Connect agents to tools
Install a managed MCP server from the Keycard MCP Catalog, connect it to Cursor or Claude Code, and verify every tool call in the audit log.
Use the Keycard MCP Catalog to connect AI agents to your team’s approved tools, starting with managed MCP servers like Linear, Sentry, and Axiom. This 5-minute worked example installs Linear, connects it to your dev tool, and verifies every tool call in the audit log.
Prerequisites
Section titled “Prerequisites”- A Keycard zone with an identity provider connected
- A Linear account
- Cursor or Claude Code installed
Install Linear from the catalog
Section titled “Install Linear from the catalog”In Keycard Console, go to Applications → Add Application → Explore MCP Servers, find Linear, and click Install. Linear will appear on the Applications page with a Gateway badge, meaning it’s proxied through the Keycard MCP Gateway.
Connect Cursor or Claude Code
Section titled “Connect Cursor or Claude Code”Click the installed Linear application, then use the Install dropdown to select your client. Cursor opens with a prompt to add the MCP server; Claude Code shows a configuration snippet to paste.
Authenticate
Section titled “Authenticate”-
Sign in with your identity provider
When your AI agent first calls a Linear tool, you will be prompted to sign in through your zone’s identity provider (e.g., Okta, Auth0).
-
Authorize access to Linear
After signing in, authorize the connection to Linear. This grants Keycard permission to manage Linear credentials on your behalf.
-
Confirmation
You will see an Authentication Successful message. Return to your development tool to complete the connection - your AI agent can now call Linear tools.
Use Linear tools
Section titled “Use Linear tools”Try these prompts in your connected dev tool:
- “List my assigned issues” - see what’s on your plate
- “Create an issue in the Backend team titled ‘Add rate limiting to API’” - create work items without leaving your editor
- “Show all in-progress issues for the current cycle” - track sprint progress
Each request flows through the Keycard MCP Gateway, so every MCP server access is tied to your identity and logged.
Verify in Audit Logs
Section titled “Verify in Audit Logs”In Keycard Console, navigate to Audit Logs to see the full flow:
| Event | Description |
|---|---|
users:authenticate | User signed in via your zone’s identity provider |
users:authorize | User authorized access to Linear through the gateway |
credentials:issue | Access token issued - shows the identity chain (user + Linear application) |
Each credentials:issue event includes an identity chain showing both the user identity (e.g., alice@acme.com) and the application identity (Linear), so you can trace exactly which user accessed which MCP server.
Next steps
Section titled “Next steps”- MCP Gateway reference — full server catalog and Gateway architecture
- Access Policies — control who can access Linear and what actions are allowed
- Access APIs on Behalf of Users — when the catalog does not have what you need