Overview
The AIC MCP Server is an open-source TypeScript tool that enables AI assistants to interact with PingOne Advanced Identity Cloud environments. It implements the Model Context Protocol (MCP), exposing 40+ tools that wrap PingOne Advanced Identity Cloud’s REST APIs as MCP-compatible functions.
Instead of manually navigating the admin console or hand-crafting API requests, describe what you want in natural language. Your AI agent translates your intent to the right MCP tools, the server handles the API calls and authentication, and returns results your agent can present in natural language.
|
The AIC MCP Server is currently available for Sandbox and Development PingOne Advanced Identity Cloud tenants only. It is not enabled for production environments. |
What is an MCP server?
The Model Context Protocol (MCP) is a specification that allows AI agents to discover and interact with external tools and services. MCP servers provide non-deterministic agents with deterministic actions and outcomes, based on natural language input.
The AIC MCP Server implements this protocol, exposing your PingOne Advanced Identity Cloud environment’s APIs as a set of "tools" the AI can use. When you type a prompt, the agent translates the intent to an action and maps that action to the appropriate tool.
Use cases
The AIC MCP Server enhances developer productivity by enabling AI-assisted operations for routine tasks. Developers don’t have to context switch or learn the PingOne Advanced Identity Cloud admin console to develop faster, test faster, and debug faster.
Example prompts
| Category | Example prompts |
|---|---|
Journey management |
"Show me the Login journey", "Create a new MFA journey", "Add a scripted decision node to the registration flow", "Set Login as the default journey" |
Authentication customization |
"Create a branded theme with our corporate colors", "Show me all themes in production", "Set the new theme as default" |
Audit and monitoring |
"Show me failed login attempts in the last hour", "Find all logs for transaction abc-123", "What log sources are available?" |
Identity operations |
"Find all users with admin in their username", "Create a new developer role", "Update the email for user xyz123" |
Application management |
"Create a new OIDC application called MyApp with authorization code grant", "List all OAuth 2.0 applications", "Update the redirect URIs for MyApp" |
Feature enablement |
"What optional features are available?", "Enable the password policy feature", "Show me all currently enabled features" |
Configuration management |
"List all environment variables", "Create a new API key variable", "Update the database connection string" |
Key features
-
Natural language interaction: Interact with PingOne Advanced Identity Cloud from whichever AI tool you use daily. No need to switch to the admin console or write API scripts.
-
Secure authentication: Supports OAuth 2.0 PKCE flow for local deployment and Device Code Flow for containerized deployment. All actions are user-based and auditable. Tokens are stored securely in the OS keychain.
-
Broad tool support: Full CRUD operations against any managed object type in your environment (users, roles, groups, organizations, and custom types), authentication journey and script management, theme customization, advanced log querying, and environment variable configuration.