---
title: MCP Catalog | Keycard
description: Use Keycard's built-in MCP Catalog to install pre-configured MCP servers protected by your zone's identity and policy layer
---

The **MCP Catalog** is a built-in collection of **official MCP servers published by providers like Linear, Sentry, Notion, and more**. These aren’t community forks — each server is built and maintained by the provider itself. When you install a server from the catalog, the **Keycard MCP Gateway** sits in front of the official remote MCP server and gives you a protected URL to use instead — enforcing your zone’s identity provider, [access policies](/console/access-policies/index.md), and [audit logging](/console/audit-log-export/index.md) on every tool call.

## What’s in the Catalog

![Ahrefs](https://assets.keycard.ai/catalog/brands/ahrefs.svg)

Ahrefs api.ahrefs.com/mcp/mcp

SEO data — backlink analysis, keyword research, organic traffic, site audits, and competitive intelligence

108 tools

![Amplitude](https://assets.keycard.ai/catalog/brands/amplitude.svg)

Amplitude mcp.amplitude.com/mcp

Product analytics — experiments, user behavior, dashboards, cohorts, and feature flags

35 tools

![Apify](https://assets.keycard.ai/catalog/brands/apify.svg)

Apify mcp.apify.com

Discover and run web scraping Actors, access datasets, and automate data extraction

8 tools

![Atlassian](https://assets.keycard.ai/catalog/brands/atlassian.svg)

Atlassian mcp.atlassian.com/v1/mcp

Jira issues, Confluence pages, and Compass components — search, create, and manage across products

26 tools

![Attio](https://assets.keycard.ai/catalog/brands/attio.svg)

Attio mcp.attio.com/mcp

CRM workspace — search, create, and update people, companies, deals, tasks, and pipeline

33 tools

![Axiom](https://assets.keycard.ai/catalog/brands/axiom.svg)

Axiom mcp.axiom.co/mcp

Query and analyze observability data — logs, traces, dashboards, and monitors

17 tools

![Close](https://assets.keycard.ai/catalog/brands/close.svg)

Close mcp.close.com/mcp

Sales CRM — search leads, manage opportunities and pipelines, and track activities

30 tools

![Cloudflare](https://assets.keycard.ai/catalog/brands/cloudflare.svg)

Cloudflare mcp.cloudflare.com/mcp

Manage DNS zones, Workers scripts, security configurations, analytics, and account resources

2 tools

![Granola](https://assets.keycard.ai/catalog/brands/granola.svg)

Granola mcp.granola.ai/mcp

AI meeting notes — query meetings, browse folders, retrieve details, and access full transcripts

5 tools

![Linear](https://assets.keycard.ai/catalog/brands/linear.svg)

Linear mcp.linear.app/mcp

Issue tracking, project management, cycles, and documents for engineering teams

42 tools

![Neon](https://assets.keycard.ai/catalog/brands/neon.svg)

Neon mcp.neon.tech/mcp

Serverless Postgres — branching, SQL queries, schema management, and migrations

29 tools

![Notion](https://assets.keycard.ai/catalog/brands/notion.svg)

Notion mcp.notion.com/mcp

Search, create, and manage pages, databases, and content across your workspace

14 tools

![Sentry](https://assets.keycard.ai/catalog/brands/sentry.svg)

Sentry mcp.sentry.dev/mcp

Investigate errors, analyze stack traces, review performance, and manage issues

13 tools

More servers coming soon

Note

The catalog is regularly updated with new MCP servers.

## Why the Keycard MCP Gateway Matters

Without Keycard, connecting to a remote MCP server means each user authenticates independently with no centralized visibility into what tools are being used or by whom.

The **Keycard MCP Gateway** sits between your development tools and the remote MCP server, providing:

- **Identity-based access** - users authenticate with your zone’s identity provider (e.g., Okta, Auth0) via standard OAuth flows, giving you a single authentication layer across all MCP servers
- **Policy enforcement** - [access policies](/console/access-policies/index.md) control which users and applications can access which MCP servers
- **Audit trail** - every MCP server access is logged with the authenticated user’s identity
- **Automatic credential management** - Keycard handles OAuth token exchange, refresh, and lifecycle with the remote MCP server on the user’s behalf

## Prerequisites

- A Keycard zone with an **identity provider** connected (e.g., Okta, Auth0, Google)
- **Create application** permission in your zone

Note

If you haven’t set up your zone yet, see the [Quickstart guide](/getting-started/quickstart/index.md) for initial setup.

