---
title: Try it out
description: Install and configure the DaVinci MCP Server to interact with your PingOne DaVinci environment using natural language.
component: build-with-ai
page_id: build-with-ai:davinci-mcp-server:getting-started
canonical_url: https://developer.pingidentity.com/build-with-ai/davinci-mcp-server/getting-started.html
revdate: May 1, 2026
keywords: ["MCP", "getting started", "install", "configure", "DaVinci", "PingOne"]
section_ids:
  prerequisites: Prerequisites
  setup: Setup
  1-create-a-pingone-worker-application: 1. Create a PingOne worker application
  2-assign-a-role-to-the-authenticating-user: 2. Assign a role to the authenticating user
  3-configure-environment-variables: 3. Configure environment variables
  install: Install
  quick-install: Quick install
  manual-install-npx: Manual install (NPX)
  start-using-the-davinci-mcp-server: Start using the DaVinci MCP Server
  next-steps: Next steps
---

# Try it out

Connect the DaVinci MCP Server to your MCP client.

## Prerequisites

Before you start, make sure you have:

* [Node.js 22.0.0+](https://nodejs.org/en/download/package-manager)

* A licensed or trial [PingOne subscription](https://www.pingidentity.com/en/try-ping.html)

* DaVinci enabled in your environment: in the PingOne admin console, go to **Environments** > **Your Environment** > **Services** and ensure **DaVinci** is listed and active.

* An MCP-compatible client, such as:

  * IDEs: [VS Code](https://code.visualstudio.com) with GitHub Copilot, [Cursor](https://cursor.com)

  * CLIs: [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude-code/overview), [Gemini CLI](https://github.com/google-gemini/gemini-cli)

  * Desktop apps: [Claude Desktop](https://claude.ai/download)

## Setup

### 1. Create a PingOne worker application

The DaVinci MCP Server requires a worker application to authenticate with the PingOne APIs.

1. In the [PingOne admin console](https://admin.pingone.com), select the environment where DaVinci is enabled.

2. Click **Applications** > **Applications** in the left navigation menu.

3. Click **+ Add Application** and select **Worker**.

   1. Enter the following:

      * **Name:** For example, `DaVinci MCP Server`.

      * **Description:** Optional.

   2. Click **Save**.

   3. Enable the application using the toggle at the top right of the details panel.

4. On the **Configuration** tab, click the **Edit** [icon: pencil, set=fa]icon and set:

   * **Grant Types:** `Authorization Code`

   * **Response Type:** `Code`

   * **PKCE Enforcement:** `S256_REQUIRED`

   * **Redirect URIs:** `http://127.0.0.1:7474/callback`

   * **Token Endpoint Authentication Method:** `None` (Public Client)

5. Click **Save**.

6. Copy the **Client ID** from the **Configuration** tab.

   |   |                                                                                                                                                       |
   | - | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You'll need this for `AUTHORIZATION_CODE_CLIENT_ID`. This identifies the PingOne worker application your MCP client uses during OAuth authentication. |

7. Copy the **Environment ID** from the URL or environment settings.

   |   |                                                                                                                                                                     |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | You'll need this for `DAVINCI_MCP_ENVIRONMENT_ID`. This is the UUID of the target PingOne environment that contains the DaVinci resources the server should access. |

### 2. Assign a role to the authenticating user

1. In the PingOne admin console, click **Directory** > **Users**.

2. Create a new user or select an existing one.

3. Navigate to the user's **Roles** tab and click **Grant Roles**.

4. Search for and select **DaVinci Admin Read Only**. Click **Save**.

### 3. Configure environment variables

The server reads the following environment variables. You can set these in your MCP client configuration:

| Variable                       | Description                                                                                                                                       | Example                                                      |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ |
| `DAVINCI_MCP_ENVIRONMENT_ID`   | The UUID of the PingOne environment that contains your DaVinci resources. The server uses this to target API requests to the correct environment. | `a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6`                       |
| `AUTHORIZATION_CODE_CLIENT_ID` | The client ID of your PingOne worker application.                                                                                                 | `your-client-id`                                             |
| `ROOT_DOMAIN`                  | The regional PingOne domain. Refer to [Regional and custom domain support](authentication.html#regional-and-custom-domain-support).               | `pingone.com` (NA), `pingone.eu` (EU), `pingone.asia` (APAC) |
| `CUSTOM_DOMAIN`                | (Optional) Your custom PingOne domain. Refer to [Regional and custom domain support](authentication.html#regional-and-custom-domain-support).     | `auth.example.com`                                           |

## Install

### Quick install

Use the one-click install links for the fastest setup:

When prompted for an environment ID, enter the target PingOne environment UUID, not your worker application client ID.

