Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View all use cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

OneLogin MCP Server
for AI Agents

Production-ready OneLogin MCP server with 109 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
OneLogin logo
OneLogin MCP Server
Built by StackOne StackOne

Coverage

109 Agent Actions

Create, read, update, and delete across OneLogin — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your OneLogin MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every OneLogin tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every OneLogin call.

Tools Discovery →

What is the OneLogin MCP Server?

A OneLogin MCP server lets AI agents read and write OneLogin data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's OneLogin MCP server ships with 109 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All OneLogin MCP Tools and Actions

Every action from OneLogin's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Users

  • Create User

    Create a new user in OneLogin

  • List Users

    Retrieve a paginated list of users

  • Get User

    Retrieve a single user by ID

  • Update User

    Update an existing user by ID

  • Delete User

    Delete a user by ID

Custom Attributes

  • Create Custom Attribute

    Create a new custom user attribute definition

  • List Custom Attributes

    Retrieve all custom user attribute definitions

  • Get Custom Attribute

    Retrieve a single custom attribute definition by ID

  • Update Custom Attribute

    Update an existing custom attribute definition by ID

  • Delete Custom Attribute

    Delete a custom attribute definition by ID

Apps

  • Create App

    Create a new application in OneLogin

  • List Apps

    List all applications in OneLogin

  • Get App

    Retrieve a single application by ID

  • Update App

    Update an existing application in OneLogin

  • Delete App

    Delete an application from OneLogin

App Rules

  • Create App Rule

    Create a new rule for an application

  • List App Rules

    List all rules for an application

  • Get App Rule

    Retrieve a single app rule by ID

  • Update App Rule

    Update an existing rule for an application

  • Delete App Rule

    Delete a rule from an application

Roles

  • Create Role

    Create a new role in OneLogin

  • List Roles

    List all roles in OneLogin

  • Get Role

    Retrieve a specific role by ID

  • Update Role

    Update an existing role in OneLogin

  • Delete Role

    Delete a role from OneLogin

Role Apps

  • Get Role Apps

    List applications assigned to a role

  • Set Role Apps

    Set the applications assigned to a role

Role Users

  • Add Role Users

    Add users to a role

  • Get Role Users

    List users assigned to a role

  • Remove Role Users

    Remove users from a role

Role Admins

  • Add Role Admins

    Add administrators to a role

  • Get Role Admins

    List administrators of a role

  • Remove Role Admins

    Remove administrators from a role

Groups

  • List Groups

    List all groups in OneLogin

  • Get Group

    Retrieve a specific group by ID

Events

  • List Events

    List events in OneLogin

  • Get Event

    Retrieve a specific event by ID

API Authorization Servers

  • Create API Authorization Server

    Create a new API authorization server in OneLogin

  • List API Authorization Servers

    Retrieve all API authorization servers configured in OneLogin

  • Get API Authorization Server

    Retrieve a specific API authorization server by its ID

  • Update API Authorization Server

    Update an existing API authorization server by its ID

  • Delete API Authorization Server

    Delete an API authorization server by its ID

Access Token Claims

  • Create Access Token Claim

    Create a new access token claim on an API authorization server

  • List Access Token Claims

    Retrieve all access token claims for a specific API authorization server

  • Update Access Token Claim

    Update an existing access token claim on an API authorization server

  • Delete Access Token Claim

    Delete an access token claim from an API authorization server

API Authorization Scopes

  • Create API Authorization Scope

    Create a new scope on an API authorization server

  • List API Authorization Scopes

    Retrieve all scopes for a specific API authorization server

  • Update API Authorization Scope

    Update an existing scope on an API authorization server

  • Delete API Authorization Scope

    Delete a scope from an API authorization server

Smart Hooks

  • Create Smart Hook

    Create a new smart hook in OneLogin

  • List Smart Hooks

    Retrieve all smart hooks configured in OneLogin

  • Get Smart Hook

    Retrieve a specific smart hook by its ID

  • Update Smart Hook

    Update an existing smart hook by its ID

  • Delete Smart Hook

    Delete a smart hook by its ID

Smart Hook Environment Variables

  • Create Smart Hook Environment Variable

    Create a new environment variable for smart hooks

  • List Smart Hook Environment Variables

    Retrieve all smart hook environment variables

  • Get Smart Hook Environment Variable

    Retrieve a specific smart hook environment variable by its ID

  • Update Smart Hook Environment Variable

    Update an existing smart hook environment variable

  • Delete Smart Hook Environment Variable

    Delete a smart hook environment variable by its ID

User Mappings

  • Create User Mapping

    Create a new user mapping in OneLogin

  • List User Mappings

    List all user mappings in OneLogin

  • Get User Mapping

