Hi,
as a huge fan of dbatools - I wanted to ask for the current implementation status of authentication for the MCP server.
Instead of opening the entire MCP server to all users, it would be preferable to have proper authentication and access control in place so that usage can be restricted to approved users or groups only.
Could you please let me know:
whether MCP server authentication is already planned or in progress,
what the current implementation status is,
and, if not yet planned, whether a request can be raised to implement authentication and role-based access control.
To make this more concrete, here are a few authentication patterns that would be reasonable for MCP:
OAuth 2.1 / OIDC for remote MCP servers
use our corporate IdP, for example Entra ID / Okta / Keycloak
authorization code flow with PKCE
restrict access by group or app role
validate token audience/scopes on the MCP server
preferred option for production use
Bearer token via API gateway or reverse proxy
place the MCP server behind an authenticated gateway
only authenticated and approved users/groups receive access
useful as an intermediate step if native MCP auth is not yet implemented
API key or custom header for limited internal use only
acceptable only as a temporary or tightly scoped solution
should still be limited to a small approved user set
should not be used as the long-term approach for broad access
Local-only / STDIO-based MCP usage
for local MCP servers, credentials can be provided through environment-based mechanisms or local secure storage
this is not a substitute for proper authentication on remotely hosted MCP servers
From a security perspective, the goal would be:
no broad anonymous or open access,
access limited to approved users or groups,
auditable usage,
and a solution that supports least privilege rather than exposing the full MCP server by default.
Please let me know the current status and whether one of the above options is already being considered.
Thank you.
Hi,
as a huge fan of dbatools - I wanted to ask for the current implementation status of authentication for the MCP server.
Instead of opening the entire MCP server to all users, it would be preferable to have proper authentication and access control in place so that usage can be restricted to approved users or groups only.
Could you please let me know:
whether MCP server authentication is already planned or in progress,
what the current implementation status is,
and, if not yet planned, whether a request can be raised to implement authentication and role-based access control.
To make this more concrete, here are a few authentication patterns that would be reasonable for MCP:
OAuth 2.1 / OIDC for remote MCP servers
use our corporate IdP, for example Entra ID / Okta / Keycloak
authorization code flow with PKCE
restrict access by group or app role
validate token audience/scopes on the MCP server
preferred option for production use
Bearer token via API gateway or reverse proxy
place the MCP server behind an authenticated gateway
only authenticated and approved users/groups receive access
useful as an intermediate step if native MCP auth is not yet implemented
API key or custom header for limited internal use only
acceptable only as a temporary or tightly scoped solution
should still be limited to a small approved user set
should not be used as the long-term approach for broad access
Local-only / STDIO-based MCP usage
for local MCP servers, credentials can be provided through environment-based mechanisms or local secure storage
this is not a substitute for proper authentication on remotely hosted MCP servers
From a security perspective, the goal would be:
no broad anonymous or open access,
access limited to approved users or groups,
auditable usage,
and a solution that supports least privilege rather than exposing the full MCP server by default.
Please let me know the current status and whether one of the above options is already being considered.
Thank you.