PropelAuth MCP for AI. Manage B2B identity lifecycle via conversation.

Q: How do I check if a user exists by email using PropelAuth MCP Server?

You use getuserbyemail. This tool searches the system and returns all available data for that user ID, confirming existence and providing their current role and organization memberships.

Q: What is the best way to audit API key usage with PropelAuth MCP Server?

Run getapikeyusage. This tool collects consumption data for specific keys, showing exactly how many calls were made and when. It's better than just listing active keys because it adds metrics.

Q: Can I force a password reset using PropelAuth MCP Server?

Yes, use clearuserpassword. This tool resets the user's password and can be paired with createmagiclink to ensure they can log in immediately after the forced reset.

Q: How do I manage organization membership using PropelAuth MCP Server?

Membership is managed by two tools: first, use addusertoorg to grant access. Second, if they leave, run removeuserfromorg to ensure clean separation.

Q: Is there a way to list all current users in an organization?

Use the getusersinorg tool. It efficiently pulls every user ID and basic metadata for that specific tenant, saving you from running multiple general queries.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

How this MCP server connects to your AI agent

PropelAuth MCP Server manages B2B identity lifecycles for your AI agent. It handles user creation, organization governance, role assignment, and full API key management without needing manual dashboard interaction.

Your agent can programmatically create users (`create_user`), manage memberships (`add_user_to_org`), or audit access via `get_api_key_usage` directly in conversation.

What AI agents can do with PropelAuth (B2B Authentication) Automation

Add user to org

Assigns a specified user to an existing organization.

Allow saml

Activates or deactivates SAML authentication for an entire organization.

Change user role in org

Updates a user's specific role within one of their organizations.

+ 39 more capabilities included

User Lifecycle Management

Create, update, disable, or delete individual user accounts and manage their passwords.

Organization Structure Control

Build out multi-tenant environments by creating organizations and assigning users to specific tenants with defined roles.

API Key Governance

Programmatically generate, validate, update, or delete end-user API keys while tracking usage metrics.

Federation and Authentication Setup

Configure enterprise identity standards like SAML and OIDC by setting metadata and generating setup links.

User Lookup and Retrieval

Find specific users or organizations using unique identifiers like email, username, or organization ID.

Ask an AI about this

Included with Plan

Waiting for input…

AI Agent

What AI agents can do with PropelAuth (B2B Authentication) MCP Server: 42 Tools

Use these tools to programmatically manage user accounts, organizational structures, and API keys for B2B environments via your AI agent.

Make your AI actually useful.

Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.

Start using PropelAuth (B2B Authentication) on Vinkius

Add User To Org

Assigns a specified user to an existing organization.

Allow Saml

Activates or deactivates SAML authentication for an entire organization.

Change User Role In Org

Updates a user's specific role within one of their organizations.

Clear User Password

Resets and clears the password for any specified user account.

Create Access Token

Generates a temporary access token, useful for testing or machine-to-machine calls.

Create Api Key

Generates and provisions a brand new API key for an end-user.

Create Magic Link

Creates a unique, time-sensitive magic link for a user's passwordless login.

Create Org

Establishes and provisions a new client organization within the platform.

Create Saml Connection Link

Generates the specific setup link needed to connect an organization via SAML SSO.

Create User

Creates a new user account and profile in PropelAuth.

Delete Api Key

Removes an end-user API key from the system.

Delete Org

Permanently deletes an entire organization and all associated data.

Delete User

Deletes a user account entirely from the system.

Disable User

Blocks or disables a specific user, preventing them from logging in.

Enable User

Restores account access by enabling a previously disabled user.

Get Active Api Keys

Retrieves a list of all currently active API keys across the system.

Get Api Key Usage

Pulls usage statistics and consumption data for specific API keys.

Get Custom Role Mappings

Fetches definitions of custom roles used within the platform.

Get Oauth Tokens

Retrieves current OAuth tokens associated with a user's account.

Get Org

Fetches all details for a specific organization using its unique ID.

Get Saml Sp Metadata

Retrieves the Service Provider (SP) metadata needed to configure SAML SSO.

Get User By Email

Finds and returns a user's profile based on their registered email address.

Get User By Username

Locates a specific user account using only their unique username.

Get User

Fetches all data for a user using their unique ID.

Get Users In Org

Lists all users who belong to a specific organization.

Go Live Saml

Sets an existing SAML connection configuration to 'live' status, making it active...

Invite User To Org

Sends an invitation email and adds a user to an organization roster.

Logout All User Sessions

Invalidates all active sessions for a given user, forcing them to re-login.

Migrate User

Moves an existing user account from another system into PropelAuth's management...

