Product UpdatesStatus PageWorkato Academy
English
Get a trial
MCP

# MCP - FAQ

Get answers to frequently asked questions about Model Context Protocol (MCP), including setup, authentication, Verified User Access, and troubleshooting.

# Overview

What is MCP?

Model Context Protocol (MCP) is an open protocol that standardizes how AI models connect to external systems and data sources. MCP enables you to expose your Workato capabilities (API collections, API recipes, recipe functions, and skills) as tools that AI clients can use.

Key benefits of MCP include:

  • Connects AI to external resources: Enables AI models to access external data and tools to improve versatility and capabilities
  • Standardizes interactions: Provides a consistent way for AI models to communicate with different systems like Slack, Jira, or Google Drive
  • Reduces development: MCP's standardization reduces the need for custom integrations for each new data source
What MCP capabilities does Workato provide?

Workato provides the following MCP capabilities:

  • MCP servers: Enable you to provide Workato capabilities (API collections, recipe functions, API recipes, and skills) as tools to AI agents through remote, cloud-based MCP servers with unique, authenticated URLs.
  • Verified User Access: Enables your MCP servers to use authenticated end-user credentials for external API calls instead of static tokens.
  • Workato Developer API MCP: Enables AI-powered developer environments like Claude Desktop and Cursor to programmatically access your Workato workspace.
Which AI clients/LLMs are compatible with Workato MCP?

Workato MCP is compatible with:

  • Claude (Anthropic)
  • Cursor
  • Windsurf
  • ChatGPT
  • Any MCP client that supports the Model Context Protocol standard

# Setup and access

Is MCP available in my region?

MCP is available in the US, EU, AU, SG, and JP data centers.

Contact your Customer Success representative if you're interested in using MCP or require additional information. Refer to your pricing plan and contract to learn more.

How do I create an MCP server in Workato?

You can create an MCP server in the AI Hub by starting with a prebuilt template or building your own from scratch. The setup steps vary depending on which approach you choose.

What prebuilt MCP server templates are available?

Workato provides prebuilt MCP server templates for common collaboration and productivity apps, such as Slack, Google Calendar, and Google Sheets, project and development apps, such as Jira and GitHub, identity management apps, such as Google Directory End User and Okta End User, and sales operations apps, such as Gong.

Refer to the MCP server registry for a complete list of available templates.

What types of assets can I add as tools to an MCP server?

You can select one of two tool source types when creating an MCP server from scratch:

API collection

Expose an entire API collection as MCP tools. This includes standard API recipe collections and AI gateway collections (API proxy collections). API collections don't support Verified User Access.

Project assets

Select individual assets from a project folder to expose as MCP tools:

  • Recipe functions
  • API recipes
  • Skills

With project assets, you can mix multiple asset types in the same MCP server. All assets must be in the same project folder.

Learn more about MCP servers and Verified User Access.

How do I configure an AI client to use my MCP server?

Configuration steps vary by AI client:

What are the best practices for designing MCP tools?

Follow these key principles when designing MCP tools:

Tool design principles:

  • Simple: Each tool performs exactly one specific action or retrieval
  • Composable: Tools act as building blocks that work together seamlessly
  • Predictable: Tools behave consistently and return standard errors

Data strategy:

  • Return only necessary fields to preserve context windows
  • Use AI preprocessing to summarize large datasets before returning to the agent

Developer experience:

  • Write clear tool names and detailed descriptions
  • Include sample requests and responses in tool documentation
  • Use consistent naming conventions across all tools
  • Implement standard HTTP status codes (200, 400, 404, 500)

Monitoring and refinement:

  • Test tools with real AI workflows
  • Monitor usage patterns and refine based on which tools are used most frequently

# Authentication and access control

What authentication methods does MCP support?

MCP supports two authentication methods:

Token-based authentication (default):

  • Simple authentication with minimal configuration
  • Tokens generated automatically and managed in MCP server settings
  • Assigned by default to new MCP servers

OAuth 2.0 integration with Workato Identity:

  • Required for Verified User Access (VUA)
  • Provides centralized user access management
  • Enables user-level audit trails and identity-aware authorization

Important: Switching from token-based authentication to Workato Identity revokes the MCP token, requiring all clients to be reconfigured for OAuth 2.0 authentication.

What is Verified User Access and when should I use it?

Verified User Access (VUA) enables end users to authenticate with their own credentials when interacting with MCP tools, bringing enterprise-grade governance and user-level security to AI workflows.

How it works:

  • End users authenticate once when first accessing the MCP server
  • Credentials are securely stored and reused across tools
  • All tool calls respect individual user permissions
  • Each action executes with the user's own identity and access rights

When to use VUA:

  • You need user-level audit trails for compliance
  • Tools access sensitive data requiring individual permissions
  • You want to eliminate shared credentials for security
  • Your organization requires identity-aware authorization

Requirements:

  • MCP server must use Workato Identity (OAuth 2.0) authentication
  • MCP server must use project assets as the tool source. API collections aren't supported.
  • Selected tools must be recipe functions or skills
  • Connected applications must support OAuth 2.0 authorization code grant. API keys, basic auth, and other OAuth 2.0 grant types don't work with VUA.
How do I enable Verified User Access for my MCP server?

Complete the following steps to use Verified User Access (VUA) with your MCP server:

1

Configure your MCP server to use Workato Identity authentication.

2

Create recipe functions or skills as your MCP tools.

3

Configure connections to use end-user connections.

This allows each user to interact with your MCP tools using their own credentials, ensuring actions are performed as the authenticated user rather than the builder's credentials.

# Limitations

Can I limit MCP server usage?

Yes. You can configure MCP server limits by going to your MCP server's Settings > Limits page:

  • Rate limits (throttling): Control request speed to prevent traffic bursts with customizable time intervals. No rate limits are enforced by default. Requests are unlimited if left blank.
  • Usage quotas (cumulative): Limit total consumption over time with aggregate request limits. No usage quotas are enforced by default. Consumption is unlimited if left blank.
  • IP restrictions: Configure IP allowlists and blocklists to control which IP addresses can access your server. Blocked IPs take precedence over allowed IPs.

When rate limits or usage quotas are exceeded, all requests are blocked until the limit interval passes or the quota resets.

# Troubleshooting

Why can't I access my MCP server with Workato Identity?

MCP servers using Workato Identity (OAuth 2.0) authentication don't grant automatic access to any users. All users must be added to an end-user group to access MCP servers, including administrators.

Complete the following steps to grant access:

1

Create or select an end-user group in Workato Identity.

2

Add users to the group.

3

Add the group to your MCP server's User access tab.

You must have admin privileges to manage user groups. If using token-based authentication instead, you only need the MCP URL and token.

Refer to MCP authentication user groups for step-by-step instructions.

How can I track who is accessing my MCP server?

MCP server logs provide a unified usage and access overview for governance and tracking. Logs include:

  • User ID: Who accessed the server
  • Request IP address: Where the request came from
  • Creation timestamp: When the access occurred
  • Which tools/APIs were called: What actions were performed

You can access logs in AI Hub > MCP Servers. Select your server, go to Logs, and click View log.

Microsoft Copilot
Community library


Last updated: 2/2/2026, 10:18:15 PM

On this page