Build with Sifr

Hand Sifr to your agents through MCP.

Sifr runs as an HTTP MCP server at mcp.sifrhq.com. Any compatible client — Claude Code, Claude Desktop, Cursor, Codex — can query your identity inventory, run governance workflows, and read the audit chain through 23 typed tools, behind a single Bearer key.

Generate a Sifr API key → Read MCP setup

HTTP MCP · Bearer auth

Section01

Connect any MCP client

One endpoint. One key. Four official paths.

Every supported client points at the same Sifr MCP URL and uses the same Bearer token format. Generate the key once from the dashboard, drop the install line into your client, and the sifr server appears in its tool list.

Claude CodeCLI · stdio bridge

claude mcp add --transport http sifr \
  https://mcp.sifrhq.com/mcp \
  --header "Authorization: Bearer YOUR_SIFR_KEY"

Claude Desktopclaude_desktop_config.json

{
  "mcpServers": {
    "sifr": {
      "url": "https://mcp.sifrhq.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_SIFR_KEY"
      }
    }
  }
}

Cursor~/.cursor/mcp.json

{
  "mcpServers": {
    "sifr": {
      "url": "https://mcp.sifrhq.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_SIFR_KEY"
      }
    }
  }
}

Codex~/.codex/config.toml

[mcp_servers.sifr]
url = "https://mcp.sifrhq.com/mcp"
[mcp_servers.sifr.headers]
Authorization = "Bearer YOUR_SIFR_KEY"

Section02

Tool catalog

23 governance tools, grouped by what they do.

Every Sifr workspace action exposed to MCP is a typed tool with explicit inputs, scoped to the key holder's permissions. Tools that mutate state (approve, deny, certify, revoke) extend the audit log on every call.

Dashboard & identity

5 tools · read-only

sifr_get_dashboard_stats
sifr_list_users
sifr_get_user_access
sifr_list_high_risk_access
sifr_get_anomalies

Non-human identities

4 tools · read-only

sifr_list_nhi
sifr_get_nhi_orphans
sifr_get_expiring_credentials
sifr_list_discovered_agents

Separation of duties

3 tools · read + create

sifr_get_sod_violations
sifr_list_sod_rules
sifr_create_sod_rule

Access requests

5 tools · workflow

sifr_list_access_requests
sifr_submit_access_request
sifr_process_access_request
sifr_approve_access_request
sifr_deny_access_request

Certification campaigns

4 tools · workflow

sifr_list_campaigns
sifr_create_campaign
sifr_get_campaign_items
sifr_certify_campaign_item

Lifecycle & audit

2 tools · mutate + read

sifr_revoke_user_role
sifr_get_audit_log

Section03

When to reach for which

MCP is the ambient layer. The dashboard is the system of record.

Use MCP from inside Claude, Cursor, or your IDE for fast natural-language queries and incident triage. Use the dashboard for structured certification campaigns, connector management, and visual review surfaces.

Surface	Best for	Where it wins
Sifr MCP	Security engineers, DevOps, technical users working inside Claude, Cursor, Codex, or an IDE.	Fast natural-language questions, incident triage, operational checks, and governance context without leaving the current workflow.
Sifr Dashboard	IAM, GRC, and compliance teams running structured review workflows.	Campaigns, certifications, connector management, dashboards, PDFs, evidence exports, and visual review surfaces.

Section04

Surfaces

Connect through MCP today. Public REST follows.

MCP is the supported developer surface today. Sifr's REST endpoints exist for the admin app but aren't versioned for public consumption yet — see the status note below.

Model Context Protocol

Hand Sifr to your agents.

Run Sifr as an MCP server so any compatible agent — Claude Desktop, Claude Code, Cursor, Codex — can query your identity inventory, manage access requests, and read the audit chain through the same 23 tools your security engineers use directly.

HTTP transport Bearer auth SCOPED TO YOUR KEY

Generate key →

REST API · Status

Public REST is not the supported surface yet.

Sifr's admin app uses internal REST routes (/nhi/*, /discovery/*, /connectors/*, /api/demo-request). These are not versioned, not stable, and not documented for external consumers. They will move under a stable /api/v1/* namespace with an OpenAPI spec when public REST is announced.

If you need programmatic access today, use MCP. The 23 tools above cover the same workflows the dashboard does, with per-key scoping, audit logging, and rate-limiting already in place.

Bring identity governance into the tools your team already uses.

Generate a Sifr API key, paste the install line into your MCP client, and your agents can query the operating record in a single round trip.

Generate a Sifr API key → Talk to us