Skip to main content

How to deploy MCP Manager to your team

MCP Manager
Updated

Overview

Rolling out MCP Manager to your organization works best when you plan your structure before inviting anyone. This guide walks through the recommended deployment process from start to finish: designing your team and gateway layout, bulk-inviting users, and configuring the universal gateway URL so everyone connects through a single endpoint. It also covers what happens on the user's end when they receive their invitation, and what to expect when you add new MCP servers after deployment.

Step 1: Plan Your Teams and Gateways

Before inviting a single user, take the time to map out your team structure and gateway assignments. Changing these later is straightforward, but getting the initial layout right means fewer disruptions and less reconfiguration down the line.

Identify Your User Groups

Start by listing the distinct groups in your organization that need access to AI tools, and what each group needs. Consider:

  • Which departments or functions need AI tool access? Engineering, product, support, data science, marketing — each may need different MCP servers and tools.
  • Are there sensitivity differences? Some groups may need access to tools with write or delete capabilities (e.g., database admin tools, deployment triggers), while others only need read access. Plan separate teams and gateways for high-risk vs. standard access.
  • Do any users span multiple groups? A user can belong to more than one team, so someone who works across engineering and data science can be a member of both teams and access both sets of gateways.

Map Teams to Gateways

For each group you identified, decide which gateways they need and which MCP servers each gateway should include. A common starting layout might look like:

  • Engineering team → Engineering gateway (GitHub, Jira, internal docs, CI/CD tools)
  • Product team → Product gateway (Jira, Confluence, analytics tools)
  • Support team → Support gateway (Zendesk, knowledge base, CRM — read-only where possible)

Write this plan down. You'll use it in the next two steps when creating teams and gateways in MCP Manager.

Step 2: Create Teams and Gateways

With your plan in hand, set up the infrastructure in MCP Manager before inviting users. This ensures that when people arrive, their access is already configured and waiting.

Create Teams

  1. Navigate to the People section in the left navigation panel.
  2. Switch to the Teams tab and click Create Team.
  3. Give the team a clear, descriptive name (e.g., "Engineering," "Product," "Support"). You'll select this name when inviting users, so make it recognizable.
  4. Repeat for each team in your plan.

Create Gateways

  1. Navigate to the Gateways section in the left navigation panel and click Create Gateway.
  2. Name the gateway to match the team it serves (e.g., "Engineering Gateway").
  3. Assign the gateway to the appropriate team. You can do this from the gateway's settings page or from the team's page in the People section — both produce the same result.
  4. Add your MCP servers to the gateway and configure tool allowlists for each server. This controls which tools from each server are exposed through this gateway.
  5. Repeat for each gateway in your plan.

At this point, your teams exist, your gateways are configured with the right servers and tools, and team–gateway assignments are in place. Everything is ready for users.

Step 3: Bulk Invite Users

With your structure in place, you can now invite users in bulk — team by team.

  1. Navigate to the People section and click Add new users.
  2. In the invitation modal, paste comma-separated email addresses for everyone on the team and role you're onboarding. For example: jbrown@company.com, ssmith@company.com, ajones@company.com
  3. Select the team(s) these users should belong to. You can select multiple teams if this batch of users needs access to more than one gateway.
  4. Select the role for these users. All users in a single batch receive the same role — if you need to assign different roles, send separate invitations.
  5. Click Send via email. Each person receives an invitation email immediately.

Repeat this for each team in your plan. Since all gateway and team assignments are already configured, invited users will have the correct access the moment they complete their account setup.

What Happens on the User's End

Understanding the end-user experience helps you support your team during rollout and write better internal onboarding documentation.

The Invitation Email

Each invited user receives an email with the subject line "[Your Name] has invited you to work with them in MCP Manager". The email identifies who sent the invitation, which workspace they're joining, and includes a "Join Now" button.

Account Setup

Clicking "Join Now" takes the user to the MCP Manager registration page, where they:

  1. Confirm their email address (pre-filled from the invitation).
  2. Enter their first name and last name.
  3. Accept the Terms of Use and Privacy Policy.

That's it. Once they submit, their account is activated with the team membership and role you assigned during the invitation.

