sergey-tihon/mcp-entra-auth-proxy
Stdio MCP proxy for connecting AI clients to Entra ID-protected MCP servers using Azure CLI tokens
Platform-specific configuration:
{
"mcpServers": {
"mcp-entra-auth-proxy": {
"command": "npx",
"args": [
"-y",
"mcp-entra-auth-proxy"
]
}
}
}Add the config above to .claude/settings.json under the mcpServers key.
[](https://www.npmjs.com/package/mcp-entra-auth-proxy) [](https://www.npmjs.com/package/mcp-entra-auth-proxy) [](./LICENSE)
> Workaround solution. This proxy exists because most MCP clients do not yet natively support Microsoft Entra ID authentication. If your MCP client supports Entra ID auth natively, prefer using its built-in authentication flow instead of this proxy.
Local stdio MCP proxy that forwards requests to a remote MCP server, authenticating via Microsoft Entra ID tokens from the az CLI.
Use it to connect any MCP-compatible AI client (VS Code Copilot, Claude Code, OpenCode, Cursor, etc.) to a remote Microsoft Entra ID-protected MCP server — without embedding credentials in the client config.
+--------------+ +----------------------+ +--------------+
| AI Client | stdio | mcp-entra-auth-proxy | HTTP(S) | Remote MCP |
| (VS Code, |<-------->| (local) |<-------->| Server |
| Claude, ..) | | | + Bearer | (Entra ID |
| | | | token | protected) |
+--------------+ +----------------------+ +--------------+mcp-entra-auth-proxy as a local stdio MCP serveraz account get-access-tokenaz loginThe Azure CLI (`az
Loading reviews...