Skip to main content

Entra ID Auth for ChatGPT MCP Servers with Datawiza Agent Gateway

About 10 min

Enable Microsoft Entra ID Authentication for ChatGPT MCP Servers

Overview

This tutorial shows how to add Microsoft Entra ID (formerly Azure AD) authentication to an existing MCP server using Datawiza Agent Gateway — without modifying the server itself.

Datawiza Agent Gateway sits in front of your MCP server, handles the Microsoft Entra ID login flow, validates the user, enforces access policy, and forwards only authenticated MCP traffic to the backend. Your MCP server stays focused on its tools and never needs to implement enterprise OAuth.

Architecture

Architecture diagram — Datawiza Agent Gateway between ChatGPT and the internal MCP server

MCP over HTTP supports authorization at the transport layer. Protected MCP servers can require OAuth-style bearer tokens before granting access to tools. Since authorization is optional in the MCP spec, many internal servers skip it entirely — which is exactly where a gateway pattern adds value.

What You Will Build

By the end of this tutorial you will have a Datawiza-protected public endpoint sitting in front of your existing internal MCP server:

https://crm-mcp.company.com/mcp     ← protected endpoint ChatGPT connects to
http://internal-crm-mcp:3000/mcp    ← your existing MCP server (stays internal)

ChatGPT connects only to the protected endpoint. The internal MCP server is unreachable from outside your network.

The examples throughout this tutorial use a sample internal CRM server as the backend. This is illustrative — you will substitute your own MCP server. The sample server exposes three tools:

ToolDescription
get_customer_profileRetrieve a customer's profile by ID
list_customer_ordersList recent orders for a customer
create_support_ticketOpen a support ticket on behalf of a customer

Why This Pattern Matters

Many MCP servers are easy to build but do not include enterprise-grade authentication. This is risky when tools expose CRM records, orders, tickets, finance data, or internal APIs.

With Datawiza Agent Gateway, responsibilities stay separate:

  • MCP server developers build business tools.
  • Identity teams manage authentication and access policy.
  • ChatGPT users authenticate with Microsoft Entra ID before any tool is available.

Prerequisites

  • A Microsoft Entra ID tenant
  • Permission to create Entra app registrations (this tutorial registers two: a resource app and a client app)
  • A Datawiza Agent Gateway Console (DAGC)open in new window account
  • A Linux host reachable from the internet on port 443 to run the gateway container
  • Docker and Docker Compose installed on the gateway host (the setup script in Step 2.5 can install these for you)
  • A public hostname for the protected MCP endpoint
  • A TLS certificate from a trusted CA for that hostname
  • An existing MCP server accessible on your internal network
  • A ChatGPT Plus, Pro, Business, or Enterprise plan with custom MCP connectors available (some plans gate this behind a Developer mode setting — see Step 3)

Step 1: Register Apps in Microsoft Entra ID

MCP authorization needs two separate app registrations:

  • A resource app that represents the protected MCP server itself — it exposes the API and the scope ChatGPT requests.
  • A client app that represents ChatGPT — it's what a user actually signs into, and it holds the redirect URI and requests the resource app's scope on the user's behalf.

Keeping them separate is standard OAuth practice: the resource app is never involved in a browser redirect, and the client app never defines API scopes.

1.1 Register the Resource App

  1. In the Azure portalopen in new window, go to Microsoft Entra ID > App registrations.

  2. Click New registration and fill in:

    FieldValue
    NameDatawiza CRM MCP Gateway
    Supported account typesSingle tenant
    Redirect URILeave blank — this app never signs in a user directly

    Microsoft Entra ID — New registration form

  3. Configure the Application ID URI to match the protected MCP endpoint. ChatGPT requests the MCP server's URL as the resource, and Entra ID rejects the request with AADSTS9010010 if that resource doesn't match the scope it's paired with — and a scope is only ever valid for the resource identified by its Application ID URI. So the Application ID URI cannot stay as the default api://<client-id>; it must equal your protected endpoint:

    1. Go to Expose an API.
    2. Next to Application ID URI, click Add, clear the default value, and enter your protected MCP endpoint instead, e.g. https://crm-mcp.company.com/mcp.
    3. Click Save. Microsoft Entra ID — Expose an API page showing the Application ID URI set to the protected MCP endpoint

    Verified custom domain required

    A custom https:// Application ID URI must be under a domain verified for your Entra tenant (Entra ID > Custom domain names). If crm-mcp.company.com isn't verified yet, add and verify it first — Entra rejects unverified domains.

