Add MCP Server

Manage and configure your MCP servers in one centralized location. See Build Your Own MCP Server to build your own MCP server from scratch.

Note: Tokens refresh automatically after OAuth or Auth Request authentication.

MCP Configuration Model

An MCP source contains:

Field Purpose
Name The display name used when selecting the MCP server in Agent Builder.
URL The server endpoint, such as https://<host>:<port>/mcp or https://<host>:<port>/sse. The URL must include the correct path.
Authentication mode Determines how Agent Factory obtains credentials and sends requests to the MCP server.
Tool discovery result The tools returned by the MCP server and made available for selection in Agent Builder.

MCP requests run from the Agent Factory application container. The MCP URL must be reachable from that container, not only from your browser.

Authentication Modes

Mode Use when Notes
Direct or no auth The MCP server is protected by network controls or does not require credentials. Use only in trusted networks.
Bearer token You already have a static token for the MCP server. Treat the token as a secret and rotate it according to your policy.
OAuth The provider requires an authorization-code browser flow. Register the Agent Factory callback URL with the provider.
Client credentials The provider issues a token from client ID and client secret without browser authorization. Use for service-to-service MCP servers when supported.
Auth Request The server exposes a token endpoint that accepts configured credentials and returns an access token. Agent Factory stores the returned token for use by the MCP source.

Configure an MCP Server With OAuth Authentication

  1. Click the MCP Servers tab from the left-side navigation.

  2. Select Add MCP Server.

    Add MCP Server

  3. Provide a unique name for your MCP Server. This name will be used to configure the MCP Server Node in the Agent Builder workflow.

  4. Set the URL of MCP server to https://<host>:<port>/mcp or https://<host>:<port>/sse. The URL fully defines the endpoint path, there are no extra path fields.

  5. Select OAuth as the authentication mode.

  6. Configure an application in your MCP server provider, using the provided Redirect Callback URL.

    The redirect URL must match exactly. Match the protocol, host name, port, and path that users use to access Agent Factory. If Agent Factory is behind a load balancer, reverse proxy, bastion tunnel, or private subnet access path, register the externally reachable URL, not the container’s internal host name.

  7. Enter all required credentials for MCP Server OAuth.

    MCP Server OAuth Authentication

  8. Click Add MCP Server once all details are entered.

  9. A dialog box requesting authorization will appear. Click Request Authorization.

  10. You will be redirected to the OAuth page to authorize the application.

  11. After authorization is complete, the MCP Server will be listed in the table.

See MCP Server to learn how to use your MCP Server in the Agent Builder workflow.

OAuth Callback Flow

The OAuth flow works as follows:

  1. An administrator creates the MCP source and selects OAuth authentication.
  2. Agent Factory displays a redirect callback URL.
  3. The administrator registers that callback URL in the MCP provider application.
  4. The administrator clicks Request Authorization in Agent Factory.
  5. The provider redirects the browser back to Agent Factory after authorization.
  6. Agent Factory stores the token for the MCP source.
  7. Agent Factory tests the source and discovers the MCP tools.
  8. Agent Builder workflows can select the MCP source and optionally restrict which discovered tools are available to an agent.

If the provider reports a redirect mismatch, compare the provider’s rejected redirect_uri value with the callback URL registered in the provider. The values must be identical.

Troubleshoot MCP Servers

Symptom Likely cause Action
Test fails with DNS or connection error Agent Factory cannot reach the MCP server from the container network. Verify URL, DNS, firewall, proxy, and private subnet routing.
OAuth provider reports redirect mismatch Callback URL registered with the provider differs from the actual Agent Factory callback. Register the exact callback URL shown in Agent Factory or reported as redirect_uri.
Test succeeds but no tools are listed The MCP server did not expose tools or the endpoint path is wrong. Verify /mcp or /sse path and inspect MCP server logs.
Agent calls an unexpected tool Too many tools are exposed or descriptions are ambiguous. Restrict allowed tools and improve tool names/descriptions on the server.
Tool calls time out The tool runs longer than the node timeout, or the MCP server is slow/unreachable. Increase the timeout only after confirming the server is receiving requests.