IAM Domains and Model Context Protocol Server

Database Tools integrates with IAM Identity Domains to provide authentication and authorization for the MCP Server.

When you create an MCP Server, it is associated with an identity domain and configured for OAuth 2.0–based access. This enables MCP clients to obtain access tokens from the identity domain and securely call MCP Server APIs. The identity domain acts as the central location where authentication, authorization, and access policies are managed.

To use the Model Context Protocol Server, you must work within an IAM domain.

• When you create an MCP Server, it is registered in an IAM domain as a Resource Server. The domain is where you associate the MCP Server with the policies and permissions that govern who can use MCP Tools and SQL Reports.

  For more information, see Adding an Enterprise Application.

• MCP clients are registered in the same IAM domain as Applications. This registration establishes each client’s identity for OAuth and access policy purposes. Any configuration that identifies the client and controls how it authenticates is managed in the domain.

  For more information, see Managing Application Integrations.

• The IAM domain provides the authorization layer for MCP. If a corporate Identity Provider (IdP) is used, federation is configured at the domain level, enabling enterprise SSO identities to be used when authorizing access to MCP resources.

  For more information, see Federating with Identity Providers