Glean supports OAuth 2.0 with Glean acting as both the Authorization Server (issuing tokens) and the Resource Server (validating and consuming them), while still relying on your enterprise Identity Provider (IdP) for user authentication via OIDC or SAML. This provides fine‑grained, Glean‑defined scopes and a simpler onboarding experience than delegating scopes solely to external IdPs. The following diagram depicts a sample auth flow enabled by the Glean OAuth Server: third-party MCP hosts connecting with Glean’s remote MCP server. alt "Sample auth flow"