Connect
Optimize
Secure
MCP Gateway
MCP Gateway
for SAP Joule
One MCP gateway to connect SAP Joule to 310+ enterprise SaaS apps. No auth hassle. Token-efficient by design. Security and governance built-in.
What is an MCP gateway?
An MCP gateway (also called an MCP aggregator) is a single endpoint that connects an AI agent to multiple
MCP servers via the open Model Context Protocol (opens in new tab).
Some gateways act as proxies, routing traffic to MCP servers customers operate themselves. Others provide the
underlying MCP servers as a managed service.
StackOne is the managed kind. We provide pre-built MCP servers for 310+ enterprise SaaS apps,
including ones with no official MCP server today. For each app you connect, StackOne provides the MCP protocol
layer, the SaaS API integration, action coverage, and the auth orchestration framework. Authentication is
configured per app per organization — your team registers OAuth credentials with the SaaS provider, links them
in StackOne, and end users then authorize access through that flow. Once set up, the agent reaches every
connected app through one URL, with token storage, refresh, and per-user scoping handled by StackOne.
StackOne's MCP gateway — SOC2, HIPAA, CCPA, and GDPR compliant — bundles 310+ pre-built SaaS integrations exposing 20,000+ actions, all reachable from your SAP Joule agent through one URL.
Act across all your apps
from inside SAP Joule
One MCP gateway, every enterprise SaaS your Joule agent
could ever need to act on.
Coverage
310+ connectors.
20,000+ tested actions.
Every action is built and maintained by StackOne, tested against the live API, and updated when vendors change their endpoints.
Browse all connectors
Trust
Auth & governance,
simplified.
StackOne handles OAuth, API keys, refresh, and scopes for every connector, giving enterprise IT full control through auth configs in a multi-tenant setup.
Agent Auth
Performance
Agent context window,
managed.
Tool Discovery and Code Mode keep your Joule agent's context lean — only relevant actions, no raw response noise. Sharper agents, lower token costs.
Tools Discovery
Security
Agent security,
built in.
Defender scans every MCP tool response for prompt injection in real time. Up to 97.44%¹ detection, 0.2% false positives. SOC2, HIPAA, CCPA, GDPR compliant.
Prompt Injection Defense¹ Jayavibhav test, 65,000 samples.
Connect SAP Joule
to more apps in 4 steps
From auth config to first agent tool call in 5 minutes.
1
Add StackOne as an MCP Server in Joule Studio.
Register the StackOne gateway as a BTP Cockpit → Destinations entry (with sap-joule-studio-mcp-server=true), then add it from your agent's Tools panel in Joule Studio → Agent Builder.
Joule Studio → Agent Builder → Tools
Add MCP Server
Toolkit name
StackOne
BTP Destination
stackone-mcp-gateway
Authentication
OAuth2ClientCredentials
Save toolkit
2
Connect each SaaS integration in StackOne.
OAuth or API key per app, done once in your dashboard. Tokens stay server-side.
3
Scope agent actions.
Read-only, specific objects, or per-role exposure. Toggle from the StackOne dashboard.
List records (enabled)
Get record (enabled)
Run workflow (enabled)
Update record (disabled)
Delete record (disabled)
4
Ask your SAP Joule agent in plain English.
StackOne maps your prompt to the right action in the right system. Done.
"Reconcile this week's HubSpot pipeline against open Workday reqs and draft the Q3 hiring readout."
hubspot_list_deals
Completed
workday_list_open_positions
Completed
department: Sales, Engineering
stage: approved, posted
result: 14 reqs open
Reconciled 47 HubSpot deals to 14 open Workday reqs. Drafted the Q3 Hiring Readout in Joule Studio.
Get SAP Joule
to do more across your stack
Cross-app workflows your Joule agent now runs in seconds instead of click-throughs.
HR & Talent Ops
> Sync open Workday requisitions with the Joule hiring agent's next-step plan.
Modern CRM & Sales Engagement
> Pull HubSpot deal stages into the Joule pipeline-review brief.
Customer Support & Service
> Cluster Zendesk escalations from this week and update the Joule service playbook.
Dev & Project Ops
> File Jira tickets for every change blocking your S/4HANA rollout.
Connect any Enterprise AI Agent
to the StackOne MCP Gateway
Same 310+ MCP servers. Same agent context. Pick yours.
Frequently Asked Questions
Joule agents built in Joule Studio consume external MCP servers through SAP BTP Destinations. Two stages: (1) In BTP Cockpit → Subaccount → Connectivity → Destinations → New Destination, register the StackOne gateway URL as an HTTP destination (do NOT append
/mcp — Joule Studio adds it) and set the additional property sap-joule-studio-mcp-server to true. (2) In SAP Build Lobby → Joule Studio Agent Builder, open your agent's Tools panel and click Add MCP Server, then pick the destination from step 1. Full walkthrough in the SAP Help docs. Requires SAP BTP + SAP Build entitlement.An MCP gateway (also called an MCP aggregator) is a single endpoint that connects an AI agent to multiple MCP servers via the Model Context Protocol. Some gateways route traffic to MCP servers customers operate themselves; others provide the MCP servers as a managed service. StackOne is the managed kind — we provide pre-built MCP servers for 310+ enterprise SaaS apps, including ones with no official MCP server today. Authentication is configured per app per organization: your team registers OAuth credentials with the SaaS provider, links them in StackOne, and end users authorize access through that flow. Once set up, the agent reaches every connected app through one URL.
SAP Joule agents can access enterprise SaaS like Workday, BambooHR, Greenhouse, HubSpot, Gong, Zendesk, Intercom, GitHub, Linear, and Jira through the StackOne MCP gateway — 310+ pre-built connectors in total. StackOne extends Joule beyond SAP's first-party Joule Studio partners (Salesforce, ServiceNow, Microsoft 365, Slack) into modern HRIS, CRM, support, and dev tools. New connectors ship continuously, and you can build custom ones with AI Integration Builder. See all connectors.
SAP Joule Studio ships 4 first-party MCP partners (Salesforce, ServiceNow, Microsoft 365, Slack) plus SAP-native systems. StackOne adds the other 310+ — every app reachable through one BTP Destination registration instead of N separate ones, auth managed once in the dashboard, and tool definitions loaded only when relevant to the prompt.
Credentials sit at three layers: your StackOne API token (embedded in the gateway URL stored in your SAP BTP Destination, governed by your Cloud Identity Services tenant), SaaS connector credentials (server-side in your StackOne dashboard), and per-user OAuth or session tokens (server-side, scoped per user). StackOne stores OAuth tokens and API keys, refreshes them automatically, and only exposes the actions you've authorized to the agent.
Skip the StackOne MCP gateway when any of these is true:
- An existing SAP first-party Joule Studio partner already covers your apps (Salesforce, ServiceNow, Microsoft 365, Slack)
- You only use a handful of actions across a few apps
- You don't need multi-tenancy, per-user permissions, or per-action scoping
- Indirect prompt injection isn't a concern
- Your MCP provider already does tool discovery and server-side execution to keep the agent context lean
Connect All Your Apps to SAP Joule.
One MCP gateway, 310+ pre-built SaaS connectors. Set up in 5 minutes.