Introduction
The MCP connector enables you to connect Sana to thousands of external tools, services and data sources by using the Model Context Protocol (MCP), an open-source standard for AI-tool integrations. This functionality provides your workspace with greater flexibility and the ability to unlock new use-cases as it allows you to integrate tools built by your team, third-party developers or other service providers that do not yet have native integrations in Sana.
To ensure a safe experience, workspace admins can publish MCP connectors to the workspace and control access and non-admins cannot connect any MCP unless an admin has already set it up and made it available for that specific user.
Important note: Use third-party MCP servers at your own risk - Sana is not able to verify the quality or security of the servers you choose to install. You are responsible for verifying that the MCP server you choose to connect to is safe for your organization to use before connecting. Read more about safety best practices below.
Integration capabilities
The capabilities of the Sana MCP integration is dependent on the chosen remote server and which tools that the workspace admin who set it up allows. For example, if an admin connects to the official Linear MCP server and enables both read and write
tools, then users will be able to read and write to Linear.
Type of integration
The MCP connector in Sana differs from the common private, shared or centralized types and can be described as a mix of all depending on which MCP server you choose to connect to.
More specifically, only workspace admins can set up a brand new MCP integration and make it available inside of Sana. When setting up this integration, the admin chooses which user, or group of users, that should be able to see the integration on their list of available integrations and choose to connect to it. Users who get chosen to be able to connect to the integration by the workspace admin still need to authenticate to the MCP server with their individual credentials if the connected MCP server requires authentication.
Availability
Free tier | Team tier | Enterprise tier |
❌ | ❌ | ✅ |
Scope and permissions
The scope and permissions requested by the app will depend on the remote server you connect to.
Risks and safety best practices
Getting the opportunity to connect to any remote MCP server is a powerful feature - it brings a lot of potential benefits to extend your capabilities as you can connect to other systems but it also brings a lot of risks as Sana has not verified these third-party applications.
As MCP servers act as connectors between Sana and external applications you should keep the following in mind:
Connect only to servers you trust: Use Sana only with MCP servers that are hosted and maintained by organizations and services you consider reliable.
Check permission requests closely: When authorizing a server, carefully examine which permissions it asks for. Restrict these where you can, and refuse access if the requested permissions don’t seem necessary.
Watch out for prompt injections: Harmful MCP servers might try to sneak in instructions that cause Sana to take unintended actions. Sana includes defenses against such attacks, but you still need to scrutinize tool inputs and outputs and stick to trusted servers.
Track changes in tool behavior: MCP server maintainers can change how tools work over time, which might introduce unexpected or unsafe behavior. Regularly pay attention to these changes to avoid unintended or malicious effects.
Supported protocols
Sana strives to implement all features of the latest MCP protocol, but some specific features may not be fully supported yet. If you encounter any compatibility issues, please contact your engagement manager.
Furthermore, Sana supports the "Streamable HTTP" transport protocol for MCP, with a fallback to "SSE" (Server-Sent Events). This ensures robust and efficient communication with remote MCP servers.
Integration set-up
Pre-requisite for admins
1. Navigate to the “Custom MCP integration section” in the integrations tab inside of the workspace settings and click on “Add MCP integration”.
2. Fill in the information in the pop-up and click “Add integration”.
3. After setting up the MCP, it should be visible in the list of custom MCP integrations inside of the integrations tab on the workspace settings page, see example below. Now, regular users should be able to see it and connect to it through the normal integrations page.
For regular users
1. Go to the integrations page, scroll down to the section “Available custom integration” and click on the integration you want to add.
2. Read through the description, verify that you trust the application and click “Continue”.
3. If the MCP server requires authentication you need to approve it. See example below for Linear MCP server where the user is redirected. After clicking approve you should be redirected back to Sana and continue to the next step.
4. Preview the available tools configured by your workspace admin to understand the capabilities, click continue once ready.
5. The integration should now be available in the “MCP integrations” table on the integrations page. This means that it is now correctly set up and ready to be used.
Known limitations
Be cautious when adding custom remote MCP servers; always review their capabilities to avoid unwanted actions or malicious software.
The list of tools exposed by the connected MCP server can change over time, which may cause certain functionalities to stop working or behave differently.
The MCP ecosystem is still in an early stage: breaking changes, lack of documentation, and incomplete implementations are common.
We currently do not support MCPs that require manual OAuth endpoint configuration. The MCP server must support automatic OAuth discovery documents.
When setting up a MCP server, the workspace admin can not get a list of the available tools before setting up the server. This makes it cumbersome to add custom tool names in the tool configuration as you do not know which ones to include. Until we get a more sophisticated solution for this, a tip can be to first create an empty test MCP server only accessible for you where you allow all tools so you can see which ones exist. After that is set up you can preview it and note down the exact tools you want and then specify them.
FAQ
Q: What is a remote MCP server?
A: MCP is a protocol that standardizes how applications provide context to LLMs. Some companies have created remote MCP servers that expose a particular application’s capabilities to developers and end-users through requests to their remote MCP server.
Q: Can I toggle on/off specific tools?
A: Yes and no, workspace admins can choose which tools that should be on and off for the chosen MCP integration and those rules will apply for each user who chooses to connect to it, see image below. Individual users will not have the ability to override these selections and can hence not toggle on/off specific tools.
Q: Why should I add a remote MCP server?
A: Sana integrates with many third-party applications, but not all. If there is an application you want to use that we don’t currently support, you can connect it yourself by adding it through a remote MCP server.
Q: Why can't I see which tools are available when setting up the MCP in the Workspace settings?
A: The tools in an MCP is fetched dynamically and hence requires you to authenticate to the server before fetching the list of available tools. This means that you will not be able to preview them when setting them up in the workspace settings. To go around this, you could however make the integration only available to you and then set it up as a normal user to be able to view all available tools. If you are then interested in toggling some tools on or off, you can go back into the workspace settings and the desired tools to the Tool Configuration as you now know which ones are available.
Q: Why does not the MCP server perform well?
A: Sana got no control of the quality of the MCP servers you choose to connect to and their capabilities depends on what the developers of the MCP server have chosen to include. Make sure to review the list of available tools to get a better understanding of supported capabilities and iterate on the system prompt to help prompt the agent to improve the results if needed.
Q: What should I use the system prompt for?
A: The system prompt can be used to give instructions to the AI on how it should interact with the MCP server to improve its performance.
Q: Who can I select to share the MCP connector with as a workspace admin?
A: You can choose to share it with all workspace users, individual users or user groups.
Q: Why is my MCP server not working anymore or behaving differently?
A: The list of tools exposed by the connected MCP server can change over time as it is owned by an external maintainer. This may cause certain functionalities to stop working or behave differently.
Q: How can I find safe remote MCP servers to add?
A: Sana recommends always using only official MCP servers from trusted providers. Check their websites to confirm this is a service they support.
Q: Are MCP requests made from the backend or frontend?
A: All requests to remote MCP servers are made from the backend for enhanced security and reliability.
Q: Which types of authentication can I use?
A: It depends on what the chosen MCP server supports and requires. When setting up an MCP server we currently select OAuth (recommended), API key or no authentication.
Data handling & privacy
Sana AI is fully committed to data security and privacy. All data accessed by Sana AI is encrypted both in transit and at rest. Sana does not train any underlying language models on your data, ensuring the privacy of your information. Sana AI is ISO 27001 certified; and SOC 2 and GDPR compliant, and adheres to the highest standards of data security.