Give AI Agents Secure 2FA Access with Authn8 MCP Server

Published: December 7, 2025 8 min read Developer Tools

AI agents like Claude, Cursor, ChatGPT, and others are transforming how developers work. They're automating code reviews, managing deployments, running tests, and handling complex multi-step workflows. But there's a problem: these agents hit a wall the moment they encounter a service protected by two-factor authentication.

The current workarounds are all bad. Some teams disable 2FA on shared accounts (dangerous). Others manually paste codes when the AI asks (breaks the automation). And a few share TOTP secrets directly with AI agents (even worse from a security standpoint).

What teams actually need is a secure, auditable way to give AI agents access to 2FA codes without exposing secrets or sacrificing security. That's exactly what the Authn8 MCP Server provides.

What is MCP?

The Model Context Protocol (MCP) is an open standard developed by Anthropic that lets AI agents use external tools. Instead of being limited to conversation, AI agents can call specific functions, read data, and perform actions in external systems.

Think of MCP servers as plugins for AI. When you configure an MCP server, you're giving your AI agent new capabilities. There's a growing ecosystem of MCP servers for everything from database queries to file management to API integrations.

The Authn8 MCP Server adds one critical capability: secure access to your team's 2FA codes.

Introducing the Authn8 MCP Server

The @authn8/mcp-server package connects AI agents to your Authn8 account. Once configured, your AI can generate TOTP codes for any account you've authorized.

The server exposes three tools:

`list_accounts`

Returns all 2FA accounts accessible to the current token. The AI can see what accounts are available before requesting a specific code.

`get_otp`

Generates a time-based one-time password for a specific account. Supports lookup by account ID or partial name matching. Returns a fresh 6-digit code.

`whoami`

Shows information about the current token: which business it belongs to, what groups it can access, how many accounts are available, and when the token expires.

Critically, these tools are read-only. AI agents can generate codes, but they can't modify accounts, change settings, or access TOTP seeds. Every code generation is logged in Authn8's audit trail.

Security Model

Security is built into every layer of the Authn8 MCP integration.

Personal Access Tokens (PATs)

Authentication uses Personal Access Tokens created in your Authn8 dashboard. PATs are simpler than OAuth for automation use cases and give you fine-grained control over what each token can access.

Scoped Permissions

Each PAT can be limited to specific groups. Your AI agent only sees the 2FA accounts you explicitly grant access to. If you have 50 accounts but only want the AI to access staging environment credentials, create a group with just those accounts and scope the token accordingly.

Token Expiry

Set tokens to expire after a specific period. This is particularly useful for time-limited projects, contractor access, or rotating credentials on a schedule.

Instant Revocation

Revoke any token immediately from your Authn8 dashboard. The AI loses access instantly, without affecting other tokens or team members.

No Seed Exposure

The most important security property: AI agents never see your TOTP seeds. They receive generated codes, not the underlying secrets. Even if a token is compromised, the attacker can only generate codes while the token is valid. They can't extract seeds to generate codes independently forever.

For more on how 2FA sharing works with compliance requirements, see our resources guide.

Use Cases

CI/CD Pipelines

Automated deployments often need to authenticate to protected services. With the MCP server, your CI pipeline can request 2FA codes programmatically while maintaining a full audit trail of every access.

AI Coding Assistants

When Claude or Cursor needs to access staging environments, run authenticated API tests, or deploy to protected infrastructure, they can request the necessary 2FA codes without breaking the workflow.

Automated Testing

Integration tests against 2FA-protected APIs become straightforward. Your test suite can authenticate to services that require two-factor authentication without manual intervention.

DevOps Automation

Scripts that need to log into cloud consoles (AWS, GCP, Azure), container registries, or other protected infrastructure can now handle 2FA automatically.

Getting Started

Setting up the Authn8 MCP Server takes just a few minutes. There are two ways to connect: the NPM package (for local AI clients) or the SSE server (for remote/cloud-based agents).

Step 1: Set Up Authn8

If you don't have an account, sign up for Authn8. It's free for up to 3 users. Add the 2FA accounts you want to share with your AI agents.

Step 2: Generate a Personal Access Token

Go to Business Settings → API Tokens and create a new token. Scope it to the groups containing the accounts your AI should access. Set an appropriate expiry.

Step 3: Configure Your AI Client

Option A: NPM Package (Local Clients)

Best for Claude Desktop, Claude Code, Cursor, AntiGravity, and other local AI clients that support stdio transport.

Add this to your client's MCP configuration file:

Claude Desktop (macOS): ~/Library/Application Support/Claude/claude_desktop_config.json
Claude Desktop (Windows): %APPDATA%\Claude\claude_desktop_config.json
Claude Code: ~/.claude.json (macOS) or %USERPROFILE%\.claude.json (Windows)

{
  "mcpServers": {
    "authn8": {
      "command": "npx",
      "args": ["-y", "@authn8/mcp-server"],
      "env": {
        "AUTHN8_API_KEY": "pat_your_token_here"
      }
    }
  }
}

Option B: SSE Server (Remote/Cloud Clients)

Best for ChatGPT, remote agents, and AI clients that support Server-Sent Events (SSE) transport.

Configure your AI client with these settings:

Server URL: https://api.authn8.com/mcp/sse
Authorization Header: Bearer pat_your_token_here

The SSE server provides the same tools as the NPM package but runs on Authn8's infrastructure, making it ideal for cloud-based AI agents that can't run local processes.

Step 4: Start Using It

Restart your AI client (if using NPM) or reconnect (if using SSE). You can now ask it to generate 2FA codes for any account the token has access to. For example: "Get me the 2FA code for our AWS staging account."

Docker Option

For containerized environments, the MCP server is also available as a Docker image:

docker run -e AUTHN8_API_KEY=pat_xxx ghcr.io/authn8/mcp-server

How This Compares to Other Approaches

The Authn8 MCP Server fills a gap that other approaches can't address securely.

If you're used to sharing 2FA codes with your team via screenshots or shared authenticator apps, you know those methods don't work for AI agents. And unlike Google Authenticator or other consumer apps, Authn8 provides the audit logging and access control that automation use cases require.

Approach	Automation	Audit Trail	Revocable	Secrets Protected
Disable 2FA			N/A
Manual Code Entry
Share TOTP Secrets
Authn8 MCP Server

Ready to Give Your AI Agents Secure 2FA Access?

Get started with Authn8 today. Free for up to 3 users, no credit card required.

Get Started Free