Add an MCP server with OAuth 2.1

  • Release version: Zurich
  • Updated July 2, 2025
  • 2 minutes to read

    • Add an MCP server with OAuth 2.1 in the AI Agent Studio.

    Before you begin

    Role required: sn_mcp_client.admin

    About this task

    OAuth is the standard method to authenticate MCP servers. If your MCP server supports it, choose OAuth 2.1 as the authentication method.

    Procedure

    1. Navigate to All > AI Agent Studio > Settings.
    2. Navigate to Manage MCP Servers and select New.
    3. On the Add MCP server form, enter a name and the web address for your MCP server.
    4. In the Authentication Type field, select OAuth 2.1.
      Screenshot that shows the Add MCP Server form and its fields.
    5. Select Next.
      The form extends with the registration details.
    6. On the form, fill in the fields.
      The Dynamic Client Registration form auto-populates the field data.
      Note:
      If dynamic registration is supported by the MCP server, you're prompted to confirm the grant type and other inputs. If dynamic registration isn’t supported, you can continue to the Manual Registration method.
      Table 1. Dynamic Client Registration form
      Field Description
      Grant Type How you want to obtain an access token when accessing protected resources.
      The following options are available:
      • Authorization Code: A system-generated code used for granting access to an application or resource.
      • Client Credentials: An access token provided by the administrator to access the application directly.
      Token Authentication Method Method using which the client credentials are sent when requesting tokens from the Authorization server.
      Auth Scopes Specific permissions for an application.
      Note:
      The Auth scopes must be comma-separated values.
      Authentication Token for Client Registration Authentication token used to verify the identity of the client and grant it permission to register with an authorization token.
      Provide the following values:
      • Header: Authorization header.
      • Value: Authentication password.
      Authorization URL Web address of your server to direct authorization.
      Token URL Web address containing the token.
      Token Revocation URL Web address to revoke the previously provided token in the Authentication Token for Client Registration field.
      Dynamic client registration form with auto-populated data in the form fields.
      The MCP server with dynamic client registration is added as a simple connection and credential alias.
    7. On the form, fill in the fields.
      Note:
      • If your MCP server doesn’t support dynamic client registration, then you can register the OAuth client for AI agents in your MCP server manually and update those client details in AI Agent Studio.
      • The manual registration doesn’t auto-populate the field data and must be manually provided.
      Table 2. Manual Registration form
      Field Description
      Grant Type How you want to obtain an access token when accessing protected resources.
      The following options are available:
      • Authorization Code: A system-generated code used for granting access to an application or resource.
      • Client Credentials: An access token provided by the administrator to access the application directly.
      Token Authentication Method Method using which the client credentials are sent when requesting tokens from the Authorization server.
      Client ID Unique ID for authentication and authorization purposes.
      Client Secret Unique credentials used for authentication.
      Auth Scopes Specific permissions for an application.
      Note:
      The Auth scopes must be comma-separated values.
      Authentication Token for Client Registration Authentication token used to verify the identity of the client and grant it permission to register with an authorization token.
      Provide the following values:
      • Header: Authorization header.
      • Value: Authentication password.
      Authorization URL Web address of your server to direct authorization.
      Token URL Web address containing the token.
      Token Revocation URL Web address to revoke the previously provided token.
      Manual client registration for an OAuth MCP Server.
    8. Select Add.
      You're redirected to the MCP Server record to authenticate the MCP server for adding an MCP tool to an AI agent.
    9. Select Authenticate.
    10. In the third-party authorization page, select Authorize.
      Note:
      When OAuth access or refresh tokens aren’t available, you must authenticate the OAuth configuration on the MCP server record to add it as an AI agent tool.