The MCP Gateway for Authentication,
Access Control, and Audit
Most enterprises are governing AI agents with system prompts and wishful thinking. Horizon Gateway replaces vibe governance with real access control — authentication, RBAC, and audit enforced at the infrastructure layer, not in a prompt a model can ignore.
From the creators of FastMCP
OAuth 2.1 & SSO
Tool-level RBAC
Audit logging
Tool access is not a binary.
It's a policy surface.
When you build the framework most MCP servers run on, you learn quickly that the questions are always the same: Who can call this tool? Under what conditions? Using which credentials? With what audit trail?
Horizon Gateway answers those questions at the infrastructure layer — authentication, access control, and audit logging enforced by the platform, not by prompts.
Enterprise MCP Gateway
Horizon works with your identity provider.
Put Gateway between every AI client and every MCP tool, then keep identity anchored in the IdP your company already trusts. User claims, group membership, policy decisions, and audit events stay in one governed path. Popular configurations include Okta, Microsoft Entra ID, Google Workspace, Auth0, OneLogin, JumpCloud, Ping Identity, CyberArk, and Duo.
Claims
Read from IdP
Policy
Applied per tool
Audit
Written once
Supported identity providers
65 supported identity integrations across SAML, OIDC, OAuth, SCIM, and directory sync.
IdentityGatewayMCP
Access People HR
Identity provider
Apple
Identity provider
AWS Cognito
Identity provider
Breathe HR
Identity provider
CAS SAML
SAML
ClassLink
Identity provider
Cloudflare
Identity provider
CyberArk SCIM
SCIM
Entra ID OIDC
OIDC
Entra ID SCIM
SCIM
Fourth
Identity provider
GitLab OAuth
OAuth
Google OAuth
OAuth
Google SAML
SAML
Intuit OAuth
OAuth
JumpCloud SCIM
SCIM
LastPass
Identity provider
Login.gov OpenID Connect
OIDC
Microsoft OAuth
OAuth
NetIQ
Identity provider
Okta OIDC
OIDC
Okta SCIM
SCIM
OneLogin SCIM
SCIM
PingFederate SAML
SAML
PingOne SAML
SAML
Rippling SAML
SAML
SailPoint SCIM
SCIM
Salesforce SAML
SAML
Shibboleth Unsolicited SAML
SAML
Slack OAuth
OAuth
Supabase + WorkOS SSO
SSO
VMware
Identity provider
Xero OAuth
OAuth
Okta
SAML, OIDC, SCIM
Microsoft Entra ID
SAML, OIDC, SCIM
Google Workspace
SAML, OIDC
Auth0
SAML federation
OneLogin
SAML, SCIM
JumpCloud
SAML, SCIM
Ping Identity
SAML, SCIM
CyberArk
SAML, SCIM
Duo
SAML
ADP OpenID Connect
OIDC
Auth0
Identity provider
BambooHR
Identity provider
Bubble Plugin
Identity provider
Cezanne HR
Identity provider
Clever OIDC
OIDC
CyberArk SAML
SAML
Duo
Identity provider
Entra ID SAML
SAML
Firebase
Identity provider
GitHub OAuth
OAuth
Google Directory Sync
Directory sync
Google OIDC
OIDC
HiBob
Identity provider
JumpCloud SAML
SAML
Keycloak
Identity provider
LinkedIn OAuth
OAuth
Microsoft AD FS SAML
SAML
miniOrange
Identity provider
NextAuth.js
Identity provider
Okta SAML
SAML
OneLogin SAML
SAML
Oracle SAML
SAML
PingFederate SCIM
SCIM
React Native Expo
Identity provider
Rippling SCIM
SCIM
Salesforce OAuth
OAuth
Shibboleth Generic SAML
SAML
SimpleSAMLphp
SAML
Supabase + AuthKit
AuthKit
Vercel OAuth
OAuth
Workday
Identity provider
MCP Access Control
Every tool call. Authenticated, authorized, audited.
Who can call this tool?
MCP RBAC down to the individual tool. Tie access to identity provider roles and groups so teams only see the tools they should actually use.
Under what conditions?
Separate permissions for discovering a server, using it, and managing it. Granular MCP governance instead of a binary allow or deny.
Using which credentials?
Authentication handled at the gateway. OAuth, SSO, and API key controls keep your underlying systems from ever exposing raw credentials to agents.
With what audit trail?
Every access attempt is logged, showing who called what, when, and whether they were allowed. Usage dashboards and audit trails give security teams the visibility they actually need.
The Risk
You can't prompt-engineer your way out of operational risk
Vibe governance is everywhere. Agents with access to billing systems, production databases, and customer credentials — constrained by nothing more than a system prompt asking them to “please be careful.” You already know how that ends.
That's not MCP server security. That's a breach report waiting to be written.
Horizon Gateway turns MCP tools into governed capabilities. Every tool invocation passes through the gateway, where authentication is verified, permissions are enforced, and access is logged. Your agents get exactly the capabilities they need, nothing more and nothing less.
Add MCP governance in minutes
Start free, then layer on enterprise governance as your MCP footprint grows.