## Add an MCP Server to Your Gateway

Adding an MCP server is a two-step process: first you install it to your zone’s Keycard MCP Gateway from the catalog, then you connect it to your development tools.

### Step 1: Install to Keycard MCP Gateway

Navigate to **Applications** in your zone’s Keycard Console, click **Add Application**, then select **Explore MCP Servers**.

![Add Application button with Explore MCP Servers option in the dropdown](/images/light/mcp-catalog/add-application-dropdown.png) ![Add Application button with Explore MCP Servers option in the dropdown](/images/dark/mcp-catalog/add-application-dropdown.png)

Browse the grid or use the search bar to find an MCP server. You can click **Install** directly from the grid, or click a server to view its details first.

![Explore MCP Servers dialog showing available servers in a two-column grid](/images/light/mcp-catalog/catalog-dialog.png) ![Explore MCP Servers dialog showing available servers in a two-column grid](/images/dark/mcp-catalog/catalog-dialog.png)

The detail view shows the server’s description, tags, version, and available tools. Click **Install** to add it to your Keycard MCP Gateway.

![MCP server detail dialog showing description, tags, tools, and Install button](/images/light/mcp-catalog/server-detail.png) ![MCP server detail dialog showing description, tags, tools, and Install button](/images/dark/mcp-catalog/server-detail.png)

Once installed, the server appears as an application on the **Applications** page with a Keycard MCP Gateway URL.

![Applications page showing the newly installed MCP server with Gateway and Keycard provided badges](/images/light/mcp-catalog/applications-after.png) ![Applications page showing the newly installed MCP server with Gateway and Keycard provided badges](/images/dark/mcp-catalog/applications-after.png)

### Step 2: Connect to Your Development Tool

Click the installed application to open its detail dialog. Use the **Install** dropdown to connect the Keycard MCP Gateway-protected server to your development tool.

![Installed MCP server detail with Install dropdown showing Cursor, Claude Code, and Install manually options](/images/light/mcp-catalog/install-to-client-dropdown.png) ![Installed MCP server detail with Install dropdown showing Cursor, Claude Code, and Install manually options](/images/dark/mcp-catalog/install-to-client-dropdown.png)

- [Cursor](#tab-panel-52)
- [Claude Code](#tab-panel-53)
- [Any MCP Client](#tab-panel-54)

1. **Select Cursor from the Install dropdown**

   Your browser asks to open Cursor. Click **Open Cursor** to continue.

2. **Confirm the installation**

   Cursor opens its **Tools & MCP** settings with the server pre-filled. Click **Install** to add it.

3. **Authenticate**

   The server initially shows **Needs authentication**. Click **Connect** to start the auth flow.

4. **Start using the tools**

   Once authenticated, the server shows a green status indicator with the number of available tools.

1) **Select Claude Code from the Install dropdown**

   A dialog appears with a `claude mcp add` command and three scope options:

   - **User** (recommended) - available across all your projects
   - **Project** - shared with your team via `.mcp.json`
   - **Local** - private to you, current project only

2) **Copy and run the command**

   Copy the command and run it in your terminal:

   Terminal window

   ```
   claude mcp add --transport http --scope user <server-name> <gateway-url>
   ```

3) **Authenticate when prompted**

   The first time Claude Code calls a tool from this server, you’ll authenticate through your browser.

Select **Install manually** to see the server **Name** and **Server URL**. Copy these values into any MCP-compatible client that supports HTTP transport.

![Add to Your MCP Client dialog showing the server name and Keycard MCP Gateway URL to copy](/images/light/mcp-catalog/install-manually.png)![Add to Your MCP Client dialog showing the server name and Keycard MCP Gateway URL to copy](/images/dark/mcp-catalog/install-manually.png)

## Authentication Flow

The first time a user connects to an MCP server through the Keycard MCP Gateway from their development tool, they complete a two-step authentication:

1. **Identity provider sign-in** - sign in with your zone’s identity provider (e.g., Okta) to verify your identity

2. **MCP server authorization** - the remote MCP server (e.g., Axiom) asks you to approve access, then Keycard manages tokens on your behalf

After both steps, you see an **Authentication Successful** confirmation. Return to your development tool to complete the connection where it started.

![Authentication Successful confirmation page in the browser](/images/dark/mcp-catalog/auth-successful.png)

Keycard handles token refresh automatically.

Tip

Want to control which users can access specific MCP servers? Create an [access policy](/console/access-policies/index.md) to restrict access based on user attributes, roles, or application identity.