Query Orgs

Searches and lists multiple organizations based on provided criteria.

Query Users

Lists all users, supporting filtering and pagination for large directories.

Refresh Provider Token

Updates an expired OAuth provider token for a specific user's account.

Remove User From Org

Removes a user membership from one or more organizations.

Set Oidc Idp Metadata

Configures the necessary metadata for an OpenID Connect (OIDC) Identity Provider.

Set Saml Idp Metadata

Sets the required metadata for a SAML Identity Provider.

Subscribe Org To Mapping

Links an organization to a custom role mapping structure.

Update Api Key

Modifies the details or scope of an existing end-user API key.

Update Org

Updates general metadata (like name or billing info) for an organization.

Update User Email

Changes the primary email address associated with a user account.

Update User Password

Allows an administrator to manually change a user's password.

Update User

Modifies a user's profile details, such as their name or phone number.

Validate Api Key

Checks if an API key is valid, active, and still within its usage limits.

Security and governance baked right in.

Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.

Claude AI

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.

Start a conversation

Open a new chat. The PropelAuth integration is available immediately — no restart needed.

Antigravity

Configure Agent Environment

Open your Antigravity agent's workspace configuration or mcp-servers.json file.

Bind the Endpoint

Add the Vinkius endpoint URL to your agent's MCP connections list:

"mcp_servers": {
  "propelauth-b2b-authentication": {
    "serverUrl": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
  }
}

Provide your secure token in place of [YOUR_TOKEN_HERE] to ensure your agent requests are authenticated.

Execute

Start your Antigravity session. The agent will autonomously discover and utilize the PropelAuth tools with full Vinkius guardrails applied.

VS Code Copilot

⚡

One-Click Install (Recommended)

In your Vinkius Dashboard, simply click the Add to VS Code button for this server. We'll automatically configure your local workspace.

Or configure manually

Open MCP Settings

Open VS Code, press Ctrl/Cmd + Shift + P, and search for GitHub Copilot: MCP Servers.

Add Server Config

Add the Vinkius endpoint configuration to your mcp-servers.json file:

"propelauth-b2b-authentication": {
  "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}

Ensure you replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

LangChain

Install Dependencies

Install the LangChain MCP adapters for your environment:

pip install langchain-mcp-adapters

Connect the Server

Use the SSEClient in LangChain to connect to the Vinkius managed endpoint:

from langchain_mcp_adapters.client import SSEClient

# Connect to Vinkius
client = SSEClient(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
tools = client.get_tools()

CrewAI

Define the Tool

Load the Vinkius MCP tools into your CrewAI agents:

from crewai import Agent
from mcp_crewai import MCPTool

# Connect securely to Vinkius
vinkius_tools = MCPTool(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")

# Assign to Agent
researcher = Agent(
    role='Data Researcher',
    tools=vinkius_tools.get_all()
)

Execute Task

Run your CrewAI process. The agent will autonomously route tasks to the Vinkius managed server.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with PropelAuth (B2B Authentication), then connect any of our 5,100+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 5,100+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by PropelAuth. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

Your data is protected. See how we built it.

Built on the Model Context Protocol (MCP) for Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This connection provides 42 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.

Managing B2B access today requires jumping between five different internal dashboards., Solved with Vinkius AI Gateway

Today, if you need to audit one client's users and see who has elevated permissions, you start at the main dashboard. Then you click into the Organization view, filter by 'Admin Role,' download a CSV of emails, open your CRM, manually cross-reference those IDs with another security log, and finally update their status in a separate access management tool. It's slow, error-prone, and takes half an hour.

With this MCP server, you tell your agent: 'Find all Admins in Org X who haven't logged in for 60 days.' The agent executes `get_users_in_org`, filters the list using available metadata, and reports back the exact IDs. You get a single, actionable list of accounts needing immediate attention.

PropelAuth MCP Server: Automate user provisioning and org setup.

Before this server, setting up SAML SSO for a new client was a multi-day process involving downloading metadata files, manually updating XML configuration endpoints, and emailing key pairs back and forth. A single mistake broke the entire login chain.

Now, you simply ask your agent to 'Set up SAML connection for Acme Corp.' The server handles generating the correct `create_saml_connection_link` and provisioning the required metadata automatically. It’s a conversation, not an IT ticket.

Support 24/7 support@vinkius.com ↗

Security Vinkius Trust Center ↗

SLA Service Level Agreement ↗

Report Listing Send Report ↗

b2b-auth

user-management

saas-infrastructure

multi-tenancy

api-security

What your AI can actually do with this

PropelAuth handles your entire B2B identity lifecycle so you don't have to touch a dashboard. Your agent treats user and organization management like simple natural language commands. You can build out complex, multi-tenant systems—creating new client organizations with create_org, querying multiple tenants using query_orgs, or updating general organizational details via update_org.