  4. Add a delegated scope so ChatGPT can request access on behalf of the signed-in user. A custom Application ID URI has no scopes by default, and the authorization code flow needs one to issue a token with the right audience:

    1. Still on Expose an API, click Add a scope.

    2. Fill in:

      FieldValue
      Scope nameaccess
      Who can consentAdmins and users
      Admin consent display nameAccess CRM MCP Gateway
      Admin consent descriptionAllows ChatGPT to access the CRM MCP Gateway on behalf of the signed-in user.
      StateEnabled
    3. Click Add scope.

    This creates the scope https://crm-mcp.company.com/mcp/access. Microsoft Entra ID — Expose an API page showing the access delegated scope

1.2 Register the Client App

This is the app ChatGPT actually signs users into.

  1. Click New registration again and fill in:

    FieldValue
    NameChatGPT CRM MCP Client
    Supported account typesSingle tenant
    Redirect URILeave blank for now

    ChatGPT's custom connector form lets you register your own OAuth client, and doesn't require a client secret — so it authenticates as a public client using authorization code + PKCE rather than a confidential client. You'll register its redirect URI under the Mobile and desktop applications platform in Step 3.1 — that platform is built for public clients and doesn't require a secret, unlike Web.

    Redirect URI is unique per connector, not fixed

    ChatGPT doesn't use one shared redirect URI across all custom connectors. Each connector gets its own callback URL (e.g. https://chatgpt.com/connector/oauth/S2tqhGpwDpxd), generated when you configure OAuth for that connector in Step 3.1. That's why the Redirect URI is left blank here — you'll come back and add the connector-specific value once ChatGPT generates it.

  2. After the app is created, copy these values — you'll need the Tenant ID in Step 2 and the Client ID in Step 3:

    ValueWhere to find it
    Tenant IDOverview page
    Client IDOverview page

    Microsoft Entra ID — Overview page showing Tenant ID and Client ID

  3. Grant this client app permission to request the resource app's scope:

    1. Go to API permissions > Add a permission > My APIs.
    2. Select the resource app (Datawiza CRM MCP Gateway) from Step 1.1.
    3. Choose Delegated permissions, check access, then click Add permissions.
    4. Click Grant admin consent for <tenant> so users aren't individually prompted to consent, if your organization's policy allows it.

Step 2: Configure Datawiza Agent Gateway

2.1 Sign in and click Getting Started

Log into Datawiza Agent Gateway Console (DAGC)open in new window and click the Getting Started button on the home page.

Datawiza Agent Gateway Console home page with Getting Started button

2.2 Name your Deployment

The Getting Started wizard opens at Step 1 of 4 — Deployment Name.

  1. Enter a Name for the deployment (e.g., CRM MCP Gateway).
  2. Click Next.

Getting Started wizard Step 1 — enter a deployment name

2.3 Add a Service

Step 2 of 4 — Service defines the public-facing MCP endpoint that ChatGPT connects to.

FieldValue
NameCRM MCP Service
Base (Load Balancer) URLYour public gateway URL, e.g. https://crm-mcp.company.com
SSLEnable — check Enable SSL and use datawiza self-signed certificate
Listen Port443
Authentication MethodEntra ID Access Token
Issuerhttps://sts.windows.net/<tenant-id>/
Audiencehttps://crm-mcp.company.com/mcp (the resource app's Application ID URI from Step 1.1)
Authorization Serverhttps://login.microsoftonline.com/<tenant-id>/v2.0 (optional — fill it in only when it differs from the Issuer, as it does here)

Click Next.

