Agen for SaaS provides the infrastructure for SaaS products to safely expose their APIs and capabilities to AI platforms and agents. It turns your product into an AI-native platform, allowing customers to interact with it through AI assistants like ChatGPT, Claude, Gemini, or custom MCP agents — while maintaining security, governance, and compliance.
This page explains the core concepts that make Agen for SaaS work.
The MCP Gateway is the managed entry point that connects AI agents to your product's APIs through the Model Context Protocol (MCP).
- Hosted and orchestrated by Agen for SaaS at a unique URL (e.g.,
your-id.mcp-gw.frontegg.com). - Exposes your APIs as Tools that AI agents can discover and invoke.
- Enforces authentication, access control, policies, data protection, and hooks on every request.
- Provides a Test MCP Server button to verify your gateway is operational at any time.
The gateway URL is auto-generated when you create your server and can be copied directly from the control plane or the Configuration tab.
A Source is a connection to an external API or service that provides the tools your AI agents can use. Agen for SaaS supports three source types:
| Source type | Description | Input format |
|---|---|---|
| REST | Connect a REST API by uploading or pasting an OpenAPI (Swagger) specification. Agen for SaaS extracts endpoints and parameters automatically. | OpenAPI 3.0 JSON |
| GraphQL | Connect a GraphQL API by uploading or pasting a GraphQL schema. Queries, mutations, and types are extracted automatically. | GraphQL SDL |
| MCP server | Connect a remote MCP server by providing its URL. Tools are discovered through the MCP protocol. | MCP URL |
Each source has a name, an API base URL, connected tools, and an enabled/disabled toggle. When you add a REST or GraphQL source, click Generate tools to automatically create tools from your API specification.
A Tool represents a single API operation that an AI agent can invoke through Agen for SaaS.
Each tool has:
- Tool name — A unique identifier (e.g.,
Create_a_new_expense,Get_receipt_by_ID). - Tool description — A human-readable explanation of what the tool does (up to 2,000 characters). This description is what AI agents use to understand the tool's purpose.
- Tool API — The HTTP method (GET, POST, PUT, DELETE) and path (e.g.,
/api/receipts/{id}). - Source name — Which source the tool belongs to (e.g.,
default,Frontegg). - Enable toggle — Tools can be individually enabled or disabled without deletion.
Tools are auto-generated when you add a source, but you can edit any tool's name, description, method, and path after creation. You can also delete tools that are no longer needed.
Agen for SaaS authenticates every request that passes through the MCP Gateway. Two authentication providers are supported:
| Provider | Description |
|---|---|
| Frontegg | Uses Frontegg as the identity provider. An authorization server federation URL is auto-generated (e.g., your-id.frontegg.com). |
| Open ID | Connect any OIDC-compliant identity provider (Auth0, Cognito, Firebase, Keycloak, Azure AD) using standard OAuth 2.0 credentials. |
You can optionally configure a custom domain for your authentication endpoint through a two-step wizard (add domain, then configure DNS records).
Access control defines who can invoke which tools by mapping tools to JWT attributes.
Each access control rule (called a mapping) consists of:
- Mapping name — A descriptive label (e.g., "Admin only: Delete_expense").
- Tools — One or more tools this rule applies to.
- Mapping type — Either Map to roles (RBAC) or Map to permissions (ABAC). This choice is permanent and cannot be changed after creation.
- Map to roles — Restricts tool access to users with specific roles (e.g., "Read Only", "Admin").
- Map to permissions — Restricts tool access to users with specific permissions (e.g., "Read event categories").
Access control rules are evaluated against the JWT claims in every incoming request. If a user lacks the required role or permission, the tool call is blocked.
Policies define conditional rules that control what happens when an AI agent calls a tool. Each policy evaluates request attributes and triggers an action.
A policy consists of:
- Name and description — Identify the policy's purpose.
- Policy tools — Which tools the policy applies to.
- Policy attributes — Conditional expressions using the format: IF
[Attribute][Operator][Value](e.g., IFIPContains192.168). Multiple conditions can be combined with + and. - Policy action — The enforcement action when conditions match:
| Action | Behavior |
|---|---|
| Deny | The tool call is blocked. |
| Step up | The user must provide additional authentication before proceeding. |
| Request approval | The tool call is paused and routed to a configured approval flow for human review. |
Policies can be toggled on/off, filtered by action type, and targeted at specific tools. Each policy shows its type (Global or tool-specific), action, and targeting expression in the list view.
