Activate and configure Secure MCP
Secure MCP is configured in the VIP Dashboard at 2 levels:
- A single organization-wide enablement.
- Per-application control over which toolsets are activated where.
Secure MCP is disabled by default. An Org admin must activate it for the organization before any AI agent can connect.
Roles and permissions
Activating Secure MCP requires an Org admin role, and changing toolset access for an application requires an Org or App admin role. Manage roles via the People panel in the VIP Dashboard.
Activate MCP for the organization
The Global MCP setting controls whether MCP is allowed anywhere in the organization.
- Follow the steps to Add an integration to an organization via the Integrations Center of the VIP Dashboard.
- Navigate to the organization view.
- Select Integrations from the left-hand navigation menu to open the Org Integrations panel.
- Find Secure MCP in the list of integrations and select Manage to open its Manage Integration panel.
- In the Global MCP section, select Activate MCP.
- The status of Global MCP changes to Active. Access to MCP toolsets is now managed per application.
When Global MCP is active, an Org admin can pause access at any time by selecting Deactivate MCP. Deactivating stops every agent across the organization from reaching any application, regardless of per-application settings.
Control toolsets per application
The VIP MCP and WordPress MCP toolsets are controlled independently. Enabling VIP MCP for an application lets agents operate the VIP Platform for that application; enabling WordPress MCP lets agents operate the WordPress site. An application with both toolsets disabled is not reachable by an agent even while Global MCP is active for the organization.
From the Org Integrations panel
After Global MCP is active, use the Activation Map section of the Manage Integration panel to choose which toolsets are enabled for applications.
The application list displays one row per application. Select Add Application to add an application to the list.
Expand an application’s details and controls by selecting the arrow to the left of its name. This displays all of the application’s environments (production and non-production). For each, VIP MCP and WordPress MCP can be toggled on. Both are disabled by default.
From the App Integrations panel
Once Global MCP is active, an Org or App admin can activate toolsets for an application via the App Integrations panel. From the list of App Integrations, find Secure MCP and select Configure to open its Configure Integration panel. Here, under App Activation Controls, VIP MCP and WordPress MCP can be toggled on to enable either toolset.
Configuration is transactional at the organization level
When an organization-level change updates Secure MCP and its toolsets together, the update is applied as a single transaction. If part of the update fails, the changes that succeeded are rolled back so the configuration does not end in a partial state. No action is required from an Org admin; on failure, the previous configuration is restored and the change can be retried.
Pause or remove access
To pause all access without losing per-application settings, an Org admin can deactivate Global MCP. Reactivating restores the previous per-application toolset configuration.
To remove access for a single application, disable both toolsets for that application while leaving Global MCP active for the rest of the organization.
Last updated: July 02, 2026