Why the Issuer isn't a v2.0 URL

The resource app registered in Step 1.1 defaults to issuing v1.0 access tokens — its manifest's requestedAccessTokenVersion is null unless you explicitly set it to 2. v1.0 tokens carry the issuer https://sts.windows.net/<tenant-id>/, not the v2.0-style https://login.microsoftonline.com/<tenant-id>/v2.0. Authorization Server is unrelated to the iss claim check — it's the v2.0 metadata endpoint DAGC uses to fetch Entra ID's signing keys and validate the token's signature.

ChatGPT rejects self-signed certificates

The wizard only offers the Datawiza self-signed certificate, and ChatGPT rejects it. After deploying in Step 2.5, replace it with a trusted CA certificate — see Step 2.6.

Getting Started wizard Step 2 — Service form showing Name, Base URL, SSL, and Listen Port fieldsGetting Started wizard Step 2 — Service form showing Entra ID Access Token authentication fields for Issuer, Audience, and Authorization Server

2.4 Add a Backend

Step 3 of 4 — Backend points the gateway at your existing internal MCP server.

FieldValue
NameInternal CRM MCP
TypeMCP
Backend Servershttp://internal-crm-mcp:3000
Auth typeNo Auth

Click Create.

Getting Started wizard Step 3 — configure the internal MCP server as the backend

2.5 Deploy the Gateway

Step 4 of 4 — Deploy shows your provisioning credentials and the startup commands.

  1. Note the Provisioning Key and Provisioning Secret shown at the top.

  2. Run the two commands on your gateway host:

    # Install Docker and pull the Datawiza Agent Gateway image
    curl https://datawiza.s3.us-west-2.amazonaws.com/datawiza-dag-env-prep.sh | sh
    
    # Start Datawiza Agent Gateway
    curl -s https://datawiza.s3.us-west-2.amazonaws.com/datawiza-dag-docker-compose-prep.sh \
      | bash -s -- -k <PROVISIONING_KEY> -s <PROVISIONING_SECRET> -p 443 \
      && sudo docker compose up -d
    
  3. Click Done.

Getting Started wizard Step 4 — provisioning keys and deploy commands

The gateway pulls its full configuration from DAGC automatically.

2.6 Replace the Self-Signed Certificate

The service is currently using the Datawiza self-signed certificate from Step 2.3. Before connecting ChatGPT, replace it with a certificate from a trusted CA by following SSL Certificates in Datawiza Agent Gateway: go to Services in DAGC, open this service's Advanced tab, click Edit, then Update Certificate to upload your PEM-format certificate and private key.

Step 3: Add the Protected MCP Endpoint to ChatGPT

ChatGPT's connector setup lets you register your own OAuth client and pass in the Entra client's Client ID directly.

Developer mode may be required

Some ChatGPT plans and workspace configurations gate custom MCP connectors behind a Developer mode setting. If you don't see a way to create a custom connector, check your account or workspace settings for a Developer mode toggle — its exact location varies by plan and has changed over time, so check OpenAI's help centeropen in new window if it isn't where you expect.

ChatGPT desktop app

If you use the ChatGPT desktop app, complete this connector setup in the ChatGPT web version first — it isn't available from the desktop app's own settings.

3.1 Create the Connector

  1. Go to Apps in your ChatGPT workspace or account settings, and click Create.

  2. Fill in:

    FieldValue
    NameInternal CRM MCP
    ConnectionServer URL
    MCP Server URLhttps://crm-mcp.company.com/mcp
    AuthenticationOAuth
  3. Expand Advanced OAuth settings and set Registration method to User-Defined OAuth Client. This tells ChatGPT to use your own Entra app registration instead of attempting Dynamic Client Registration (DCR) or a Client Identifier Metadata Document (CIMD) — Datawiza Agent Gateway's protected endpoint doesn't advertise support for either.

  4. Copy the Callback URL shown in this panel (e.g. https://chatgpt.com/connector/oauth/S2tqhGpwDpxd) — ChatGPT generates it specifically for this connector.

