Manage users, app access, roles, and authentication through the OneLogin API.
This MCP tool comes from an official registry, is open source, and has recent maintenance, which supports relatively good supply-chain trust. The main concerns are the required OneLogin client credentials and local process execution; based on the provided materials, no concrete high-risk red flags are evident, so the overall posture is cautionary rather than high risk.
It requires ONELOGIN_URL, ONELOGIN_CLIENT_ID, and ONELOGIN_CLIENT_SECRET; the client secret is sensitive. If exposed, it could be used to access or manage users, apps, roles, and authentication-related resources in the OneLogin tenant.
No fixed remote host is listed, but the tool explicitly manages identity resources via the OneLogin API, which implies network requests to the OneLogin endpoint specified by ONELOGIN_URL and transmission of related administrative data. There is no evidence in the materials of exfiltration to unrelated or unknown third-party endpoints.
The system checks indicate it executes code / runs a local MCP server process, which is a normal capability for this class of tool. The provided materials do not show requests for system privileges beyond its stated purpose, nor suspicious command execution or lateral-control behavior.
By description, it can manage users, apps, roles, and authentication in OneLogin. This is administrative in scope and can have significant impact, but it is aligned with the stated functionality. The materials do not indicate extra read/write access to local sensitive files or clear signs of overbroad authorization.
It comes from an official registry and has an open-source repository with updates within the last year; these are strong positive supply-chain signals. While the low star count and undeclared license reduce some transparency and adoption confidence, the available materials still do not show high-risk red flags such as closed source, abandonment, or suspicious distribution.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "io.github.onelogin/onelogin-mcp" MCP server from askskill: Run: claude mcp add 'io-github-onelogin-onelogin-mcp' -- npx -y @onelogin/onelogin-mcp
Use the OneLogin MCP to bulk create accounts for these new employees, assign default roles by department, and return the creation results with failure reasons: Zhang San - Sales, Li Si - Engineering, Wang Wu - Support.
A report showing each employee’s account creation status, assigned role, and any failure details.
List all authorized users and roles for the finance system in OneLogin, and identify accounts that still have access but have not logged in during the last 90 days.
A finance app access list with suspicious accounts flagged for permission revocation.
Check the currently enabled authentication policies in OneLogin, summarize MFA, password policy, and suspicious login settings, and point out potential risks.
A summary of authentication settings with key security risks and optimization recommendations.
Securely manage OAuth 2.0 tokens for MCP applications.
Access and read ONES documents in intranet environments with authentication support.
Manage Okta users, access, apps, and audit logs with natural language.
Manage Authlete services and clients, and search API specs with natural language.
Integrate Onfido KYC flows to manage applicants, documents, checks, and workflows.
Read Auth0 resources and configuration for fast identity environment reviews.