[![Install in VS Code Workspace](https://img.shields.io/badge/VS_Code-Install_in_Workspace-0098FF?style=flat-square\&logo=visualstudiocode\&logoColor=white)](https://vscode.dev/redirect/mcp/install?name=davinci\&inputs=%5B%7B%22type%22%3A%22promptString%22%2C%22id%22%3A%22davinci_environment_id%22%2C%22description%22%3A%22The%20ID%20of%20your%20PingOne%20environment%22%2C%22password%22%3Afalse%7D%2C%7B%22type%22%3A%22promptString%22%2C%22id%22%3A%22authorization_code_client_id%22%2C%22description%22%3A%22The%20Client%20ID%20of%20your%20PingOne%20Worker%20Application%22%2C%22password%22%3Afalse%7D%2C%7B%22type%22%3A%22promptString%22%2C%22id%22%3A%22root_domain%22%2C%22description%22%3A%22The%20regional%20PingOne%20domain%20%28e.g.%2C%20pingone.com%2C%20pingone.eu%2C%20pingone.asia%29%22%2C%22password%22%3Afalse%7D%5D\&config=%7B%22type%22%3A%22stdio%22%2C%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22-y%22%2C%22%40ping-identity%2Fdavinci-mcp-server%22%2C%22start%22%5D%2C%22env%22%3A%7B%22DAVINCI_MCP_ENVIRONMENT_ID%22%3A%22%24%7Binput%3Adavinci_environment_id%7D%22%2C%22AUTHORIZATION_CODE_CLIENT_ID%22%3A%22%24%7Binput%3Aauthorization_code_client_id%7D%22%2C%22ROOT_DOMAIN%22%3A%22%24%7Binput%3Aroot_domain%7D%22%7D%7D)

|   |                                                                                                                                                                                                                                                                                                                         |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Before clicking the install button, open VS Code with a project or working directory. When the MCP server panel opens, click **Install in Workspace**. The **Install** button may be unresponsive.![VS Code MCP server panel showing Install and Install in Workspace buttons](_images/vscode-install-in-workspace.png) |

[![Install MCP Server](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en-US/install-mcp?name=davinci\&config=eyJlbnYiOnsiREFWSU5DSV9NQ1BfRU5WSVJPTk1FTlRfSUQiOiI8PHBhc3RlIGVudmlyb25tZW50IFVVSUQgaGVyZT4+IiwiQVVUSE9SSVpBVElPTl9DT0RFX0NMSUVOVF9JRCI6Ijw8cGFzdGUgY2xpZW50IElEIFVVSUQgaGVyZT4+IiwiUk9PVF9ET01BSU4iOiI8PHBhc3RlIHJvb3QgZG9tYWluIGhlcmUgKGUuZy4sIHBpbmdvbmUuY29tKT4+In0sImNvbW1hbmQiOiJucHggLXkgQHBpbmctaWRlbnRpdHkvZGF2aW5jaS1tY3Atc2VydmVyIHN0YXJ0In0%3D)

### Manual install (NPX)

Add the following to your MCP client configuration, replacing the placeholder values with your actual credentials. Set `DAVINCI_MCP_ENVIRONMENT_ID` to the UUID of the PingOne environment you want the server to query:

```json
{
  "mcpServers": {
    "davinci": {
      "command": "npx",
      "args": ["-y", "@ping-identity/davinci-mcp-server", "start"],
      "env": {
        "DAVINCI_MCP_ENVIRONMENT_ID": "your-environment-id",
        "AUTHORIZATION_CODE_CLIENT_ID": "your-client-id",
        "ROOT_DOMAIN": "pingone.com"
      }
    }
  }
}
```

For client-specific configuration formats, CLI flags, and advanced examples, refer to [Client configuration](client-configuration.html).

## Start using the DaVinci MCP Server

1. Restart your MCP client after adding the configuration.

2. Run a read tool such as `list_flows`, `list_applications`, or `list_connectors` to trigger authentication. Your browser opens automatically.

3. Log in with the PingOne user you assigned the **DaVinci Admin Read Only** role.

4. After authenticating, your MCP client can interact with your DaVinci environment.

Try prompts like:

* "List all DaVinci flows in my environment"

* "Show me the details of the Login flow"

* "What connectors are available?"

* "List all DaVinci applications"

## Next steps

* [Configure your MCP client or filter tools](client-configuration.html)

* [View the full list of tools the server provides](available-tools.html)

* [Learn more about the authentication model](authentication.html)

* [Understand the security considerations](security.html)