When a policy triggers a Request approval action, an Approval flow defines who reviews and approves the request.
Creating an approval flow is a four-step process:
- General settings — Set the flow name, description, and activation status.
- Channel configuration — Enable notification channels:
- Email — Send approval requests to approvers' email addresses.
- SMS — Send short approval requests as text messages.
- Approval management — Define the approval sequence using a visual flow builder:
- Add approval steps with approvers defined by role or email address.
- Set the required minimum number of approvers for each step.
- Steps are executed sequentially (Start flow → Step 1 → Step 2 → ... → End flow).
- Advanced settings — Fine-tune behavior:
- Auto-approve timeout — Automatically approve requests that remain pending beyond a specified time.
- Send reminder — Nudge approvers if a request stays pending.
- Notify requester on decision — Inform the requester when their request is approved or rejected.
- CC traditional recipients — Send copies of all approval decisions to additional stakeholders.
Data protection policies mask sensitive information in tool responses to maintain compliance with regulations like GDPR, HIPAA, and CCPA.
Each data protection policy defines:
- Policy name and description — Identify the policy's purpose.
- Data types to protect — Select from categorized sensitive data types:
- PHI — Protected Health Information (39 types including Medicare numbers, health IDs, insurance numbers).
- PII — Personally Identifiable Information.
- GDPR — EU data protection categories.
- Additional compliance categories (PCI, CCPA, COPPA).
- Policy tools — Which tools this masking applies to.
- Policy targeting — Conditional expressions that determine when masking is applied (e.g., IF
CountryInUnited States).
Data protection policies have a status toggle and can be activated or deactivated at any time.
Hooks allow you to execute custom JavaScript code when specific MCP events occur. There are two hook types:
| Hook type | Trigger |
|---|---|
| Call tool | Executes when an AI agent invokes a tool. |
| List tools | Executes when an AI agent requests the list of available tools. |
Each hook includes:
- Body — A JavaScript code editor with a default template. The
onEvent(eventData)function receives the event details and returns averdict('allow'or'deny') along with an optionalresponseobject. - Settings — Configure the fail methodology (e.g., "Fail Open" to allow requests when the hook fails) and timeout (default: 5 seconds).
- Test button — Validate your hook logic before activation.
- Activate/Inactivate toggle — Control whether the hook is active.
Hooks enable advanced use cases like custom validation, request transformation, dynamic tool filtering, and external service integration.
The Configuration tab manages your MCP server's basic settings:
Basic configuration:
- Server name — The display name for your MCP server (e.g., "Expense Management App").
- MCP Gateway URL — The auto-generated endpoint (e.g.,
your-id.mcp-gw.frontegg.com). Read-only, with a copy button. - Custom domain — Optionally map a custom domain to your MCP Gateway through a two-step DNS configuration wizard.
Allowed origins:
- Controls which origins can access your Agen for SaaS app, enforced by the
Originheader. - Pre-populated with
{{APP_URL}}and{{LOGIN_URL}}. - Add additional origins as needed. Changes take up to 5 minutes to take effect.
- Controls which origins can access your Agen for SaaS app, enforced by the
All actions within Agen for SaaS are logged for transparency and compliance. The monitoring system records:
- Which user or AI agent invoked which tool.
- When the request occurred.
- Which policies, access control rules, or approvals were triggered.
- The full request and response payloads.
Logs can be viewed in the dashboard, streamed to third-party platforms (Datadog, Splunk, AWS EventBridge), and filtered by time, tool, user, or action.
| Layer | Role |
|---|---|
| AI agent | The customer's AI platform (ChatGPT, Claude, Gemini) initiates a tool call. |
| MCP Gateway | Receives the request and routes it through the governance pipeline. |
| → Authentication | Validates the request's identity token. |
| → Access control | Checks whether the user's roles/permissions allow the tool call. |
| → Policies | Evaluates conditional rules and applies deny, step-up, or approval actions. |
| → Approval flows | Routes requests to human reviewers when required by a policy. |
| → Data protection | Masks sensitive fields in the response before returning to the agent. |
| → Hooks | Executes custom JavaScript logic at call-time or list-time. |
| → Monitoring | Logs the entire interaction for audit and compliance. |
| Your SaaS APIs (Tools) | The underlying REST, GraphQL, or MCP endpoints that perform the business action. |