Custom MCP connectors

Beyond the built-in integrations, an admin can connect the agent to any remote MCP server directly from the dashboard — no code change or redeploy. Once added, the server’s tools become available to every user’s agent.

This is the same wiring the built-in remote integrations (e.g. Linear, GitHub) use: a remote MCP server reached over HTTP, with an optional auth header.

What you need

A reachable remote MCP server URL (an http(s) endpoint that speaks MCP), and — if it requires auth — an access token to send as a request header.

FieldRequiredNotes
NameYesA label, e.g. Acme MCP. Slugified into the server key, so its tools appear to the agent as mcp__<slug>. Must be unique and not collide with a built-in provider.
Remote MCP server URLYesMust start with http:// or https://.
Access tokenNoSent as the value of the auth header. Stored encrypted at rest.
Auth header nameNoDefaults to Authorization. Set this if the server expects a different header (e.g. X-Api-Key).

Adding a connector

  1. Open the Integrations page in the dashboard (visible to admins).
  2. Under Custom Connectors, click Add custom connector.
  3. Enter a Name and the Remote MCP server URL.
  4. If the server needs auth, expand Advanced settings and enter the access token (and a custom header name if needed).
  5. Click Add. The agent picks up the new tools on its next session.

The connector now appears in the Custom Connectors list, and its tools (mcp__<slug>) are available to every user. Remove it any time with Remove.

Access & security

  • Admin-only. Only admins can add or remove custom connectors. A custom connector grants the agent — for all users — whatever that server exposes, so only add servers you trust.
  • Global scope. Custom connectors are available to every user; there is no per-user scoping for them.
  • Encrypted credentials. The access token is encrypted at rest. The URL is stored in plain text (it is not a secret).

Authentication

Custom connectors use token / header auth — the access token is sent as a request header on every call to the MCP server. This covers virtually all internal and self-hosted MCP servers.

Servers that require an interactive OAuth login (a browser consent flow) are not supported: the agent runs as a headless, pooled service and cannot complete a per-user browser redirect. Use a server that accepts a static token/header instead.