QUESTION

Does Panther MCP support user-based API keys or OAuth/SSO authentication?

ANSWER

Currently, Panther MCP does not support user-linked API keys or OAuth/SSO authentication. Access control for MCP is managed through API token that define permissions at the token level rather than the individual user level.

The recommended approach is to create API tokens scoped to each use case and manage access accordingly. For example:

• Threat hunting use case → Tokens can be limited to query the data lake and schemas.

• Rule development use case → Tokens may need access to detections, alerts, and the data lake.

For instructions on how to create an API token, please refer to our documentation.

If you’d like Panther to support user-linked API keys or OAuth/SSO authentication for MCP, please reach out to Panther Support to request this feature.