Secure MCP servers
You can secure Model Context Protocol (MCP) servers ↗ with Cloudflare Access. Choose an approach based on who manages the MCP server code and hostname:
| Approach | Best for | Auth handled by |
|---|---|---|
| Customer-managed third-party MCP server | Third-party MCP server code running on a hostname you control in Cloudflare | The third-party MCP server |
| SaaS-managed third-party MCP server | Third-party MCP servers hosted by the provider that support customer-provided OAuth or OIDC identity settings | Third-party MCP server, with Access as the OIDC provider |
Use this setup when the MCP server runs on a hostname you control in Cloudflare, but the server code is managed by a third party and already handles its own OAuth flow. In this setup, do not enable Access Managed OAuth. You also do not need to add the MCP server hostname as a public hostname on the generated Access application.
- Ensure the MCP server hostname has Proxy status turned on in Cloudflare DNS.
- In the Cloudflare dashboard ↗, go to Zero Trust > Access controls > AI controls.
- Go to the MCP servers tab.
- Select Add an MCP server.
- Enter a name for the server.
- In HTTP URL, enter the MCP server URL, including the MCP path. For example,
https://mcp.example.com/mcp. - Configure Access policies to define the users who can use the MCP server.
-
Configure how users will authenticate:
Select the identity providers you want to enable for your application.
(Recommended) If you plan to only allow access via a single IdP, turn on Apply instant authentication. End users will not be shown the Cloudflare Access login page. Instead, Cloudflare will redirect users directly to your SSO login event.
- (Optional) Turn on Authenticate with Cloudflare One Client to allow users to authenticate to the application using their Cloudflare One Client session identity.
- Select Save and connect server.
- If the MCP server prompts you to authenticate, complete the third-party OAuth flow.
Use this setup when a third-party provider hosts the MCP server and lets you configure a custom OAuth or OIDC identity provider. In this setup, the MCP server implements the OAuth authorization code flow against Cloudflare Access and receives an access_token that it can use to call downstream services.
The following guide uses a remote MCP server on Cloudflare Workers to show the Access for SaaS setup. For a SaaS-managed server, follow your provider's setup instructions and use the Access for SaaS values created in Step 2. When users connect to the MCP server using an MCP client, they will be prompted to log in to your identity provider and are only granted access if they pass your Access policies.
- Create a Zero Trust organization.
- Configure One-time PIN or connect a third-party identity provider.
To deploy our example MCP server ↗ to your Cloudflare account:
-
Select the following button to launch the quickstart flow:
-
Select the account that contains your Zero Trust organization.
-
On the Create an application page, configure the following fields:
- Git account: Select an existing account or connect a new GitHub or GitLab account.
- Create private Git repository: Choose whether the project repository should be public or private.
- Project name:
mcp-server-cf-access - Select KV namespace: Create new
- Name your KV namespace:
OAUTH_KV
We will configure
ACCESS_CLIENT_IDand the other secret values in a later step. -
Select Create and deploy.
The MCP server will be deployed to your *.workers.dev subdomain at mcp-server-cf-access.<YOUR_SUBDOMAIN>.workers.dev. A new git repository will be set up on your GitHub or GitLab account for your MCP server, configured to automatically deploy to Cloudflare each time you push a change or merge a pull request to the main branch of the repository.
You can use the Wrangler CLI to create the MCP server on your local machine and deploy it to Cloudflare.
-
Open a terminal and clone our example project:
Terminal window npm create cloudflare@latest -- mcp-server-cf-access --template=cloudflare/ai/demos/remote-mcp-cf-accessDuring setup, select the following options: - For Do you want to add an AGENTS.md file to help AI coding tools understand Cloudflare APIs?, choose
No. - For Do you want to use git for version control?, chooseNo. - For Do you want to deploy your application?, chooseNo(we will be making some changes before deploying). -
Go to the project directory:
Terminal window cd mcp-server-cf-access -
Create a Workers KV namespace to store the key. The binding name should be
OAUTH_KVif you want to run the example as written.Terminal window npx wrangler kv namespace create "OAUTH_KV"The command will output the binding name and KV namespace ID:
{"kv_namespaces": [{"binding": "OAUTH_KV","id": "<YOUR_KV_NAMESPACE_ID>"}]} -
Open
wrangler.jsoncin an editor and insert yourOAUTH_KVnamespace ID:JSONC "kv_namespaces": [{"binding": "OAUTH_KV","id": "<YOUR_KV_NAMESPACE_ID>"}], -
You can now deploy the Worker to Cloudflare's global network:
Terminal window npx wrangler deploy
The Worker will be deployed to your *.workers.dev subdomain at mcp-server-cf-access.<YOUR_SUBDOMAIN>.workers.dev.
-
In the Cloudflare dashboard ↗, go to Zero Trust > Access controls > Applications.
-
Select Create new application.
-
Select SaaS application.
-
In Application, enter a custom name (for example,
MCP server) and select the textbox that appears below. -
Select OIDC as the authentication protocol.
-
Select Add application.
