playbooks

home / mcp / adobe okta mcp server

Adobe Okta MCP Server

Provides OAuth-based authentication for protected MCP servers using Adobe IMS or Okta with auto token management.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "adobe-rnd-mcp-remote-with-okta": {
      "command": "npx",
      "args": [
        "mcp-remote-with-okta",
        "https://your-mcp-server.com/mcp"
      ],
      "env": {
        "DEBUG_MODE": "false",
        "OKTA_SCOPE": "openid profile email",
        "ADOBE_SCOPE": "AdobeID,openid",
        "AUTH_METHOD": "jwt",
        "OKTA_DOMAIN": "your_okta_domain.okta.com",
        "AUTO_REFRESH": "true",
        "REDIRECT_URI": "http://localhost:8080/callback",
        "ADOBE_IMS_ENV": "prod",
        "AUTH_PROVIDER": "adobe",
        "OKTA_CLIENT_ID": "your_okta_client_id",
        "ADOBE_CLIENT_ID": "your_client_id_here",
        "REFRESH_THRESHOLD": "10"
      }
    }
  }
}

You can securely access protected MCP servers by using a wrapper that handles Adobe IMS or Okta authentication via OAuth, then launches your MCP client with the proper authorization token. This makes it easy to authenticate once and reuse tokens across sessions while keeping your credentials and tokens safely managed on your machine.

How to use

Set up your environment and start using your MCP by running the wrapper with the MCP URL you want to reach. The wrapper automatically handles the authentication flow for Adobe or Okta, stores tokens securely, and launches the MCP client with the required Authorization header.

How to install

Prerequisites: you need Node.js and npm installed on your system.

Install and run using the recommended method:

npx mcp-remote-with-okta <mcp-url>

Configuration and usage notes

The wrapper supports multiple providers and token management options. You can configure which provider to use and various OAuth parameters through environment variables.

Use the provided environment variable examples to configure either the Adobe or Okta flow. The Adobe path requires a client ID and IMS environment, while the Okta path requires a client ID and your Okta domain.

Example configurations for your MCP setup:

{
  "mcpServers": {
    "adobe_mcp": {
      "command": "npx",
      "args": [
        "mcp-remote-with-okta",
        "https://your-mcp-server.com/mcp"
      ],
      "env": {
        "AUTH_PROVIDER": "adobe",
        "ADOBE_CLIENT_ID": "your_client_id_here",
        "ADOBE_IMS_ENV": "prod"
      }
    },
    "okta_mcp": {
      "command": "npx",
      "args": [
        "mcp-remote-with-okta",
        "https://your-mcp-server.com/mcp"
      ],
      "env": {
        "AUTH_PROVIDER": "okta",
        "OKTA_CLIENT_ID": "your_okta_client_id",
        "OKTA_DOMAIN": "your_okta_domain.okta.com"
      }
    }
  }
}

Troubleshooting and tips

If you encounter issues, you can check token status, view the current token, or trigger authentication again using the CLI. Enable debug mode to gather detailed logs for troubleshooting.

Common actions include authenticating, checking status, viewing tokens, and clearing stored tokens before re-authenticating.

npx mcp-remote-with-okta <mcp-url> authenticate
npx mcp-remote-with-okta <mcp-url> status
npx mcp-remote-with-okta <mcp-url> token
npx mcp-remote-with-okta <mcp-url> clear

Security and token handling

Tokens are stored securely on your local machine and are managed with automatic refresh to minimize interruptions. You can adjust refresh behavior and debug output through environment variables as needed.

Available tools

authenticate

Authenticate the user and obtain an access token for use with MCP servers.

status

Check the current token status, including expiration and validity.

token

Display the current stored token details.

clear

Clear all stored tokens from secure local storage.

help

Show usage information and available commands for the MCP wrapper.