You'll also get full details on a specific tenant using get_org and you can permanently wipe an organization and all its data with delete_org.

When it comes to users, your agent manages the entire identity lifecycle. You can create new accounts for clients with create_user, or find existing people quickly by their email address with get_user_by_email, or just by username using get_user_by_username. If a user needs an update—say, changing their name via update_user or switching their primary email with update_user_email—you'll handle it.

For security, you can manually change passwords with update_user_password, reset the password and clear credentials using clear_user_password, and block an account entirely by calling disable_user; don't forget that you can restore access anytime with enable_user. You also have tools to manage membership: you can send out invites and add a user roster directly with invite_user_to_org, or remove them from a tenant using remove_user_from_org.

If someone needs to leave, your agent handles it by calling delete_user or delete_api_key.

For enterprise setups, you've got full control over federation. You can configure OpenID Connect (OIDC) and SAML identity providers by setting the required metadata using set_oidc_idp_metadata or set_saml_idp_metadata. To get a client connected via SAML SSO, your agent generates the exact setup link with create_saml_connection_link, and you can activate the connection globally using allow_saml or flip an existing config to 'live' status with go_live_saml.

You can also migrate existing users from other systems into PropelAuth's management scope via migrate_user, and if a user needs immediate lockout, your agent invalidates all their active sessions using logout_all_user_sessions.

API key governance is handled programmatically. Your agent generates brand new keys for end-users with create_api_key, or provisions temporary tokens for testing machine calls using create_access_token. When a key needs adjusting, you can modify its scope or details with update_api_key, and if it's stale, you delete it instantly with delete_api_key.

To keep tabs on usage, your agent pulls consumption data via get_api_key_usage and retrieves a list of all active keys using get_active_api_keys. You can also check key status in real-time by running the validate_api_key tool.

When you need to audit access or find specific records, your agent has multiple lookup options. You can pull every detail about a user with get_user, or list everyone belonging to a tenant using get_users_in_org. For deeper reads, you can check current OAuth tokens associated with an account via get_oauth_tokens and get the complete details for any organization with get_org.

You'll also find tools that let you query users and organizations in bulk, supporting filtering and pagination through query_users and query_orgs, respectively. For roles, you can fetch definitions of custom roles used across the platform by calling get_custom_role_mappings or linking a tenant to these structures with subscribe_org_to_mapping. Finally, if a user needs to log in without a password, your agent generates a unique, time-sensitive magic link using create_magic_link, and you can refresh an expired provider token for any account using refresh_provider_token.

Built · Hosted · Managed by Vinkius PropelAuth B2B Auth MCP Server - Manage Users & Roles

Server ID 019e5d4b-a7c8-7177-96a9-24643986e970

Vinkius Inspector

Compliance Grade F

Score 3.6/100

Report View Report ↗

Who is this actually for?

This server targets security and development roles. It's for the DevOps engineer who hates manual audit reports, or the Customer Success Manager who needs to fix a user account in seconds during a support call without context switching. If your job involves managing access control across multiple client tenants, you need this.

DevSecOps Engineer

Automating user offboarding procedures, running regular audits on API key usage (get_api_key_usage), and enforcing policy changes (e.g., disable_user).

Customer Success Manager

Quickly looking up a client's details using their email, resetting passwords via clear_user_password, or manually inviting them to a new organization (invite_user_to_org).

Product Developer

Testing complex authentication flows (SAML/OIDC) by generating setup metadata or creating test access tokens (create_access_token) directly from the chat interface.

What Changes When You Connect

You control user access without context switching. Instead of navigating deep into a dashboard to change roles, you simply ask your agent to 'Change the role of John Doe in Acme Corp to Read-Only.'

API key governance becomes immediate. You can run get_api_key_usage to see which keys are hitting limits or generating unnecessary traffic, stopping potential overspending before it happens.

Onboarding is faster and safer. Use the agent to create_org, then immediately use invite_user_to_org for the first three users, completing a multi-step workflow in one chat session.

Revoking access is comprehensive. If an employee leaves, your agent can run logout_all_user_sessions followed by delete_api_key and then finally disable_user, ensuring all digital footprints are erased.

Federation setup is streamlined. You generate the necessary SAML or OIDC metadata (set_saml_idp_metadata) using a simple prompt, eliminating complex XML file downloads and manual API calls.

See it in action

01 01

Auditing User Access Post-Incident

A security analyst finds suspicious activity. They ask the agent to 'List all users in Org 123.' The agent runs get_users_in_org, identifies two accounts, and then uses get_user on both IDs to check their last login and current roles, allowing them to immediately decide if they need to run disable_user.

