Skip to main content
hc
Submit
mcpSource-backedReview first Safety Privacy

Descope MCP Server for Claude

Manage your Descope identity project from Claude — search users, configure auth flows, inspect audit logs, manage tenants, and search Descope documentation — with the official Descope remote MCP server hosted at mcp.descope.com.

by Descope·added 2026-06-18·
Claude CodeCodexCursorClaude Desktop
HarnessClaude CodeCodexCursorClaude Desktop
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • Sessions start in read-only mode. Write operations require explicit elevation and out-of-band one-time passcode confirmation — preventing accidental changes to production auth infrastructure.
  • The server has access to your Descope project including user PII, tenant config, and auth secrets; scope usage to least-privilege workflows.

Privacy notes

  • User profiles, tenant configurations, auth flow definitions, audit log entries, and API key metadata from your Descope project are surfaced in Claude's context.
  • Authenticated via your Descope account — no API keys stored in the MCP configuration.

Prerequisites

  • A Descope account — authenticate via your Descope account when prompted on first tool use.
  • An MCP client such as Claude Code or Claude Desktop.

Schema details

Install type
cli
Troubleshooting
No
Collection metadata
Estimated setup
5 minutes
Difficulty
beginner
Tool listing metadata
Full copyable content
{
  "mcpServers": {
    "descope": {
      "type": "http",
      "url": "https://mcp.descope.com"
    }
  }
}

About this resource

Overview

The Descope MCP Server is the official remote Model Context Protocol server from Descope, hosted at https://mcp.descope.com. It provides read and write tool groups for project settings, access control, MCP server definitions, audits, auth keys, flows, tenants, users, documentation search, and grounded documentation Q&A.

Sessions start in read-only mode. Write operations require explicit elevation with out-of-band one-time passcode confirmation, ensuring human oversight for any production changes.

Key capabilities

  • User management — create, modify, and inspect user objects within projects.
  • Tenant operations — list and manage multi-tenant configurations.
  • Authentication flows — view and configure authentication workflows.
  • Audit logs — review comprehensive access and change history.
  • Project settings — inspect and adjust project configuration.
  • Access control — manage roles, permissions, and auth keys.
  • Documentation search — semantic search over Descope docs via docs_search.
  • Documentation Q&A — grounded answers via docs_ask_question.

How it compares

Server User management Auth flows Audit logs Tenants Auth
Descope MCP Yes Yes Yes Yes Account sign-in
Auth0 MCP Yes Limited Yes Limited API token
Okta MCP Yes Limited Yes Yes API token
Stytch MCP Yes No Limited No API key

Descope's MCP starts read-only and gates write operations behind explicit elevation and OTP confirmation — a stronger default safety model than API-key-based alternatives.

Installation

Claude Code

claude mcp add --transport http descope https://mcp.descope.com

Run /mcp in Claude Code to authenticate with your Descope account.

Claude Desktop

Go to Settings → Connectors and enter https://mcp.descope.com, or add manually:

{
  "mcpServers": {
    "descope": {
      "type": "http",
      "url": "https://mcp.descope.com"
    }
  }
}

Requirements

  • A Descope account.
  • An MCP client (Claude Code or Claude Desktop).

Security

  • Read-only by default — write operations require OTP confirmation.
  • No API keys: uses account-based session authentication.

Source Verification Notes

Verified on 2026-06-18:

  • Third-party guide at kingy.ai/news/descope-mcp-server-guide/ documents the read/write tool groups: project settings, access control, MCP server definitions, audits, auth keys, flows, tenants, users, docs search, and docs Q&A — plus the read-only default with OTP elevation.
  • Descope MCP directory listing at feluda.ai/mcp-servers/descope independently confirms user management, tenant listing, flow management, access control, audit log viewing, auth key management, and hosted endpoint at https://mcp.descope.com.
  • Descope's official MCP page at docs.descope.com/mcp/mcp-server is the canonical source for install instructions and authentication model.
#descope#authentication#user-management#auth-flows#identity#access-control#audit-logs

Source citations

Add this badge to your README

Show that Descope MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/descope-mcp-server.svg)](https://heyclau.de/entry/mcp/descope-mcp-server)

How it compares

Descope MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

FieldDescope MCP Server for Claude

Manage your Descope identity project from Claude — search users, configure auth flows, inspect audit logs, manage tenants, and search Descope documentation — with the official Descope remote MCP server hosted at mcp.descope.com.

Open dossier 		Auth0 MCP Server for Claude

Connect Claude to Auth0's official local MCP server for tenant administration, application setup, Actions, logs, forms, and scoped Management API workflows.

Open dossier 		Appwrite MCP Server for Claude

Connect Claude to the full Appwrite backend platform — databases, authentication, serverless functions, teams, messaging, and storage — with the official Appwrite MCP server using dynamic dispatch across the entire Appwrite API surface.

