Skip to main content
Every MCP Gateway you create is set to one of two visibility levels: Personal or Tenant. This setting controls who can see the gateway and who can use it. Creating, editing, and deleting a Gateway of either level is restricted to the Platform Admin and Security Admin roles; other roles, including plain Admin and End User, don’t have gateway creation access today.

Personal Gateways

A Personal gateway belongs to the Platform Admin or Security Admin who created it.
  • Only the creator can see it in the Gateway List, connect to it, or edit its configuration.
  • Other admins in your organization browsing the full gateway list won’t see a Personal gateway that isn’t theirs.
Personal gateways are a good fit for an individual admin’s own workflows: testing a new server before rolling it out more broadly, or building a gateway tailored to how they work.

Tenant Gateways

A Tenant gateway is shared across your entire organization.
  • Every user in the tenant can see it and connect to it as an MCP endpoint.
  • Only a Platform Admin or Security Admin can create, edit, or delete a Tenant gateway. Everyone else has read and use access, but can’t change its configuration.
Tenant gateways are the right choice for shared, standardized workflows, such as a support team’s toolset or a company-wide set of approved integrations.

Promoting a Gateway to Tenant

If a Personal gateway turns out to be useful for a wider group, a Platform Admin or Security Admin can promote it to Tenant visibility, making it available to everyone in the organization.
Promoting a gateway to Tenant is permanent. Once a gateway is Tenant level, it can’t be demoted back to Personal. If you want to keep a private version alongside the shared one, create a separate Personal gateway rather than converting your only copy.

Naming Gateways

Gateway names must be unique across your entire tenant, not just among your own gateways. If another user has already named their Personal gateway “Support Tools,” you won’t be able to use that same name for a gateway of your own. If you hit a naming conflict while creating a gateway, just pick a more specific name.

Personal vs. Tenant at a Glance

PersonalTenant
Who can see itOnly the creatorEveryone in the organization
Who can use itOnly the creatorEveryone in the organization
Who can edit or delete itOnly the creatorPlatform Admin or Security Admin
Who can create onePlatform Admin or Security AdminPlatform Admin or Security Admin
Can it change levelsCan be promoted to Tenant by its creatorCannot be demoted back to Personal

Connected App Credentials

The apps you connect to a gateway (Slack, Jira, Google Drive, and so on) carry their own Personal or Tenant designation, separate from the gateway’s own visibility setting. A Tenant gateway doesn’t require every connected app to be Tenant level, and a Personal gateway can still make use of a Tenant-shared connection. See Tenant vs. Personal Level App Credentials for how that works.

Monitoring and Activity

Gateway visibility controls access to the gateway’s configuration, not who can see its usage. Whether a gateway is Personal or Tenant, its activity is still included in tenant-wide monitoring for admins with that visibility. See MCP Monitoring for details on who can see what.

Radar and Tool Scanning

Features like Radar and Tool Scanning work the same way on both Personal and Tenant gateways. Neither one depends on the gateway’s visibility level, so you can enable them freely on either type.