You only run into limits if you attempt to pull massive, continuous data streams, which is rare.