Back to MCP section

Connect CISO Adapt to Claude Desktop

Last updated: 3 June 2026

Use Claude to query and act on your GRC workspace governance, risk, compliance, policies, and more with the same permissions as the CISO Adapt web app.

Requirements

  • Claude Desktop on macOS or Windows
  • An active CISO Adapt account
  • An MCP API Key from CISO Adapt → Settings → Integrations → MCP
  • For manual setup: Node.js (for the npx / mcp-remote option only)

MCP Server URL

Your MCP endpoint is the CISO Adapt backend URL with /mcp appended:

https://backend.dev.cisoadapt.ai/mcp

Use this value wherever the setup asks for MCP Server URL. Production environments should use HTTPS.

Get your MCP API Key

  1. Sign in to CISO Adapt.
  2. Open API Tokens.
  3. Create or copy your MCP API key (format: mcp_…).
  4. Use it as a Bearer token: Authorization: Bearer mcp_your_api_key_here

Treat your MCP API key like a password. Never commit it to source control or share it in public channels.

Method 1 - Extension bundle (recommended)

The fastest way to connect is the pre-built cisoadapt.mcpb extension for Claude Desktop.

  1. Download cisoadapt.mcpb using the button below (or from the landing page MCP section).
  2. Double-click the file to install in Claude Desktop, or use Settings → Extensions → Install Extension…
  3. When prompted, enter your MCP Server URL and MCP API Key (see below).
  4. Restart Claude Desktop if the extension does not connect immediately.
  5. Try asking Claude: “Give me an executive summary of our risk posture.”

When the extension prompts you, enter the MCP Server URL and MCP API Key from the sections above.

Method 2 - Manual claude_desktop_config.json

Advanced users can register the server directly in Claude Desktop's config file. Merge one of the blocks below into the existing mcpServers object - replace the placeholder API key with your real key from Settings → Integrations → MCP.

Config file location

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

Option A - Direct HTTP URL

Use this when Claude Desktop supports remote MCP over HTTP with custom headers (typical for hosted HTTPS endpoints).

claude_desktop_config.json
{
  "mcpServers": {
    "cisoadapt": {
      "url": "https://backend.dev.cisoadapt.ai/mcp",
      "headers": {
        "Authorization": "Bearer mcp_your_api_key_here"
      }
    }
  }
}

Option B - mcp-remote via npx

Use this when you need a stdio bridge to a remote MCP server - common for local development or when direct HTTP transport is unavailable. The mcp-remote package proxies Claude Desktop to your HTTP MCP endpoint. For HTTPS production URLs, --allow-http is omitted; add it manually only if you point at an HTTP endpoint.

claude_desktop_config.json
{
  "mcpServers": {
    "cisoadapt": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://backend.dev.cisoadapt.ai/mcp",
        "--header",
        "Authorization:${CISOADAPT_MCP_AUTH}"
      ],
      "env": {
        "CISOADAPT_MCP_AUTH": "Bearer mcp_your_api_key_here"
      }
    }
  }
}

After editing the config, fully quit and reopen Claude Desktop. Confirm the CISO Adapt server appears in Claude's MCP / connectors list.

Verify the connection

  1. Restart Claude Desktop after installing the extension or editing the config.
  2. Check that cisoadapt appears as a connected MCP server.
  3. Start a new chat and confirm tools from CISO Adapt are available.

Example prompts

  • Give me an executive summary of our risk posture.
  • What compliance frameworks are we tracking and where are the biggest gaps?
  • Summarise our open policies that need review this quarter.
  • List high-severity risks assigned to my team.

Troubleshooting

Unauthorized or 401 errors
Confirm the Authorization header is exactly Bearer mcp_… (including the Bearer prefix). Regenerate the key in CISO Adapt if needed.
Server does not appear in Claude
Validate JSON syntax in claude_desktop_config.json, ensure Node.js is installed for the npx option, and restart Claude Desktop completely.
Local HTTP / connection refused
Ensure the CISO Adapt backend is running and reachable at your MCP Server URL. For HTTP localhost setups, use Option B with --allow-http.
Download fails
Retry the download button above. If the problem persists, contact your CISO Adapt administrator - the extension bundle is served from your organisation's backend.