Skip to main content

User MCP Policy

The User MCP Policy controls whether end users can connect their own personal MCP servers to Willow, separate from the MCP servers your organization manages centrally.

What User MCP Policy controls

By default, only admins can add MCP servers to Willow. The User MCP Policy lets you extend that ability to end users, either fully or with an approval gate before personal servers go live.

This setting applies org-wide. It does not affect admin-managed MCP servers, which are always available to assigned users regardless of this policy.

Policy options

OptionWhat users can do
NoneUsers cannot add personal MCP servers. Only admin-managed servers are available.
Needs ApprovalUsers can submit a request to connect a personal MCP server. An admin must approve before it becomes active.
AllowUsers can connect personal MCP servers immediately, without admin approval.

Set the policy

  1. Go to Admin → Settings
  2. Expand End-User Settings
  3. Next to User MCP Policy, select Change
  4. Select None, Needs Approval, or Allow
  5. Click Apply

The setting takes effect immediately. Existing approved personal MCP servers are not affected when you change the policy.

How approval requests work (Needs Approval)

When the policy is set to Needs Approval:

  1. A user navigates to their MCP settings and adds a new personal MCP server
  2. The server appears as Pending in their view; it is saved but not yet active
  3. An admin reviews and approves or denies the pending request

Considerations

  • Allow is convenient for teams that trust users to manage their own tooling, but gives admins less visibility into what external MCP servers are in use.
  • Needs Approval balances user autonomy with oversight, useful for security-conscious organizations.
  • None is appropriate when you want full centralized control of all MCP server access.

Personal MCP servers added by users are subject to the same guard policies and logging as admin-managed servers.