02 02

Client Expansion and Onboarding

A CSM signs a new client. They prompt the agent: 'Create a new organization called BetaTest.' The agent runs create_org. Next, they invite the core team via email using invite_user_to_org, setting their initial roles with change_user_role_in_org.

03 03

Debugging API Key Issues

A developer reports a service failing due to an expired key. They ask the agent to 'Check API usage for client X.' The agent runs get_api_key_usage, finds the key is stale, and automatically executes refresh_provider_token.

04 04

Deactivating a Former Employee

An HR manager needs to terminate an account. They ask the agent to 'Remove Jane Doe's access.' The agent runs logout_all_user_sessions, then finds all API keys using get_active_api_keys and runs delete_api_key on every single one, completing the cleanup.

The honest tradeoffs

Treating user roles as static.

Anti-pattern

A developer manually updates a user's profile using generic tools, forgetting that their specific organization role needs updating too. This leaves them in an inconsistent state (e.g., 'user updated but still admin').

The Fix

Always use update_user for metadata changes, but follow up with change_user_role_in_org to ensure the user's tenancy permissions are correctly synchronized.

Bypassing key rotation policy.

Anti-pattern

An engineer creates a permanent API key (create_api_key) and forgets to update it when the client mandates quarterly rotations. This leads to security debt and potential compliance failure.

The Fix

Use update_api_key immediately after creation or when scope changes, and use validate_api_key regularly to confirm the key's status.

Assuming single-source truth for users.

Anti-pattern

Trying to find a user only by name leads to ambiguity. The agent might return multiple matches or fail entirely if the data is spread across different systems.

The Fix

Always narrow your search using get_user_by_email or get_user_by_username. If that fails, use query_users with explicit filters.

When It Fits, When It Doesn't

Use this server if the core task is managing the full identity lifecycle: creating tenants, assigning specific roles within those tenants, and controlling API access. You need it when a change in user status (e.g., disabling an account or changing a role) requires multiple, interconnected steps across different data models.

Don't use this if you are only querying public-facing data or running simple reports that don't involve state changes. For example, just listing all organization names might work with simpler directory tools. But if you need to act on the data—like setting up SAML federation using set_saml_idp_metadata or changing a user’s role—this is necessary.

Questions you might have

How do I check if a user exists by email using PropelAuth MCP Server? +

You use get_user_by_email. This tool searches the system and returns all available data for that user ID, confirming existence and providing their current role and organization memberships.

What is the best way to audit API key usage with PropelAuth MCP Server? +

Run get_api_key_usage. This tool collects consumption data for specific keys, showing exactly how many calls were made and when. It's better than just listing active keys because it adds metrics.

Can I force a password reset using PropelAuth MCP Server? +

Yes, use clear_user_password. This tool resets the user's password and can be paired with create_magic_link to ensure they can log in immediately after the forced reset.

How do I manage organization membership using PropelAuth MCP Server? +

Membership is managed by two tools: first, use add_user_to_org to grant access. Second, if they leave, run remove_user_from_org to ensure clean separation.

Is there a way to list all current users in an organization? +

Use the get_users_in_org tool. It efficiently pulls every user ID and basic metadata for that specific tenant, saving you from running multiple general queries.

How do I set up Single Sign-On (SSO) by configuring identity provider metadata using `set_saml_idp_metadata`? +

You provide the necessary SAML Identity Provider (IdP) XML data. This action tells PropelAuth how to trust external login sources, enabling SSO for your B2B tenants. Your AI agent executes this setup by passing the metadata payload directly.

If a user's credentials are compromised, what is the best way to immediately terminate all sessions using `logout_all_user_sessions`? +

The tool forces an immediate log out across all devices and connected clients. This instantly revokes active access tokens without needing to change passwords first. It’s critical for rapid offboarding security.

If I only have a user's system ID, how do I pull their entire profile using the `get_user` tool? +

You pass the specific User ID to the agent. The server returns all associated metadata for that account, including roles, organization memberships, and status. This lets your AI client build comprehensive audit reports.

Can I find a user's details using only their email address? +

Yes. You can use the get_user_by_email tool. Simply provide the email address, and the agent will return the user's ID, metadata, and organization memberships.

How do I add an existing user to a specific organization? +

Use the add_user_to_org tool. You will need the user_id, the org_id, and the role you wish to assign to them (e.g., 'Admin' or 'Member').

Is it possible to monitor how many times an API key has been used? +

Yes. The get_api_key_usage tool allows you to retrieve usage statistics for a specific API key, helping you track activity and enforce limits.