Agen for SaaS enables SaaS companies to make their products AI-native by securely exposing product capabilities to AI platforms and agents such as ChatGPT, Claude, Gemini, and custom agents. Your customers can interact with your product through natural language and autonomous agents while you retain full security, governance, and observability.
Agen for SaaS implements a managed MCP (Model Context Protocol) Gateway that sits in front of your APIs and tools, enforcing authentication, authorization, guardrails, data protection, and auditing on every agent-initiated action.
The Agen for SaaS control plane provides a visual pipeline view of your entire MCP server configuration. From top to bottom, the pipeline shows:
- Your MCP Gateway — A unique gateway endpoint (e.g.,
your-id.mcp-gw.frontegg.com) that AI agents connect to. A status indicator confirms whether the MCP server is running and ready to handle requests. - Authentication — The identity verification layer that validates every incoming request using your chosen auth provider (Frontegg or any OpenID Connect provider).
- Guardrails — The governance layer comprising five modules that enforce security policies on every tool call:
- Access control — Role-based and attribute-based restrictions on who can invoke which tools.
- Data protection — Masking and redaction of sensitive data (PII, PHI, PCI) in tool responses.
- Policies — Conditional rules that deny, step up, or require approval for specific actions.
- Approval flows — Human-in-the-loop review workflows for sensitive operations.
- Hooks — Custom JavaScript code that executes on tool call and tool listing events.
- Sources — The external APIs and services connected to your MCP server (REST, GraphQL, or MCP server sources).
- Tools — The individual API endpoints extracted from your sources that AI agents can discover and invoke.
Each component in the pipeline displays a green (active) or gray (not configured) status indicator so you can see your configuration state at a glance.
| Capability | Description |
|---|---|
| Sources | Connect REST (OpenAPI), GraphQL, or remote MCP servers as data sources. Tools are auto-generated from your API specifications. |
| Tool management | Enable, disable, edit, and delete individual tools. Each tool maps to an API endpoint with a specific HTTP method and path. |
| Access control (RBAC/ABAC) | Map tools to roles or permissions using JWT attributes. Control which users can invoke which tools. |
| Policies and guardrails | Conditional rules that deny, step up authentication, or request approval based on request attributes like IP, amount, or country. |
| Approval flows | Multi-step approval workflows with configurable approvers (by role or email), notification channels (email/SMS), and advanced settings like auto-approve timeouts and reminders. |
| Data protection | Mask sensitive information (PII, PHI, PCI) in tool responses based on compliance requirements and conditional targeting rules. |
| Hooks | Custom JavaScript functions that execute on Call tool or List tools events, enabling custom logic and transformations. |
| Monitoring and auditing | End-to-end event trails for tool calls, policy decisions, approvals, and configuration changes. |
| Authentication | Frontegg or OpenID Connect providers with federation URL and optional custom domain. |
| Configuration | Server name, MCP Gateway URL, custom domain, and allowed origins management. |
- Multi-tenant by design — Clean separation of tenants with claims-aware access and per-tenant policy control.
- Bring your auth — Use Frontegg or any OIDC-compliant provider. Your existing JWTs drive access control and entitlements.
- Least-privilege for agents — Fine-grained tool-level access with conditional policies ensure agents only do what they should.
- Separation of duties — Approval flows and audit logs enforce human oversight for sensitive operations.
- Quickstart — Set up your MCP server, import tools, and configure authentication in minutes.
- Connect to AI platforms — Link your MCP gateway to ChatGPT, Claude, or Gemini.
Continue with Quickstart.