    ChatGPT — Create connector form with Advanced OAuth settings expanded, showing the generated Callback URL

  5. Register that callback URL in Entra before continuing:

    1. In the Azure portal, open ChatGPT CRM MCP Client > Authentication.
    2. Click Add a platform > Mobile and desktop applications, paste the callback URL under Redirect URIs, and click Configure (or, if that platform already exists, click Add URI under it instead).
    3. Click Save.
  6. Back in ChatGPT, finish the Client registration panel:

    FieldValue
    OAuth Client IDThe Client ID of ChatGPT CRM MCP Client from Step 1.2
    OAuth Client SecretLeave blank — this is a public client
  7. Click Create.

On a ChatGPT Business or Enterprise workspace, a workspace admin also needs to publish the connector — from its detail page in the Apps admin console — before it's available to use. Publishing rolls it out to the whole organization, so individual users don't need to configure it themselves.

Step 4: Verify Unauthenticated Access Is Blocked

Before testing with ChatGPT, confirm the gateway is rejecting unauthenticated requests:

curl -ik https://crm-mcp.company.com/mcp

Expected response:

HTTP/1.1 401 Unauthorized

This confirms that Datawiza is intercepting traffic and no unauthenticated request can reach the backend MCP server.

Step 5: Sign In with Microsoft Entra ID

When you finish creating the connector, ChatGPT immediately starts the Entra ID sign-in flow using the Client ID you entered. Datawiza validates the resulting access token on every request.

  1. ChatGPT opens a browser popup prompting you to authenticate.

    ChatGPT prompting the user to sign in before the connector is created

  2. The popup redirects to the Microsoft Entra ID login page. Sign in with your enterprise account.

    Microsoft Entra ID login page

  3. After a successful sign-in, Entra ID redirects back to the connector's callback URL you registered in Step 3.1 (e.g. https://chatgpt.com/connector/oauth/S2tqhGpwDpxd). ChatGPT stores the access token and attaches it as a bearer token to each MCP request. Datawiza validates the token — checking the issuer and the MCP endpoint audience — before forwarding the request to the backend.

  4. ChatGPT shows the connector as Connected, and its tools become available to attach in a chat.

    ChatGPT showing the connector as connected after sign-in

Once connected, ChatGPT can call MCP tools for the duration of the session. An expired or missing token returns 401 Unauthorized and triggers a new login prompt the next time the connector is used.

Step 6: Call MCP Tools from ChatGPT

With the MCP server connected, attach it to a chat and test tools to confirm end-to-end authentication is working.

  1. Start a new chat in ChatGPT.
  2. Click the + icon next to the message box, select More, and choose the Internal CRM MCP connector.

Get a customer profile

In ChatGPT, type:

Use the Internal CRM MCP connector to get the profile for customer c001.

ChatGPT calls get_customer_profile and shows the result.

ChatGPT calling get_customer_profile and displaying the result

List customer orders

In ChatGPT, type:

List recent orders for c001.

ChatGPT calls list_customer_orders and displays the order history.

ChatGPT calling list_customer_orders and displaying the result

Step 7: Verify Datawiza Logs and Audit Records

In DAGC, open the logs for your deployment and confirm the following events appear:

  • User login event with the authenticated user's email
  • Microsoft Entra ID authentication success
  • Request allowed or denied based on policy
  • Request forwarded to the backend MCP server
  • MCP tool call recorded with user context

This confirms that Datawiza is acting as the authentication, identity, and policy enforcement layer for all ChatGPT-to-MCP traffic.

Summary

Your MCP server stays simple — it exposes tools for ChatGPT without implementing enterprise OAuth. Datawiza Agent Gateway becomes the front door: it handles Microsoft Entra ID login, validates tokens, enforces access policy, and forwards only authenticated traffic to the backend.

This separation of concerns means MCP server developers can focus on building useful tools, while identity and access control remain owned by the teams responsible for them. The same pattern applies to any internal MCP server — CRM, HR, finance, ticketing, or internal APIs — without changing a line of server code.

ChatGPT users get a seamless experience: they authenticate once with their enterprise Entra ID credentials, and all MCP tools become available for the session. Unauthenticated or unauthorized requests never reach the backend.