You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-functions/functions-mcp-foundry-tools.md
+30Lines changed: 30 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -198,6 +198,36 @@ To connect to your MCP server endpoint:
198
198
199
199
1. Select **Save** to save the MCP tool configuration in your agent.
200
200
201
+
### [OAuth Identity Passthrough](#tab/oauth-id)
202
+
203
+
The agent prompts the user to login and uses the access token returned there to connect to the server.
204
+
205
+
1. Go to the [Foundry portal (new Foundry)](https://ai.azure.com/nextgen).
206
+
207
+
1. Select the **Build** tab at the top of the page and select an agent to connect to your MCP server.
208
+
209
+
1. In the **Playground** tab, expand **Tools** dropdown and select **Add**.
210
+
211
+
1. In the **Custom** tab in **Select a tool**, select **Model Context Protocol (MCP)** > **Create**.
212
+
213
+
1. In **Add Model Content Protocol tool**, enter the information from this table to configure OAuth Identity Passthrough connection:
214
+
215
+
| Field | Description | Example |
216
+
| ----- | ----------- | ------- |
217
+
|**Name**| A unique identifier for your MCP server. You can use your function app name. |`my-mcp-functions`|
218
+
|**Remote MCP Server endpoint**| The URL endpoint for your MCP server. |`https://my-mcp-functions.azurewebsites.net/runtime/webhooks/mcp`|
219
+
|**Authentication**| The authentication method to use. |`OAuth Identity Passthrough`|
220
+
|**Client ID**|The client ID of your Funciton app's Entra registration|`00001111-aaaa-2222-bbbb-3333cccc4444`|
221
+
|**Client secret**| The client secret of your Funciton app's Entra registration | Leave it blank|
222
+
|**Token URL**| The endpoint your server app calls to exchange an authorization code or crednetial for an access token. |`https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/token`|
223
+
|**Auth URL**| The endpoint where users are redirected to authenticate and grant authorization to your server app. |`https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/authorize`|
224
+
|**Refresh URL**| The endpoint used to obtain a new access token when the current one expires. |`https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/token`|
225
+
|**Scopes**| The specific permissions or resource access levels your server app requests from the authorization server |`api://00001111-aaaa-2222-bbbb-3333cccc4444`|
226
+
227
+
1. Select **Connect** to create a connection to your MCP server endpoint. You should now see your server name listed under **Tools**.
228
+
229
+
1. Select **Save** to save the MCP tool configuration in your agent.
230
+
201
231
### [Unauthenticated](#tab/unauthenticated)
202
232
203
233
Use unauthenticated access only when your MCP server doesn't require authentication and accesses only public information.
0 commit comments