Skip to main content
If you’re an individual user running mpcjungle locally or for personal use (most likely in development mode), you can skip this section entirely. The Governance model is useful for organizations running mcpjungle in a shared environment in the enterprise mode. In enterprise mode, organizations want:
  • Authenticated access to MCPs
  • MCP clients must be created explicitly
  • Each client’s access to MCPs is controlled through allow-lists
  • Human users are separated from machine identities

Development mode versus enterprise mode

CapabilityDevelopment modeEnterprise mode
Gateway authenticationDisabledRequired
MCP client access controlOpen access to registered serversExplicit allow-list per client
User accountsNot neededSupported
OpenTelemetry metricsDisabled by defaultEnabled by default
Server initializationAutomaticManual initialization by an Administrator

Governance model

Mcpjungle uses three main identity and access concepts in enterprise mode.

Administrator

Admin initializes the server, register MCP servers, creates mcp clients, creates users, and manages platform configuration.

MCP clients

MCP clients are machine identities for your AI clients (agents, CLIs like claude code, IDEs like Cursor, or custom mcp clients). Each client gets:
  • an access token
  • an allow-list of upstream MCP servers it may access

Users

Users are human identities for people who need authenticated access to Mcpjungle. They have a narrower permission set than admins.

Typical enterprise flow

1

Start Mcpjungle in enterprise mode

Deploy the gateway in enterprise mode and connect it to PostgreSQL.
2

Initialize the server

Run mcpjungle init-server once to create the initial admin identity.
3

Register MCP servers

Add the upstream servers you want the gateway to expose.
4

Create MCP clients

Create one machine identity per client or workflow and grant access only to the servers that client should reach.
5

Create users when needed

Create standard users for human operators who need authenticated visibility into Mcpjungle.

Why this matters

For a shared deployment, a serious product needs more than just a gateway endpoint. It needs a control boundary:
  • which client can reach which server
  • which humans can operate the system
  • how tokens are issued and rotated
  • how usage can be observed centrally
That is what enterprise mode is for.

Next steps

Upstream authentication

Configure bearer tokens and custom headers for Mcpjungle’s upstream server connections.

Access control

Create MCP clients and define exactly which servers they can access.

Clients and users

Manage machine identities and human accounts cleanly.

Production deployment

Run Mcpjungle with the expected enterprise operating model.