Approval workflows for MCP servers on Okta

Do you need approval workflows for LLM calls that are authenticated with Okta?

Most teams let a developer’s Okta token travel straight to an MCP server. The token proves identity, the server trusts it, and the request executes immediately. In that model the request bypasses any gate that could verify whether the operation aligns with policy, and there is no record of who asked the model to generate a particular response. Sensitive prompts, customer data, proprietary code, or security‑related queries, can leave the organization without any audit trail.

Because the request reaches the MCP endpoint directly, the only control is the static permission granted to the Okta client. That permission is often broad: any user in a group can invoke the model, and the model can return raw output without any human check. The setup therefore fixes authentication (who is calling) but leaves the critical enforcement gap open. No approval step, no command‑level audit, and no way to block a risky prompt before it is processed.

Why approval workflows matter for LLM gateways

LLM gateways expose powerful generation capabilities. An unvetted prompt can cause data exfiltration, policy violations, or generate disallowed content. An approval workflow inserts a decision point where a designated reviewer can examine the prompt, confirm its legitimacy, and explicitly allow it to proceed. The workflow also creates a record that links the request to the approving individual, satisfying internal governance and external audit requirements.

Implementing such a workflow requires three distinct pieces:

• Setup: an Okta‑issued token that identifies the caller and conveys group membership.
• Data path: a proxy that can intercept the request, enforce policy, and trigger the approval step.
• Enforcement outcomes: the actual pause, reviewer interaction, and audit log that only exist when the proxy is present.

Placing the proxy in the data path

When the proxy sits between the Okta identity and the MCP server, it becomes the single place where every request can be examined. The proxy reads the token, validates the caller, and then checks the request against a policy that requires approval. If approval is needed, the proxy holds the request, not the MCP server, and forwards it only after a reviewer approves it. Because the proxy controls the traffic, it can also record the full session for replay, mask any sensitive fields in the response, and enforce a deny‑list of disallowed commands.

In this architecture, the proxy is the only component that can guarantee that an approval workflow is enforced. Removing the proxy would instantly eliminate the pause, the audit entry, and any masking, returning the system to the original uncontrolled state.

How hoop.dev implements the workflow for Okta‑authenticated MCP access

hoop.dev acts as that proxy. It verifies Okta tokens, extracts the caller’s groups, and then applies a configurable policy that can require human approval before forwarding a request to an MCP server. The approval step is built into the gateway’s request handling loop, so the request never reaches the model until the gate is opened.

When a request is blocked for approval, hoop.dev presents the prompt to a reviewer through a web UI or notification channel. The reviewer can approve, reject, or modify the request. Once approved, hoop.dev forwards the request, records the decision, and streams the model’s response back to the original caller. The entire exchange, identity, request, approval decision, and response, is stored as an audit record that can be replayed later for compliance checks.

Because hoop.dev retains the credential needed to talk to the MCP server, the original caller never sees the secret. The gateway also supports inline masking, so if the model returns a field that matches a masking rule (for example, credit‑card numbers), hoop.dev redacts it before it reaches the user.

Getting started

To add approval workflows to your Okta‑backed MCP integration, follow the high‑level steps in the getting‑started guide. The guide walks you through deploying the gateway, configuring Okta as the identity provider, and defining a policy that requires approval for specific LLM endpoints. Detailed feature documentation is available in the learn section, where you can see examples of approval policies and masking rules.

All of the configuration lives in declarative YAML files that the gateway reads at startup. The repository includes sample policies that you can copy and adapt to your organization’s risk appetite.

FAQ

What happens if a reviewer does not respond? hoop.dev can be configured with a timeout. After the timeout expires, the request is automatically denied and the attempt is logged.

Can I require approval only for certain prompts? Yes. Policies can match on request metadata, such as the target model, the presence of specific keywords, or the caller’s group membership.

Is the audit data stored securely? The gateway writes audit records to a storage backend you configure. Because hoop.dev never exposes the underlying credentials, the records can be used as evidence for compliance audits.

Explore the source code, contribute improvements, or file an issue on the GitHub repository.