Frequently Asked Questions (FAQ) about UBOS EntraID MCP Server

Q: What is the UBOS EntraID MCP Server? A: The UBOS EntraID MCP Server (Microsoft Graph FastMCP) is a modular, resource-oriented server designed to simplify interactions with the Microsoft Graph API for managing Microsoft Entra ID (formerly Azure AD). It provides tools for user, group, application, and log management, built with extensibility, maintainability, and security in mind.

Q: What are the key features of the UBOS EntraID MCP Server? A: Key features include a modular resource structure, centralized Graph Client, comprehensive user and group operations, application and service principal management, sign-in log operations, MFA operations, password management, a permissions helper, robust error handling and logging, and a focus on security best practices.

Q: What is MCP (Model Context Protocol) and how does it relate to the UBOS EntraID MCP Server? A: MCP is an open protocol that standardizes how applications provide context to LLMs (Large Language Models). The UBOS EntraID MCP Server acts as a bridge, allowing AI models and applications to access and interact with EntraID through the Microsoft Graph API in a standardized way, providing context for AI operations.

Q: What are some use cases for the UBOS EntraID MCP Server? A: Use cases include automated user provisioning and deprovisioning, group-based access control, security monitoring and threat detection, compliance reporting, self-service password reset, application access management, and AI-powered identity management.

Q: How does the UBOS EntraID MCP Server integrate with the UBOS platform? A: The UBOS EntraID MCP Server seamlessly integrates with the UBOS platform, a full-stack AI Agent development platform. This integration allows organizations to orchestrate AI Agents, connect them with enterprise data, and create custom AI Agents tailored to specific business needs for identity management.

Q: What Microsoft Graph API permissions are required to use the UBOS EntraID MCP Server? A: Required permissions vary depending on the tasks you want to perform. Common permissions include User.Read.All, Group.ReadWrite.All, Application.ReadWrite.All, and AuditLog.Read.All. Refer to the documentation for a complete list based on your specific use case.

Q: How do I install and set up the UBOS EntraID MCP Server? A: You can install the server by cloning the repository, creating a .env file with your Azure AD credentials (Tenant ID, Client ID, Client Secret), and running the server using FastMCP. Detailed instructions are provided in the documentation.

Q: How do I extend the UBOS EntraID MCP Server with new resources? A: To extend the server, add new resource modules under the resources/ directory, register new tools in server.py using the FastMCP @mcp.tool() decorator, and utilize the shared GraphClient for all API calls.

Q: How does the UBOS EntraID MCP Server ensure security? A: The server employs Microsoft best practices for authentication, excludes sensitive data (credentials and secrets) from version control, encourages the use of least privilege permissions, and provides detailed logging for auditing and monitoring.

Q: Can I use the UBOS EntraID MCP Server with Claude or Cursor? A: Yes, the server can be used with both Claude and Cursor. Specific configuration steps for each platform are provided in the documentation, ensuring seamless integration into your development workflow.

Q: What is the license for the UBOS EntraID MCP Server? A: The UBOS EntraID MCP Server is licensed under the MIT License.

Q: Where can I find more information about the FastMCP CLI? A: You can find more information and advanced usage details in the FastMCP documentation.

Q: How do I manage Application and Service Principals with this server? A: The server provides tools to list, create, update, and delete Applications (app registrations) and Service Principals. You can also view app role assignments and delegated permissions for both Applications and Service Principals.

Q: Does the server help with suggesting appropriate Microsoft Graph permissions for common tasks? A: Yes, the server includes a Permissions Helper with tools like suggest_permissions_for_task, list_permission_categories_and_tasks, get_all_graph_permissions, and search_permissions.