--- title: Admin | Keycard description: Configure and operate identity, policy, and access controls for your Keycard deployment. --- Admin is where teams configure and operate Keycard: identity, resource catalogs, access policy, roles, SSO, audit, deployment, and billing. It turns agent access from an ad hoc approval process into rules that enforce themselves. With Admin, you can: - Write permit/forbid policies that evaluate every request, with safe rollback to any previous version - Bring your own IdP so users authenticate through Okta, Auth0, or Google - Assign roles scoped to the organization or individual zones - Add Gmail, GitHub, Slack, and other APIs from the Resource Catalog - Install pre-configured MCP servers from the MCP Catalog, protected by your zone’s identity and policy layer - Gate administrative access behind your corporate SSO ## Get Started GET STARTED Set up your identity provider, from app creation to first login. [Use Okta for Sign InCreate an Okta application and configure it as a provider in your Keycard zone](/admin/tutorials/okta-sign-in/index.md)[Use Auth0 for Sign InCreate an Auth0 application and configure it as a provider in your Keycard zone](/admin/tutorials/auth0-sign-in/index.md) ## Configuration CONFIGURATION Each admin area with setup steps and examples. [Access PoliciesIndividual permit/forbid rules and policy sets that control access across a zone](/admin/access-policies/index.md)[Identity ProvidersConnect your own OAuth 2.0 IdP for zone-level user authentication](/admin/identity-providers/index.md)[Zone AuthenticationConfiguring zone authentication, inviting users, sign up, and troubleshooting](/admin/zone-authentication/index.md)[Roles & PermissionsOrganization and zone roles that control who can manage settings and resources](/admin/roles-and-permissions/index.md)[Single Sign-OnOIDC-based SSO for your team’s access to Keycard Console, with JIT provisioning](/admin/single-sign-on/index.md)[Resource CatalogPre-configured integrations for Gmail, GitHub, Slack, and more, ready to add to your zone](/admin/resource-catalog/index.md)[MCP CatalogInstall pre-configured MCP servers into Cursor, Claude Code, or any MCP client, protected by the Keycard MCP Gateway](/admin/mcp-catalog/index.md) [API Reference](/api/index.md)[Terraform](https://registry.terraform.io/providers/keycardai/keycard/latest/docs)