search

Apono Agentic Access

Enable AI agents to discover resources, request access, and connect to infrastructure directly from your coding tools

Apono Agentic brings infrastructure access management into your AI-powered coding tools. Your AI assistant can discover cloud resources, request just-in-time access, and connect to databases and services — all without leaving your workflow.

  • Autonomous access: Your AI agent discovers resources, requests access, and retrieves credentials on your behalf

  • Policy enforcement: All access follows your organization's Apono policies, including approvals and time-based grants

  • Secure by design: Credentials are handled through Apono's secure proxy — the AI agent never sees raw secrets

hashtag
Prerequisites

Requirement
Details

Node.js

Version 16 or later installed on your machine

Apono account

An active Apono account with access policies configured by your organization's admin

AI client

One of the supported clients: Claude Code, Claude Desktop, or Cursor

hashtag
How it works

When your AI client starts the Apono MCP server:

  1. Binary download (first run only) — The npm wrapper automatically downloads the Apono CLI binary to ~/.local/bin/apono-agentic.

  2. Authentication (first run only) — A browser window opens for OAuth2 login. Your credentials are stored locally so you don't need to log in again until the token expires.

  3. Agent registration — The MCP server registers itself as an agent with Apono, enabling policy-based access control for AI-initiated requests.

  4. Proxy starts — The server begins accepting tool calls from your AI client over the MCP protocol.

hashtag
Install on Claude Code

Follow these steps to install the Apono Agentic MCP server on Claude Code:

  1. Open the Claude Code configuration file at ~/.claude/claude_code_config.json.

  2. Add the following MCP server configuration:

  1. Save the file and restart Claude Code.

  2. On first run, a browser window opens for login. Sign in with your Apono account.

circle-info

To verify the installation, ask the assistant to list your available integrations. You should see results from your Apono account.

hashtag
Install on Claude Desktop

circle-exclamation

MCP integrations are currently supported only within the Claude Desktop application.

Follow these steps to install the Apono Agentic MCP server on Claude Desktop:

  1. Open the Claude Desktop configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

  • Windows: %APPDATA%\Claude\claude_desktop_config.json

  1. Add the following MCP server configuration:

  1. Save the file.

  2. Quit and restart Claude Desktop.

  3. On first run, a browser window opens for login. Sign in with your Apono account.

circle-info

To verify the installation, ask the assistant to list your available integrations. You should see results from your Apono account.

hashtag
Install on Cursor

Follow these steps to install the Apono Agentic MCP server on Cursor:

  1. Open the Cursor MCP configuration file at .cursor/mcp.json in your project root, or globally at ~/.cursor/mcp.json.

  2. Add the following MCP server configuration:

  1. Save the file.

  2. Quit and restart Cursor.

  3. On first run, a browser window opens for login. Sign in with your Apono account.

circle-info

To verify the installation, ask the assistant to list your available integrations. You should see results from your Apono account.

hashtag
Use multiple accounts

If you need to connect to more than one Apono account (for example, production and staging), use the --profile flag to create separate MCP server entries:

Each profile stores its own authentication credentials, so you can be logged into multiple accounts simultaneously. Replace claude-code with the appropriate --agent-type for your client.

hashtag
Use the Apono Agentic tools

Once installed, your AI assistant can interact with your infrastructure through Apono. Start a conversation and use natural language to manage access.

Sample prompts

- "List my available resources."

- "What tables do I have in my DB?"

- "I need access to the production PostgreSQL."

hashtag
Available tools

The table below lists the tools available to your AI assistant through the Apono Agentic MCP server.

Tool
Description

list_available_resources

Browse integrations and resources your organization has connected to Apono, including current access status

ask_access_assistant

Get scoped access recommendations for a specific task. The assistant analyzes what you need and suggests the right resources and permissions

create_access_request

Submit a just-in-time access request following your organization's approval policies

get_request_details

Check the status of a pending or completed access request

list_resources_filtered

Filter available resources by specific criteria such as type, integration, or permission level

circle-info

After submitting an access request, you will receive a notification through your configured channels (Slack, Teams, or email). The AI assistant can also check the request status for you.

hashtag
Security notes

hashtag
Authentication

Your AI client connects to Apono through the MCP server using OAuth2. On first run, a browser window opens for SSO login. Your credentials are stored locally and refreshed automatically. You may need to re-authenticate periodically when your token expires.

hashtag
Authorization

When the AI assistant first calls an Apono tool, your client may prompt you to authorize the action. Select Allow once to maintain control over when and how each tool is used.

hashtag
Credential handling

The Apono Agentic MCP server uses a secure proxy to manage credentials. Connection details are passed directly to your tools and sessions — the AI assistant itself does not have access to raw credentials.

hashtag
Troubleshoot the server

If the MCP server does not appear or tools are unresponsive, try these steps in order:

  1. Check Node.js version. Ensure Node.js 16+ is installed:

  1. Re-authenticate. Run the login command manually:

  1. Restart your AI client. MCP servers load when the client starts. Quit and reopen the application.

  2. Force agent re-registration. If authentication succeeds but the server still doesn't respond:

Replace <your-agent-type> with claude-code, claude-desktop, or cursor.

  1. Enable debug logging. Add "--debug" to the args in your configuration file:

  1. Check log files. Logs are written to platform-specific locations:

$HOME/Library/Application\ Support/apono-cli/mcp_logging.log

  1. If the problem persists, send the mcplogging.log file to Apono Support at [email protected]envelope.

circle-check

Manual authentication: If a browser cannot open automatically (common in remote or headless environments), run npx -y @apono-io/apono-mcp@latest login from a terminal with browser access. To use a personal token instead, run npx -y @apono-io/apono-mcp@latest login --personal-token.

Last updated

Was this helpful?