Storm Tools
Storm MCPStorm RouterChallenge
Resources
Leaderboard

Authentication Setup

Storm MCP Gateway uses enterprise-grade authentication powered by Keycloak to ensure your integrations remain secure. This guide covers all authentication methods and security configurations.

Authentication Overview

Storm MCP Gateway supports multiple authentication methods:

  • OAuth 2.0 - For seamless, secure authentication with third-party services
  • API Keys - For programmatic access and automation
  • SSO (Single Sign-On) - Enterprise identity provider integration
  • Multi-Factor Authentication - Additional security layer

Primary Authentication

OAuth 2.0 Login

The recommended authentication method for web access:

  1. Navigate to Storm MCP Gateway

  2. Choose Your Provider

    • Google - Use your Google account
    • GitHub - Authenticate with GitHub
    • Email - Traditional email/password

  3. Grant Permissions

    • Review requested permissions
    • Click "Authorize" to proceed

  4. Complete Setup

    • First-time users: Complete profile setup
    • Returning users: Redirected to dashboard

Success

OAuth authentication automatically handles token refresh, keeping you signed in securely.

API Key Authentication

For programmatic access and client integrations:

Generating API Keys

  1. Navigate to API Keys Section

    • Go to Gateways page
    • Click the key icon in the top right

  2. Create New Key

    Click "Generate New API Key" → Enter a descriptive name → Select expiration (optional) → Click "Generate"

  3. Store Securely

    ⚠️ Warning

API keys are shown only once! Copy and store them immediately in a secure location.

Using API Keys

Include the API key in your requests:

# Header authentication curl -H "Authorization: Bearer YOUR_API_KEY" \ https://api.stormmcp.ai/v1/gateways # Query parameter (less secure) curl https://api.stormmcp.ai/v1/gateways?api_key=YOUR_API_KEY

API Key Best Practices

  • Rotate regularly - Generate new keys every 90 days
  • Use descriptive names - e.g., "Production-Cursor-Integration"
  • Set expiration dates - Automatic invalidation for temporary keys
  • Limit scope - Create separate keys for different purposes
  • Never commit to code - Use environment variables

MCP Client Authentication

Claude Desktop

Claude Desktop supports two authentication methods:

Option 1: OAuth (Recommended)

  1. Click Claude Desktop button on your gateway
  2. Select OAuth Authentication
  3. Complete the browser authentication flow
  4. Claude Desktop auto-configures

Option 2: API Key

  1. Generate an API key (see above)
  2. Click Claude Desktop button
  3. Select API Key Authentication
  4. Configuration is copied automatically

Cursor IDE

Cursor uses a deeplink protocol for authentication:

  1. Click Cursor button on your gateway
  2. Select authentication method:
    • OAuth (opens browser)
    • API Key (instant setup)
  3. Cursor receives configuration automatically

Configuration format:

{ "mcpServers": { "storm-gateway": { "command": "npx", "args": ["-y", "@storm-mcp/gateway-client"], "env": { "STORM_GATEWAY_URL": "https://gateway.stormmcp.ai/YOUR_ID", "STORM_API_KEY": "YOUR_API_KEY" } } } }

Enterprise SSO Integration

For enterprise customers using identity providers:

Supported Providers

  • Active Directory / LDAP
  • Okta
  • Auth0
  • PingIdentity
  • Azure AD
  • Google Workspace
  • Custom SAML 2.0

Configuration Steps

  1. Contact Support

  2. Configure IdP

    <!-- SAML Configuration --> <EntityDescriptor> <SPSSODescriptor> <AssertionConsumerService Location="https://auth.stormmcp.ai/saml/callback" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> </SPSSODescriptor> </EntityDescriptor>

  3. Map Attributes

    • Email → email
    • Name → name
    • Groups → groups (optional)

  4. Test Integration

    • Use test account first
    • Verify attribute mapping
    • Check group assignments

Multi-Factor Authentication (MFA)

Enhanced security with two-factor authentication:

Enabling MFA

  1. Go to SettingsSecurity
  2. Click Enable Two-Factor Authentication
  3. Choose method:
    • Authenticator App (recommended)
    • SMS (requires phone verification)
    • Email (backup option)

Authenticator App Setup

  1. Install authenticator app:

    • Google Authenticator
    • Microsoft Authenticator
    • Authy
    • 1Password

  2. Scan QR code or enter manual key

  3. Enter verification code

  4. Save backup codes securely

ℹ️ Info

Store backup codes in a secure location. They're your only recovery method if you lose access to your MFA device.

Role-Based Access Control (RBAC)

Storm MCP Gateway supports fine-grained permissions:

User Roles

RolePermissions
OwnerFull access, billing, user management
AdminManage gateways, apps, view logs
DeveloperCreate/edit gateways, connect apps
ViewerRead-only access to all resources

Managing Roles

  1. Navigate to SettingsTeam
  2. Click Invite Member
  3. Enter email and select role
  4. User receives invitation email

Security Best Practices

Session Management

  • Auto-logout - Sessions expire after 24 hours of inactivity
  • Concurrent sessions - Limited to 5 active sessions
  • Session monitoring - View active sessions in Settings

Token Security

// Secure token storage localStorage.setItem('token', encryptedToken); // Token refresh if (tokenExpired) { const newToken = await refreshToken(); updateStoredToken(newToken); }

IP Whitelisting (Enterprise)

Restrict access to specific IP ranges:

{ "allowed_ips": [ "192.168.1.0/24", "10.0.0.0/8", "203.0.113.0/32" ] }

Troubleshooting Authentication

Common Issues

"Invalid credentials" error

  • Verify email/password
  • Check for typos
  • Try password reset

"Session expired" message

  • Normal after 24 hours
  • Click "Sign In" to refresh
  • Check "Remember me" for longer sessions

OAuth callback errors

  • Clear browser cookies
  • Check popup blockers
  • Try different browser

API key not working

# Verify key format echo $STORM_API_KEY | base64 -d # Should decode successfully # Test key curl -H "Authorization: Bearer $STORM_API_KEY" \ https://api.stormmcp.ai/v1/auth/verify

MFA issues

  • Ensure device time is synced
  • Use backup codes if needed
  • Contact support for reset

Security Compliance

Storm MCP Gateway maintains compliance with:

  • SOC 2 Type II - Annual audits
  • ISO 27001 - Information security
  • GDPR - Data protection
  • HIPAA - Healthcare data (Enterprise)
  • PCI DSS - Payment card data

Next Steps

With authentication configured:

  1. Create Your First Gateway
  2. Set Up Team Access
  3. Configure Security Policies

Support

Authentication questions?

Previous
Installation
Next
Creating Gateways