Connecting in Claude

After account setup, the user connects their AI client (e.g., Claude) to MCP Manager. The process looks like this:

  1. In Claude, the user adds a new MCP integration and enters the gateway URL provided by their administrator.
  2. Claude opens a browser window prompting the user to log in to MCP Manager. The user enters their email address and receives a verification code (the same email-based authentication used during account setup).
  3. After authentication, the user sees a dropdown list of their assigned gateways — only the gateways linked to their teams appear here.
  4. The user selects a gateway and clicks Allow to authorize the connection.

The connection is now established. The user's Claude session immediately has access to all the tools exposed through that gateway, and they can start using them right away.

The Universal Single-Gateway URL

MCP Manager supports a deployment model where every user in your organization connects to the same gateway URL, regardless of which team they belong to or which gateway they need. This dramatically simplifies deployment, especially in large organizations.

How It Works

Every gateway in MCP Manager is accessible through a base URL:

https://mcp.mcpmanager.ai/gateway/v1/mcp

When a user connects to this URL and authenticates, MCP Manager identifies who they are and which teams they belong to. If the user has access to multiple gateways, they're shown a dropdown to select the one they want. If they only have access to a single gateway, the connection is made automatically.

You can also construct a gateway-specific URL by appending a query parameter:

https://mcp.mcpmanager.ai/gateway/v1/mcp?gateway=CSO-xxxxxxxx

This pre-selects a specific gateway, skipping the dropdown. However, for most deployments, the base URL without parameters is the better choice.

Why This Matters for Deployment

The universal URL approach means you only need to distribute one URL to your entire organization. There's no need to send different URLs to different teams, maintain a mapping of which team gets which URL, or update URLs when gateway assignments change. Everyone connects to the same endpoint, and MCP Manager handles the routing based on their identity and team membership.

This is especially powerful when combined with a managed deployment tool. If your organization uses a configuration management system to push Claude settings to employee machines, you configure a single MCP connector with the universal gateway URL once — and it works for every user, regardless of team. Each person authenticates individually and gets access to exactly the gateways their team membership permits.

Adding New MCP Servers After Deployment

One of the practical advantages of MCP Manager's gateway architecture is that adding new capabilities doesn't require your users to do anything.

Automatic Tool Discovery

When you add a new MCP server to an existing gateway and configure its tool allowlist, MCP Manager automatically discovers the server's available tools and makes them available through the gateway. Users who are connected to that gateway will see the new tools on their next Claude session restart — no reconnection or reconfiguration needed on their end.

This means you can iteratively expand your organization's AI capabilities over time. Start with a few core integrations, then add more as you identify needs — your users pick up the new tools automatically.

The Exception: Individual OAuth Authentication

The one scenario where users will need to take action is when a newly added MCP server uses individual (personal) OAuth authentication — meaning each user authenticates with their own identity against the upstream service (e.g., connecting to GitHub with their personal GitHub account).

In this case, MCP Manager can't establish the upstream connection on the user's behalf. The user will need to go through an OAuth authorization flow for that specific server. MCP Manager prompts them to do this the next time they use a tool from that server.

Servers that use a shared identity (a single API key or service account configured by an administrator) don't require any user action — they're available immediately after being added to the gateway.

Removing or Modifying Servers

The same seamless experience applies when you remove a server from a gateway or change its tool allowlist. Changes take effect without requiring users to reconnect. Tools that are removed from the allowlist simply stop appearing in the user's Claude session after their next session restart, and tools that are added appear automatically.

Deployment Checklist

Use this checklist to track your rollout progress:

  1. Plan — List your teams, gateways, server assignments, and tool allowlists on in a shared document before touching MCP Manager.
  2. Create teams — In the People section, create all planned teams.
  3. Create roles — Set up any custom roles beyond the defaults if your organization needs fine-grained administrative permissions.
  4. Add MCP servers — Register all MCP servers you plan to use, including configuring their authentication (shared API keys or OAuth).
  5. Create gateways — Create each gateway, assign it to its team, add the relevant MCP servers, and configure tool allowlists.
  6. Test — Invite yourself (or a small pilot group) and walk through the full flow: receive the email, set up the account, connect in Claude, and verify that the correct tools appear.
  7. Bulk invite — Invite users team by team, assigning the correct teams and roles.
  8. Distribute the gateway URL — Share the universal gateway URL with your organization. For managed deployments, push the Claude MCP connector configuration to all machines.
  9. Monitor — Use the Reporting and Logging sections in MCP Manager to verify that users are connecting successfully and tools are being used as expected.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk