Custom MCP connectors
Beyond the built-in integrations, an admin can connect the agent to any remote MCP server directly from the dashboard — no code change or redeploy. Once added, the server’s tools become available to every user’s agent.
This is the same wiring the built-in remote integrations (e.g. Linear, GitHub) use: a remote MCP server reached over HTTP, with an optional auth header.
What you need
A reachable remote MCP server URL (an http(s) endpoint that speaks MCP), and — if it requires auth — an access token to send as a request header.
| Field | Required | Notes |
|---|---|---|
| Name | Yes | A label, e.g. Acme MCP. Slugified into the server key, so its tools appear to the agent as mcp__<slug>. Must be unique and not collide with a built-in provider. |
| Remote MCP server URL | Yes | Must start with http:// or https://. |
| Access token | No | Sent as the value of the auth header. Stored encrypted at rest. |
| Auth header name | No | Defaults to Authorization. Set this if the server expects a different header (e.g. X-Api-Key). |
Adding a connector
- Open the Integrations page in the dashboard (visible to admins).
- Under Custom Connectors, click Add custom connector.
- Enter a Name and the Remote MCP server URL.
- If the server needs auth, expand Advanced settings and enter the access token (and a custom header name if needed).
- Click Add. The agent picks up the new tools on its next session.
The connector now appears in the Custom Connectors list, and its tools (mcp__<slug>) are available to every user. Remove it any time with Remove.
Access & security
- Admin-only. Only admins can add or remove custom connectors. A custom connector grants the agent — for all users — whatever that server exposes, so only add servers you trust.
- Global scope. Custom connectors are available to every user; there is no per-user scoping for them.
- Encrypted credentials. The access token is encrypted at rest. The URL is stored in plain text (it is not a secret).
Authentication
Custom connectors use token / header auth — the access token is sent as a request header on every call to the MCP server. This covers virtually all internal and self-hosted MCP servers.
Servers that require an interactive OAuth login (a browser consent flow) are not supported: the agent runs as a headless, pooled service and cannot complete a per-user browser redirect. Use a server that accepts a static token/header instead.