SecureAuth AI Gateway

Connect an agent

Point your agent at the gateway and start using tools

Agents connect to the gateway via MCP (Model Context Protocol). Once connected, they can access all tools from your configured resources — governed by your policies.

Quickstart page with catalog of agents
The Quickstart page lists every agent the gateway knows how to connect

Register an agent

End users can self-onboard from the Quickstart page:

  1. Navigate to Quickstart in the sidebar
  2. Click your agent — Claude Code, Cursor, Copilot, Codex, and more
  3. Follow the setup steps in the dialog — each agent has its own configuration method
  4. Copy the token shown after the gateway provisions the instance

For agents not in the catalog, open Agents → Instances and click Add custom agent.

See the full setup guides for each supported agent:

Scope a connection to one MCP

The default endpoint, /gateway/mcp, aggregates every MCP your org has connected into a single tool list. Some agents cap how many tools a connection may expose, and a large catalog can exceed that cap — past it the agent truncates tools or refuses to connect.

To stay under the cap, connect to a single MCP by appending its slug:

https://your-gateway-url/gateway/mcp/{slug}

Finding the slug — open Resources → your MCP; the MCP Info card shows the Single-MCP gateway URL with a copy button, so you rarely need to build it by hand. The slug is the catalog name for catalog resources (github, slack, …) or the slug you set when adding a custom resource.

This exposes only that MCP's tools. Agents that need several MCPs configure one connection per slug, each well under the cap:

{
  "mcpServers": {
    "github": { "url": "https://your-gateway-url/gateway/mcp/github" },
    "linear": { "url": "https://your-gateway-url/gateway/mcp/linear" },
  },
}

Authentication and policy enforcement are identical to the aggregate endpoint — the slug only narrows which MCP's tools are served. An unknown slug returns 404.

Auto-registration

When an agent connects for the first time, the gateway automatically detects its type and records metadata like client name, version, and protocol version. The agent appears in the dashboard immediately.

Registry vs. Instances

Two views show the same agents from different angles:

  • Agents → Registry — one card per agent type (Claude Code, Cursor, …) with aggregate instance counts and policy coverage. Use this to answer questions like which tools any Cursor instance can call across the org. See Agent Registry.
  • Agents → Instances — every individual connected client across all users. Use this to debug a specific agent's identity, history, and effective access.
Agent instance detail page showing identity, metadata, and activity
The Instances detail page shows client identity, metadata, and recent activity for one agent

The instance detail page shows:

  • Identity — user, client name and version, MCP protocol version
  • Recent activity — audit events for this agent instance
  • Effective access — which tools this instance can use based on current policies

Authentication

The first time your agent tries to use a tool that requires authentication (for example, Slack), the gateway will prompt you with a link to connect your account. No upfront setup needed — see Connections for details.

On this page