search

Authentication

hashtag
Authentication

The CorralData MCP Server uses OAuth 2.0 for authentication. You sign in once through your organization's identity provider, and the server handles token management automatically.

hashtag
How authentication works

When you connect to the CorralData integration from Claude, the following happens:

  1. Claude redirects you to your organization's login page

  2. You sign in with your existing CorralData credentials

  3. You grant permissions for Claude to access CorralData tools on your behalf

  4. Claude receives a token and uses it for all subsequent tool calls

  5. Tokens refresh automatically — you won't need to sign in again unless your session expires

hashtag
Roles and permissions

What you can do through Claude depends on the roles assigned to your account in CorralData.

Role
Access level

board.edit

Create, update, and delete boards and board filters

widget.edit

Create and update widgets, datasets, and validate widget queries

Any authenticated user

All read-only tools: schema exploration, SQL execution, viewing boards/widgets/datasets

Roles are collected from all companies you belong to — if you have board.edit in any company, you can use board editing tools across CorralData.

hashtag
Tool-to-role mapping

Tools
Required role

list_boards, get_board, list_widgets, get_widget, list_board_filters, get_board_filter, list_datasets, list_schemas, list_tables, describe_table, describe_tables, get_relationships, search_tables, get_query_context, get_column_values, execute_sql, lint_sql

None (any authenticated user)

create_board, update_board, create_board_filter, update_board_filter, delete_board_filter

board.edit

create_widget, update_widget, bulk_update_widgets, validate_widget_query, create_dataset, update_dataset

widget.edit

If you try an action you don't have permission for, Claude will let you know. Contact your CorralData administrator to request additional roles.

hashtag
Security

  • Authentication uses the OAuth 2.0 Authorization Code flow with PKCE for enhanced security

  • All communication is encrypted over HTTPS

  • Tokens are validated server-side and have a limited lifetime

  • Signing out invalidates your session — no data is stored server-side

PreviousTools ReferenceNextPrivacy Policy

Last updated

Was this helpful?