-
In Redirect URLs, enter the authorization callback URL for your MCP server. The callback URL for our example MCP server is
https://mcp-server-cf-access.<YOUR_SUBDOMAIN>.workers.dev/callback. -
Copy the following values to input into our example MCP server. Other MCP servers may require different sets of input values.
- Client secret
- Client ID
- Token endpoint
- Authorization endpoint
- Key endpoint
-
(Optional) Under Advanced settings, turn on Refresh tokens if you want to reduce the number of times a user needs to log in to the identity provider.
-
Configure Access policies to define the users who can access the MCP server.
-
Configure how users will authenticate:
Select the identity providers you want to enable for your application.
(Recommended) If you plan to only allow access via a single IdP, turn on Apply instant authentication. End users will not be shown the Cloudflare Access login page. Instead, Cloudflare will redirect users directly to your SSO login event.
- (Optional) Turn on Authenticate with Cloudflare One Client to allow users to authenticate to the application using their Cloudflare One Client session identity.
-
Select Create.
-
Make a
POSTrequest to the Access applications endpoint:
At least one of the following token permissions is required:Required API token permissions
Access: Apps and Policies Write
Add an Access application curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/apps" \--request POST \--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \--json '{"name": "MCP server","type": "saas","saas_app": {"auth_type": "oidc","redirect_uris": ["https://mcp-server-cf-access.<YOUR_SUBDOMAIN>.workers.dev/callback"],"grant_type": ["authorization_code","refresh_tokens"],"refresh_token_options": {"lifetime": "90d"}},"policies": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],"allowed_idps": []}' -
Copy the
client_idandclient_secretreturned in the response. -
Build the OAuth endpoint URLs using your team name and the
client_idreturned in the response:Endpoint URL Token endpoint https://<TEAM_NAME>.cloudflareaccess.com/cdn-cgi/access/sso/oidc/<CLIENT_ID>/tokenAuthorization endpoint https://<TEAM_NAME>.cloudflareaccess.com/cdn-cgi/access/sso/oidc/<CLIENT_ID>/authorizationKey endpoint https://<TEAM_NAME>.cloudflareaccess.com/cdn-cgi/access/sso/oidc/<CLIENT_ID>/jwks
Your MCP server needs to perform an OAuth 2.0 authorization flow to get an access_token from the SaaS app created in Step 2. When setting up the OAuth client on your MCP server, you will need to paste in the OAuth endpoints and credentials from the Access for SaaS app.
To add OAuth endpoints and credentials to our example MCP server:
-
In the Cloudflare dashboard ↗, go to the Workers & Pages page.
Go to Workers & Pages -
Select the
mcp-server-cf-accessWorker. -
Go to Settings.
-
Under Variables and Secrets, update each secret with the corresponding value obtained from the Access for SaaS app.
Workers secret SaaS app field ACCESS_CLIENT_IDClient ID ACCESS_CLIENT_SECRETClient secret ACCESS_TOKEN_URLToken endpoint ACCESS_AUTHORIZATION_URLAuthorization endpoint ACCESS_JWKS_URLKey endpoint -
For
COOKIE_ENCRYPTION_KEY, you can use the following command to generate a random string:Terminal window openssl rand -hex 32Enter the output of this command into
COOKIE_ENCRYPTION_KEY.
-
Create the following Workers secrets:
Terminal window npx wrangler secret put ACCESS_CLIENT_IDnpx wrangler secret put ACCESS_CLIENT_SECRETnpx wrangler secret put ACCESS_TOKEN_URLnpx wrangler secret put ACCESS_AUTHORIZATION_URLnpx wrangler secret put ACCESS_JWKS_URL -
When prompted to enter a secret value, paste the corresponding values obtained from the Access for SaaS app.
Workers secret SaaS app field ACCESS_CLIENT_IDClient ID ACCESS_CLIENT_SECRETClient secret ACCESS_TOKEN_URLToken endpoint ACCESS_AUTHORIZATION_URLAuthorization endpoint ACCESS_JWKS_URLKey endpoint -
Generate a random string for the cookie encryption key:
Terminal window openssl rand -hex 32Store the output of this command in a Workers secret:
Terminal window npx wrangler secret put COOKIE_ENCRYPTION_KEY
You can now connect to your MCP server at https://mcp-server-cf-access.<YOUR_SUBDOMAIN>.workers.dev/mcp using Workers AI Playground ↗, MCP inspector ↗, or other MCP clients that support remote MCP servers.
To test in Workers AI Playground:
-
Go to Workers AI Playground ↗.
-
Under MCP Servers, enter
https://mcp-server-cf-access.<YOUR_SUBDOMAIN>.workers.dev/mcpfor the MCP server URL. -
Select Connect.
-
A popup window will appear requesting access to the MCP server. Select Approve.
-
Follow the prompts to log in to your identity provider.
Workers AI Playground will show a Connected status. The MCP server should successfully obtain an access_token from Cloudflare Access.
To allow the MCP server to make authenticated requests to other self-hosted applications on behalf of the user, create a Linked App Token policy on the downstream application. The MCP server forwards the Cf-Access-Jwt-Assertion header it receives from Access as a Cf-Access-Token header to the downstream application.