Skip to main content
Version: 19.x (unreleased)

Machine & Workload Identity with MCP Access

Report an issue with this page

Teleport protects and control access to Model Context Protocol (MCP) servers. Machine & Workload Identity (MWI) can then be used to grant machines and workloads secure and short-lived access to these MCP servers without the need for long-lived static secrets.

In this guide, you will configure tbot to produce short-lived credentials that can be used by an MCP client to access MCP servers enrolled within your Teleport cluster.

This guide focuses on granting machines access to MCP servers. If you wish to grant human users access to MCP servers, you should instead refer to the MCP Access with Stdio MCP Server guide.

How it works

The Teleport Application Access agent is deployed in front of the MCP server that you wish to protect access to. This agent is responsible for enforcing access control based on roles configured in Teleport.

The Machine & Workload Identity agent, tbot, is installed on the machine that will require access to the MCP server. It is responsible for authenticating to the Teleport cluster and producing an identity file that can be used by the MCP client to access the MCP server through the Teleport Proxy.

Prerequisites

  • A running Teleport cluster. If you want to get started with Teleport, sign up for a free trial or set up a demo environment.

  • The tctl and tsh clients.

    Installing tctl and tsh clients

    1. Determine the version of your Teleport cluster. The tctl and tsh clients must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at /v1/webapi/find and use a JSON query tool to obtain your cluster version. Replace teleport.example.com:443 with the web address of your Teleport Proxy Service:

      TELEPORT_DOMAIN=teleport.example.com:443
      TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')"

    2. Follow the instructions for your platform to install tctl and tsh clients:

      Download the signed macOS .pkg installer for Teleport, which includes the tctl and tsh clients:

      curl -O https://cdn.teleport.dev/teleport-${TELEPORT_VERSION?}.pkg

      In Finder double-click the pkg file to begin installation.

      danger

      Using Homebrew to install Teleport is not supported. The Teleport package in Homebrew is not maintained by Teleport and we can't guarantee its reliability or security.

  • If you have not already connected your MCP server to Teleport, follow the MCP Getting Started guide.
  • To check that you can connect to your Teleport cluster, sign in with tsh login, then verify that you can run tctl commands using your current credentials. For example, run the following command, assigning teleport.example.com to the domain name of the Teleport Proxy Service in your cluster and [email protected] to your Teleport username: 
    tsh login --proxy=teleport.example.com --user=[email protected]
    tctl status
    Cluster  teleport.example.com
    Version  19.0.0-dev
    CA pin   sha256:abdc1245efgh5678abdc1245efgh5678abdc1245efgh5678abdc1245efgh5678
    If you can connect to the cluster and run the tctl status command, you can use your current credentials to run subsequent tctl commands from your workstation. If you host your own Teleport cluster, you can also run tctl commands on the computer that hosts the Teleport Auth Service for full permissions.
  • tbot and tsh must already be installed and configured on the machine that will access MCP servers. For more information, see the deployment guides.

Step 1/3. Configure RBAC

First, Teleport must be configured to allow the credentials produced by the bot to access MCP servers in your infrastructure. This is done by creating a role that specifies label matchers for the MCP server that you want to grant access to, and, specifying with tools within the MCP server that should be accessible.

In our example, we will grant access to an MCP server that has been labelled with env: dev and allow access to all tools within that MCP server.

Create a file named role.yaml with the following content:

kind: role
version: v6
metadata:
  name: example-role
spec:
  allow:
    app_labels:
      'env': 'dev'
    mcp:
      tools: ['*']

Replace example-role with a descriptive name related to your use case, adjust the app_labels to match the labels of your MCP server, and modify the mcp.tools field to specify which tools you want to allow access to.

Use tctl create -f ./role.yaml to create the role.

tip

You can also create and edit roles using the Web UI. Go to Access -> Roles and click Create New Role or pick an existing role to edit.

Now, use tctl bots update to add the role to the Bot. Replace example with the name of the Bot you created in the deployment guide and example-role with the name of the role you just created:

tctl bots update example --add-roles example-role

Step 2/3. Configure tbot

Next, you'll configure tbot to output an identity file. This identity file will then be used by the MCP client to authenticate to Teleport. This is done using the identity service type.

The service will need to be configured with a destination. In this example, the directory type will be used. This will write artifacts to the specified directory on disk. Ensure that this directory is writable by the user that tbot runs as, and that it can be read by the Linux user that the MCP client will be running as.

Modify your tbot configuration to add an identity service:

services:
  - type: identity
    allow_reissue: true
    destination:
      type: directory
      path: /opt/machine-id

Ensure that you replace /opt/machine-id with the directory you have chosen.

If operating tbot as a background service, restart it. If running tbot in one-shot mode, it must be executed before you attempt to use the credentials.

Step 3/3. Connect your MCP client

You can now configure your MCP client to use the credentials produced by tbot to access MCP servers. The exact steps you need to take will depend on the MCP client you are using.

For compatibility with LangGraph, use the langchain-mcp-adapters package. This package implements an MCP client and exposes the tools from an MCP server in the same way as tools defined natively in Python.

Instantiate a MultiServerMCPClient and configure it to call tsh mcp connect with the identity file produced by tbot:

    from langchain_mcp_adapters.client import MultiServerMCPClient
    client = MultiServerMCPClient({
        "my-mcp-server": {
            "command": "tsh"
            "args": [
                "mcp",
                "connect",
                "-i", "/opt/machine-id/identity",
                "--proxy", "example.teleport.sh:443",
                "my-mcp-server",
            ],
            "transport": "stdio",
        },
    })
    tools = await client.get_tools()

Modify the example values to match your environment:

  • /opt/machine-id/identity with the path to the identity file produced by tbot.
  • example.teleport.sh:443 with the address of your Teleport proxy.
  • my-mcp-server with the name of your MCP server as enrolled in Teleport.

See the LangGraph documentation for further details.

Next steps