Skip to main content

Introduction & Setup

DataGrail's agentic capabilities can be used with external AI tools like Claude, Cursor, ChatGPT and others using our Model Context Protocol (MCP) server. MCP is an open standard that allows AI-powered tools to securely interact with external data sources. By connecting an MCP-compatible client to your DataGrail environment, you can use Vera's privacy tools directly from your preferred development or productivity tool.

Administrator Setup Required

External MCP access must be enabled by your organization's administrator before you can connect. If you receive an error when trying to authorize, ask your admin to enable external MCP access in Settings > MCP Tool Access. If this setting is not available, your organization may not have access to this feature. For product availability, reach out to your DataGrail account manager.

DataGrail MCP Data Exposure to AI Clients

DataGrail MCP will return sensitive information that should not be provided to AI clients that you don't trust or may be training their models on your data. This is similar to use of the DataGrail API to connect to internal systems. Your organization should be aware of this and only use the MCP server with providers that meet your criteria for data handling and retention.

Why use the DataGrail MCP?

If you are orchestrating several parts of your privacy program using other AI tools, DataGrail can easily fit into your workflow using our MCP. An MCP provides the right context other AI tools and agents need to process DataGrail inforamtion for other uses. Here are a couple of examples:

  1. Custom reports sent to your internal dashboards: You may have an overall privacy dashboard that can be enriched with DataGrail context. You can develop an agent that using the Vera MCP to collect information to then send to an internal dashboarding tool of your choosing, like Tableau.
  2. Unified customer context: You may have an internal tool built to monitor the health of your customer base, and you may want to enrich this tool with the knowledge of any privacy requests your users have made. You can use the Vera MCP to collect any privacy requests from a specific user and pass them along to your internal user dashboard.

As DataGrail develops more capabilities, we will enable them for secure access to AI tools and agents that will expand on these use cases over time. Keep following our changelog for more updates.

Your MCP Endpoint

Each DataGrail organization has a unique MCP endpoint based on your subdomain:

https://<your-subdomain>.datagrail.io/api/v2/mcp

For example, if your organization's DataGrail URL is https://acme.datagrail.io, your MCP endpoint is:

https://acme.datagrail.io/api/v2/mcp

You will use this URL when configuring your MCP client.

Authorization Flow

When you connect an MCP client to DataGrail for the first time, you will be guided through an OAuth authorization flow:

  1. Your MCP client initiates a connection to your DataGrail MCP endpoint.
  2. A browser window opens displaying the DataGrail authorization screen.
  3. You sign in with your DataGrail credentials (if not already signed in).
  4. The consent screen shows which tools the client is requesting access to. Review the list and select which tools you want to authorize.
  5. Select Authorize to grant access.
  6. The browser confirms the connection and you can return to your MCP client.

After authorization, your client can interact with Vera using the tools you approved. The connection persists until you or your administrator revokes it — you do not need to re-authorize periodically.

Tool Selection

During authorization, you can choose which specific tools to grant access to. Only authorize the tools you need — you can always re-authorize later to add more.

Security

External MCP connections are secured with the same protections as the DataGrail web interface:

  • OAuth 2.0 with PKCE: Industry-standard authorization with proof key exchange — your credentials are never shared with the MCP client.
  • Permission inheritance: Vera can only access data that your DataGrail user account has permission to view based on both your role and additional controls managed within the MCP Tool Access page.
  • Tenant isolation: All data access is scoped to your organization. It is architecturally impossible for Vera to access another organization's data.
  • Audit logging: Every tool invocation through your MCP connection is fully logged for compliance and review.
  • Revocable access: You or your administrator can revoke access at any time, immediately terminating the connection.

Connecting Claude Code (CLI)

Claude Code is Anthropic's command-line tool for interacting with Claude. It supports MCP connections natively.

To connect Claude Code to your DataGrail environment, run the following command in your terminal:

claude mcp add --transport http datagrail https://<your-subdomain>.datagrail.io/api/v2/mcp

For example:

claude mcp add --transport http datagrail https://acme.datagrail.io/api/v2/mcp

A browser window will open to complete the OAuth authorization flow. Once authorized, Vera's tools will be available in your Claude Code sessions.

Connecting Claude Desktop

Claude Desktop is Anthropic's desktop application. To add a DataGrail MCP connection:

  1. Open Claude Desktop and navigate to Settings (gear icon).
  2. Select the Integrations tab.
  3. Click Add Integration and then Custom MCP.
  4. Enter a name (e.g., "DataGrail") and paste your MCP endpoint URL: 
    https://<your-subdomain>.datagrail.io/api/v2/mcp
  5. Click Connect. A browser window will open for OAuth authorization.
  6. Sign in to DataGrail, review the requested tool access, and click Authorize.
  7. Return to Claude Desktop — the connection should now show as active.

Once connected, you can ask Claude questions that leverage Vera's tools, such as reviewing privacy request trends, checking integration health, or getting guidance on compliance topics.

Connecting Cursor

Cursor is an AI-powered code editor that supports MCP connections for extended tool access.

  1. Open Cursor and navigate to Settings > MCP.
  2. Click Add new MCP server.
  3. Select HTTP as the transport type.
  4. Enter a name (e.g., "DataGrail") and paste your MCP endpoint URL: 
    https://<your-subdomain>.datagrail.io/api/v2/mcp
  5. Click Save. A browser window will open for OAuth authorization.
  6. Sign in to DataGrail, review the requested tool access, and click Authorize.
  7. Return to Cursor — the MCP connection will now appear in your list of servers.

Vera's tools will be available to Cursor's AI assistant when composing code, writing documentation, or analyzing privacy-related workflows.

Connecting Windsurf

Windsurf is an AI-powered IDE that supports MCP for external tool integration.

  1. Open Windsurf and navigate to Settings > MCP.
  2. Click Add Server.
  3. Select HTTP Streamable as the transport.
  4. Enter a name (e.g., "DataGrail") and your MCP endpoint URL: 
    https://<your-subdomain>.datagrail.io/api/v2/mcp
  5. Click Save. A browser window will open for OAuth authorization.
  6. Sign in to DataGrail, review the requested tool access, and click Authorize.
  7. Return to Windsurf — the connection should now be active.

Connecting OpenAI Codex

OpenAI Codex is OpenAI's software engineering agent. It supports MCP connections for integrating external tools.

  1. Open the Codex interface and navigate to Settings.
  2. Under MCP Servers, click Add Server.
  3. Enter a name (e.g., "DataGrail") and select HTTP as the transport type.
  4. Paste your MCP endpoint URL: 
    https://<your-subdomain>.datagrail.io/api/v2/mcp
  5. Click Connect. A browser window will open for OAuth authorization.
  6. Sign in to DataGrail, review the requested tool access, and click Authorize.
  7. Return to Codex — the MCP server should now appear as connected.

Troubleshooting

"External Access Disabled" error during authorization

Your organization's administrator has disabled external MCP access. Contact your DataGrail administrator and ask them to enable it in Settings > MCP Tool Access.

Authorization succeeds but no tools are available

Your administrator may have restricted the tools available to your account. Contact your DataGrail administrator to review your tool access in the MCP Tool Access settings.

Connection was working but suddenly stopped

Your administrator may have revoked external MCP access or restricted your individual access. If the issue persists, try disconnecting and re-authorizing your MCP client.

"Too many registrations" error

Your organization has reached the maximum number of registered MCP clients. Contact your DataGrail administrator to review and clean up unused client registrations.

Privacy & Support

For details on how your data is handled when using external MCP connections, review our Privacy Policy.

For questions or assistance with the Vera MCP, contact support@datagrail.io.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.