Open dossier 		Clerk MCP Server for Claude

Get accurate Clerk SDK snippets and implementation patterns directly inside Claude — for authentication flows, Organizations, custom sign-in, B2B SaaS, and more — with the official Clerk remote MCP server.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorymcpmcpmcpmcp
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorDescopeAuth0AppwriteClerk
Added2026-06-182026-06-052026-06-182026-06-18
Platforms
Claude CodeCodexCursorClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesSessions start in read-only mode. Write operations require explicit elevation and out-of-band one-time passcode confirmation — preventing accidental changes to production auth infrastructure. The server has access to your Descope project including user PII, tenant config, and auth secrets; scope usage to least-privilege workflows.Auth0 documents the server as beta software. Treat command behavior, available tools, requested scopes, and client setup flows as subject to change until Auth0 publishes a stable release. Start with `--read-only` or a narrow `--tools` pattern such as `auth0_list_*,auth0_get_*`. Enable create, update, deploy, or publish tools only for a scoped task and an approved tenant. The server can expose tools for applications, APIs, client grants, Actions, logs, and forms. Some of those tools can change callback URLs, token settings, Actions code, branding, and other live authentication behavior. Review every mutating tool call before approving it. A mistaken tenant change can break sign-in, weaken security settings, deploy incorrect Actions, expose callback URLs, or affect production users. Keep token lifetime and Management API scopes as small as possible when using the client-credentials setup path. Revoke or rotate credentials that were created for temporary MCP work. Use `npx @auth0/auth0-mcp-server logout` when finished or when switching tenants so local authentication state is removed from the system keychain.Mutation operations (write, update, delete) require `confirm_write=true` to be passed explicitly, adding a confirmation step before any destructive action. The API key scope determines what operations are available — use least-privilege scopes for your use case.The server is read-only — it serves documentation and SDK snippets only; it does not access your Clerk dashboard or application data. No authentication credentials or secret keys are transmitted.
Privacy notesUser profiles, tenant configurations, auth flow definitions, audit log entries, and API key metadata from your Descope project are surfaced in Claude's context. Authenticated via your Descope account — no API keys stored in the MCP configuration.The local MCP server can send selected tenant operations to the Auth0 Management API and return application metadata, API identifiers, Actions code, form configuration, log events, user identifiers, IP addresses, and authentication error details into the model conversation. Prompts, MCP client logs, Claude transcripts, terminal history, screenshots, and issue comments can retain Auth0 resource names, tenant domains, client IDs, redirect URLs, organization names, and troubleshooting details outside Auth0's normal audit and retention controls. Do not paste client secrets, access tokens, refresh tokens, private keys, production user records, password-reset links, session cookies, or full log payloads into the conversation. Auth0 says the server stores credentials in the system keychain and redacts sensitive response fields such as client secrets and tokens. Still review assistant output before copying it into tickets, commits, runbooks, or shared chats. The server collects anonymized analytics by default according to Auth0's README. Set `AUTH0_MCP_ANALYTICS=false` when analytics collection is not approved for the environment.User records, database documents, function logs, team memberships, and messaging data from your Appwrite project are surfaced in Claude's context. Your `APPWRITE_API_KEY` grants project-level access — keep it in the MCP config env and never commit it to version control.Queries you send (e.g. feature names, framework) are sent to mcp.clerk.com — Clerk's hosted infrastructure; no personal or application data is required.
Prerequisites
  • A Descope account — authenticate via your Descope account when prompted on first tool use.
  • An MCP client such as Claude Code or Claude Desktop.
  • Auth0 account and approval to connect an MCP client to the selected tenant.
  • Node.js 18 or newer with `npx` available to the MCP client.
  • MCP-capable client such as Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, Gemini CLI, or another stdio-compatible client.
  • Interactive browser access for the OAuth 2.0 device authorization setup flow, unless using the documented client-credentials path for private cloud tenants.
  • An Appwrite account — log in at cloud.appwrite.io or self-hosted.
  • An Appwrite project with an API key that has the required scopes for your use case.
  • Python with `uvx` available.
  • An MCP client such as Claude Code or Claude Desktop.
  • No API keys required — the Clerk MCP server is publicly accessible.
  • An MCP client such as Claude Code or Claude Desktop.
Install
claude mcp add --transport http descope https://mcp.descope.com
npx @auth0/auth0-mcp-server init --read-only
claude mcp add appwrite -e APPWRITE_PROJECT_ID=<project-id> -e APPWRITE_API_KEY=<api-key> -- uvx mcp-server-appwrite
claude mcp add clerk --transport http https://mcp.clerk.com/mcp
Config
{
  "mcpServers": {
    "descope": {
      "type": "http",
      "url": "https://mcp.descope.com"
    }
  }
}
{
  "mcpServers": {
    "auth0": {
      "command": "npx",
      "args": ["-y", "@auth0/auth0-mcp-server", "run", "--read-only"],
      "capabilities": ["tools"],
      "env": {
        "AUTH0_MCP_ANALYTICS": "false"
      }
    }
  }
}
{
  "mcpServers": {
    "appwrite": {
      "command": "uvx",
      "args": ["mcp-server-appwrite"],
      "env": {
        "APPWRITE_PROJECT_ID": "<project-id>",
        "APPWRITE_API_KEY": "<api-key>",
        "APPWRITE_ENDPOINT": "https://cloud.appwrite.io/v1"
      }
    }
  }
}
{
  "mcpServers": {
    "clerk": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.clerk.com/mcp"]
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.