Skip to main content

Connector Security and Governance

Every connector inherits MintMCP's security controls, but administrators still choose how the gateway authenticates to downstream services and who may invoke the connector's tools.

Choose the Right Authentication Model

MintMCP supports two primary credential patterns:

  • Per-user credentials: Each member authorizes the downstream service with their own OAuth grant or API token. Use this model when personal entitlements must flow through to the connector (email, calendars, documents, or any service with user-specific permissions). See Per-User Authentication for a deeper explanation.
  • Service accounts: Administrators provision a shared credential that MintMCP stores securely. Members never see the secret; the gateway attaches it when invoking the connector. This model works well for read-only data sources, shared knowledge bases, or internal systems that lack per-user auth. Review Service Account Authentication for details.

The gateway authenticates members first, enforces connector policies, and then forwards either per-user or shared credentials while recording every call.

Enforce Access Through Virtual MCP Servers

Access control happens at the Virtual MCP layer:

  1. Administrators decide which connectors to include in each Virtual MCP server.
  2. They assign the VMCP to the right audiences using the policies covered in Administration.
  3. They curate the available tools and documentation via Tool Customization; two different Virtual MCP servers can expose the same connector's tools differently for different purposes.

Members can only reach a connector after they authenticate to a Virtual MCP server that references it, which keeps policy decisions centralized.

Observability and Audit

All connector traffic flows through MintMCP, so:

  • Requests and responses appear in the Activity Log where security teams can trace usage back to individual members, AI adoption teams can analyze and optimize tool usage, and administrators can monitor for misuse.
  • Connector health states signal whether authentication failures or downstream outages require administrator attention.
  • Logs from hosted / custom connectors are available for troubleshooting (see Hosted Connectors).

Next Steps