    Retrieve a single user mapping by ID

  • Update User Mapping

    Update an existing user mapping in OneLogin

  • Delete User Mapping

    Delete a user mapping by ID

Brands

  • List Brands

    List all brands in OneLogin

  • Get Brand

    Retrieve a single brand by ID

  • Update Brand

    Update an existing brand in OneLogin

Risk Rules

  • Create Risk Rule

    Create a new Vigilance AI risk rule in OneLogin

  • List Risk Rules

    List all Vigilance AI risk rules in OneLogin

  • Get Risk Rule

    Retrieve a single Vigilance AI risk rule by ID

  • Update Risk Rule

    Update an existing Vigilance AI risk rule in OneLogin

  • Delete Risk Rule

    Delete a Vigilance AI risk rule from OneLogin

Other (36)

  • Send Invite Link

    Send an invite link email to a user

  • Get User Apps

    Retrieve applications assigned to a user

  • Get User Privileges

    Retrieve privileges assigned to a user

  • Get User Delegated Privileges

    Retrieve delegated privileges for a user

  • List App Users

    List users assigned to an application

  • List App Rule Conditions

    List available conditions for app rules

  • List App Rule Condition Operators

    List operators for a specific rule condition

  • List App Rule Condition Values

    List possible values for a specific rule condition

  • List App Rule Actions

    List available actions for app rules

  • List App Rule Action Values

    List possible values for a specific rule action

  • List Event Types

    List all available event types in OneLogin

  • List API Authorization Client Apps

    Retrieve all client applications assigned to an API authorization server

  • Get Smart Hook Logs

    Retrieve execution logs for a specific smart hook

  • List Mapping Conditions

    List all available mapping condition types

  • List Mapping Condition Operators

    List available operators for a specific mapping condition type

  • List Mapping Condition Values

    List available values for a specific mapping condition type

  • List Mapping Actions

    List all available mapping action types

  • List Mapping Action Values

    List available values for a specific mapping action type

  • Get Brand Apps

    List applications associated with a specific brand

  • List Message Templates

    List all message templates for a brand

  • Get Message Template By Type

    Retrieve a message template by its type for a brand

  • Get Message Template By Type And Locale

    Retrieve a message template by type and locale for a brand

  • Get Master Template By Type

    Retrieve a master email template by its type

  • Get Master Template By Type And Locale

    Retrieve a master email template by type and locale

  • List Custom Error Message Languages

    List all available languages for custom error messages

  • List Connectors

    List all available connectors in OneLogin

  • List Reports

    List all available reports in OneLogin

  • Get Risk Score

    Get a risk score for a given context using Vigilance AI

  • Get Score Insights

    Retrieve risk score insights and analytics from Vigilance AI

  • Delete App Parameter

    Delete a parameter from an application

  • Unlock User

    Unlock a locked user account by user ID

  • Sort App Rules

    Reorder rules for an application

  • Sort User Mappings

    Reorder user mappings by specifying their evaluation order

  • Run Report In Background

    Run a report asynchronously in the background

  • Track Risk Event

    Track a risk event for Vigilance AI analysis

  • Generate Invite Link

    Generate an invite link for a user by email

Set Up Your OneLogin MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to OneLogin in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

More Security MCP Servers

Cloudflare

137+ actions

Sentinel XS

69+ actions

Microsoft Entra ID

67+ actions

Drata

57+ actions

JumpCloud

53+ actions

Rippling

37+ actions

Okta

32+ actions

All Security MCP Servers →

OneLogin MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

OneLogin MCP Server FAQ

OneLogin MCP server vs direct API integration — what's the difference?
A OneLogin MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling OneLogin. A OneLogin MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling OneLogin at runtime. StackOne provides both.
How does OneLogin authentication work for AI agents?
OneLogin authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own OneLogin account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are OneLogin MCP tools vulnerable to prompt injection?
Yes — OneLogin MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a OneLogin agent and how do I avoid it?
Context bloat happens when OneLogin tool schemas and API responses eat your OneLogin agent's memory, preventing it from reasoning effectively. A single OneLogin query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my OneLogin agent can access?
Yes — you can limit which actions your OneLogin agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my OneLogin MCP server?
Yes — you can create custom agent actions for your OneLogin MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research OneLogin's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a OneLogin MCP server?
Skip a OneLogin MCP server if your integration is purely software-to-software — direct OneLogin API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call OneLogin actions at runtime.
What AI frameworks and AI clients does the StackOne OneLogin MCP server support?
The StackOne OneLogin MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo