Skip to main content

Permit MCP Gateway

Secure MCP access for developers and AI agents — without rewriting your tools.

Permit MCP Gateway is a drop-in proxy between MCP clients (Cursor, Claude, VS Code, and other AI tools) and the MCP servers they connect to. It adds authentication, authorization, consent, and audit to every tool call — so your team can adopt MCP with identity-aware controls and full visibility from day one.

No SDK. No agent rewrites. No changes to your MCP servers. Just a URL switch.

For Developers and Platform Teams

  • Set up in minutes — create a host, import an MCP server, share the gateway URL with your team
  • Works with existing MCP servers — GitHub, Linear, Slack, Jira, and any server that speaks MCP
  • Copy-paste client configs — ready-to-use snippets for Cursor, Claude Desktop, VS Code, and Claude Code
  • Predictable runtime behavior — allowed calls pass through transparently; denied calls return a clear permission error
  • No infrastructure to manage — the hosted gateway handles TLS, routing, sessions, and token refresh

For Security, IAM, and Governance Teams

  • Identity-aware access control — every tool call is tied to a specific human and agent identity
  • Least privilege by default — tools are classified by risk (read / write / destructive), and admins set per-user trust ceilings
  • Consent-based delegation — humans explicitly authorize what their agents can do, within admin-defined boundaries
  • Complete audit trail — every authorization decision is logged with who, what, where, when, and whether it was allowed or denied
  • Central policy management — one place to manage access across all MCP servers, users, and agents
  • Deny by default — no user or agent can access any tool until explicitly granted permission

Why Teams Adopt Permit MCP Gateway

  • AI agents are accessing production systems — but most teams have no visibility into what agents do or who authorized them
  • Existing IAM and API gateways were not designed for MCP — they do not model the human-to-agent delegation chain or provide per-tool controls for autonomous agents
  • MCP adoption is outpacing security controls — teams spin up MCP server connections in minutes, creating unvetted access to sensitive systems
  • Compliance and audit requirements apply to agent actions — regulators and internal security teams need traceability from agent action back to authorizing human

Permit MCP Gateway gives you a single enforcement point where you can authenticate users, authorize agent actions, collect consent, and audit everything — applied consistently across every MCP server your organization uses.

Use Cases

Securely Consume MCP Servers (Internal)

Your team uses Cursor, Claude, VS Code, or internal agents to interact with MCP servers like GitHub, Linear, Slack, and Jira. Permit MCP Gateway sits between your agents and those servers, enforcing per-user access control, trust-level policies, and logging every tool call.

Typical scenario: An engineering team connects Cursor to GitHub and Linear through the gateway. Admins grant developers read/write access but restrict destructive operations. Every tool call is logged, and new MCP servers require admin approval before anyone can connect.

Provide Secure MCP Servers to Customers

You build or host MCP servers that your customers connect to. Permit MCP Gateway adds authentication, per-customer authorization, consent, and audit — so each customer's agents only access what they are permitted to, with full traceability.

Typical scenario: A SaaS platform exposes its API as an MCP server. Enterprise customers connect their AI agents through the gateway with SSO, per-user trust levels, and isolated audit trails per customer.

Built on Permit.io

Permit MCP Gateway is powered by Permit.io, which serves as the control plane and default data plane for every gateway instance. Permit.io is where the authorization model lives — policies, roles, relations, and audit logs. The gateway enforces those policies at the MCP protocol layer.

  • Every gateway host maps 1:1 to a Permit environment — all policies, users, and audit data for that host live in the linked environment
  • The full power of Permit's policy engine is available: RBAC, ABAC, ReBAC, real-time updates, and policy-as-code
  • Two dashboards work together: app.permit.io for deep policy management and audit analysis, app.agent.security for day-to-day gateway and MCP server management

For the detailed policy model and how gateway concepts map to Permit primitives, see Permit.io Integration.

Works With Your Existing MCP Stack

Permit MCP Gateway is a proxy — it works with any MCP server that speaks the Model Context Protocol over Streamable HTTP. It does not replace your MCP servers or require a new hosting platform.

ComponentWhat you keepWhat the gateway adds
MCP serversYour existing servers (GitHub, Linear, Slack, custom, etc.)Authentication, authorization, consent, and audit in front of them
MCP clientsYour existing tools (Cursor, Claude, VS Code, etc.)A gateway URL instead of a direct server URL
Identity providerYour existing SSO (SAML, OIDC, Google, GitHub, Microsoft)Per-host authentication configuration
Policy enginePermit.io (included)Fine-grained ReBAC with trust-level enforcement

Deployment Options

Hosted Gateway (SaaS)

The fastest way to get started. Each gateway host runs under a subdomain of agent.security (e.g., acme-pink-panda-6942.agent.security), with TLS, session management, and audit logging included. Permit.io provides both the control plane (app.permit.io) and the hosted data plane (PDP) that evaluates authorization decisions.

  • No infrastructure to manage — Permit hosts the gateway, consent service, and policy decision point
  • Minutes to first value — create a host, import a server, connect a client
  • Isolated per host — each host gets its own subdomain, users, policies, and sessions
  • Two dashboards — manage policies and audit in app.permit.io, manage hosts and MCP servers in app.agent.security

Customer-Controlled Deployment

For organizations that require enforcement within their own network boundary, Permit offers deployment options where the gateway and policy decision point (PDP) run in your environment. Permit.io still serves as the control plane, but authorization decisions and MCP traffic stay within your network.

note

Customer-controlled deployment is available for enterprise plans. Contact us or schedule a demo for architecture details and availability.

When to Use Permit MCP Gateway

Permit MCP Gateway is especially valuable when:

  • You already use or plan to use MCP from tools like Cursor, Claude, VS Code, or internal agents
  • You need per-user or per-agent controls over which tools can be called
  • You need a central audit trail of all agent actions across MCP servers
  • You want consent or approval workflows for sensitive operations
  • You do not want every MCP server trusted equally — different servers and tools need different risk controls
  • You are building MCP servers to be consumed securely by your customers
  • You want to enable enterprise workflows where agents interact with sensitive systems or data

If you are not yet using MCP, or if your agents do not interact with external tools or data, you may not need the gateway today — but it is designed to be adopted incrementally as your MCP usage grows.

Who This Is For

AudienceWhat they use it for
Developers / platform engineersSet up secure MCP access for their team, manage which servers are available, configure client connections
Security / IAM / governance teamsDefine trust policies, set per-user access ceilings, review audit logs, enforce least privilege and consent
Teams exposing MCP as a productAdd per-customer authentication, authorization, and audit to their MCP server offering

Start Here

  1. Read the Overview to understand how Permit MCP Gateway works and what it enforces
  2. Follow the Getting Started Guide to set up your first gateway and make your first authorized tool call

Go Deeper

Prerequisites

Support

Contents