# Logto (Auth Platform) MCP

> Logto (Auth Platform) MCP lets you manage user identities, roles, and organizational structures directly from your AI agent. Need to audit who has access or update a profile? You can list users, create new API resources, assign granular permissions using roles, and even handle complex multi-tenant organization setups. It's full identity control in one place.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** authentication, rbac, user-management, identity-provider, access-control, iam

## Description

This MCP gives you complete control over user identities and access rules within your Logto authentication system. Instead of jumping through multiple dashboards to manage who can do what, your agent handles the heavy lifting. You can look up specific users by ID or list everyone currently registered. If a team needs tighter security, you can create new global roles and API resources to enforce precise permissions across the board. For large companies using multi-tenant setups, this MCP lets you build and manage entire organizations, tracking memberships along the way. All of this is accessible through your AI client once you connect it via Vinkius, letting you automate complex identity workflows without writing boilerplate code.

## Tools

### create_organization
Sets up an entirely new, isolated organizational structure within your Logto tenant.

### create_resource
Defines a brand new API resource that services will use to authorize specific actions.

### create_role
Builds and names a global role, which dictates what permissions users can inherit.

### delete_user
Permanently removes a user account from the system.

### get_user
Retrieves all specific details for any given Logto user ID.

### list_mfa_verifications
Lists every MFA factor currently registered and associated with the current user's account.

### get_my_account
Pulls your own profile data, including names and details, using end-user tokens.

### list_organization_users
Fetches a roster of all users who are currently members of a specified organization.

### list_organizations
Provides a list of every organizational container set up in the Logto tenant.

### remove_mfa_verification
Deletes an existing Multi-Factor Authentication factor from the user's profile for security reasons.

### list_resources
Shows all existing API resources that are currently defined in your system.

### list_roles
Retrieves a list of every global role available for assignment across the entire platform.

### send_verification_code
Triggers an email or SMS code delivery to verify user ownership of an account.

### update_my_account
Updates basic personal information, such as changing your username or avatar image.

### update_user
Modifies details for any existing user account in the tenant.

### list_user_roles
Shows exactly which roles have been assigned to a specific user ID.

### list_users
Pulls a comprehensive list of every single user account in the Logto tenant.

### verify_password
Checks a password's validity to generate a temporary ID used for verification purposes.

### verify_user_password
Verifies the strength and correctness of a user-supplied password using management credentials.

### bind_mfa_verification
Links a new Multi-Factor Authentication factor like TOTP or WebAuthn to the current user's account.

### update_my_account_primary_email
Changes or links the main primary email address associated with your own profile.

### update_my_account_profile
Modifies extended personal details for your account, like physical addresses or phone numbers.

### update_my_account_password
Changes the password for your own user account.

## Prompt Examples

**Prompt:** 
```
List the first 10 users in my Logto tenant.
```

**Response:** 
```
I've retrieved the user list. You have users like 'admin_user' (ID: user_1) and 'dev_test' (ID: user_2). Would you like to see the full details for any of them?
```

**Prompt:** 
```
Create a new User role called 'Support Agent' with a description.
```

**Response:** 
```
The role 'Support Agent' has been successfully created. It is now available for assignment to your users.
```

**Prompt:** 
```
Show me all members of the organization with ID 'org_999'.
```

**Response:** 
```
Fetching members for organization 'org_999'... I found 3 members: Alice, Bob, and Charlie. Would you like to inspect Alice's specific permissions?
```

## Capabilities

### Manage user accounts
You can get details for a specific user, list all users in the tenant, or update basic profile information like names and avatars.

### Control organizational structure
Build out multi-tenant environments by listing existing organizations, creating new ones, and viewing which members belong to them.

### Define granular permissions (RBAC)
Create global roles, list available API resources, and assign specific permissions to users or groups.

### Handle password and MFA resets
Send verification codes via email or SMS, verify a user's password strength, or bind/remove Multi-Factor Authentication factors for account security.

### Update current user profile
Retrieve your own account details and update primary emails, passwords, or extended profile information using end-user tokens.

## Use Cases

### Auditing User Access After a Breach
A security engineer notices unusual activity. They prompt their agent: 'List all users who have access to API resources for finance.' The agent automatically runs `list_resources` and then checks the permissions, giving the engineer an immediate report on potential risks.

### Onboarding a New Department
A manager needs to set up a new department. They tell their agent: 'Create a new organization called Marketing.' The MCP runs `create_organization`, and the agent confirms the new tenant is ready for users.

## Benefits

- Instead of manually calling APIs to check credentials, you can ask your agent to run a password verification using `verify_user_password` and get an immediate status update.
- Need to audit permissions? You can list all users and then use `list_user_roles` to instantly see every role assigned to any account.
- When setting up multi-tenant environments, you don't have to manually create structures; just call `create_organization`, and your agent handles the initial setup.
- For security cleanup, if an employee leaves, your agent can run a simple prompt that executes `delete_user` right away, ensuring immediate deprovisioning.
- You get granular control over system access by defining new permissions. Use `create_role` to build specific job titles and assign them using the MCP.

## How It Works

The bottom line is you manage complex auth infrastructure using natural conversation instead of logging into an internal dashboard.

1. Subscribe to this MCP on Vinkius and provide your Logto Management API credentials (Endpoint, App ID, and App Secret).
2. Your agent authenticates with the necessary keys, giving it full read/write access to your identity management system.
3. You prompt your AI client, telling it exactly what needs changing—like 'Create a role called X' or 'List all users in organization Y.''

## Frequently Asked Questions

**How do I list all users in my Logto tenant using the Logto (Auth Platform) MCP?**
You run the `list_users` tool. This immediately provides a comprehensive roster of every account, letting you see who needs attention or auditing.

**Can I reset a user's password with the Logto (Auth Platform) MCP?**
Yes. You can use `send_verification_code` to trigger an email or SMS code delivery, allowing the user to securely reset their credentials.

**What is the difference between `get_user` and `list_users` in the Logto (Auth Platform) MCP?**
`list_users` gives you a high-level list of all accounts. `get_user` requires a specific ID to pull deep, detailed information for just one person.

**Do I need elevated permissions to use the Logto (Auth Platform) MCP?**
You must provide API credentials that grant management access. The agent uses these credentials to perform actions like `create_role` or `delete_user`.

**Can I see which roles are assigned to a specific user?**
Yes! Use the `list_user_roles` tool with the target User ID to retrieve all global roles associated with that account.

**Is it possible to manage multi-tenant organizations through this server?**
Absolutely. You can use `list_organizations` to see existing ones, `create_organization` to add new ones, and `list_organization_users` to audit membership.

**Can I update user profiles or suspend accounts?**
Yes, the `update_user` tool allows you to modify the username, name, avatar, and the `isSuspended` status of any user.