as part of agents weekCustomers can now manage models, MCPs and tools Databricks AI Gateway, Fully integrated with Unity Catalog. To provide real value, agents need to securely access external tools like GitHub, Glean, and Atlassian. AI Gateway makes this easy and secure, so teams can focus on building agents, not auth infrastructure.
In this post, we’ll learn how to connect an external MCP server and deploy an agent from end to end, so you can build context-aware agents that can reason and act on your data.
Problem: Authenticating to external MCP server
AI agents are only as powerful as the tools they have access to. Model Context Protocol (MCP) provides a universal way to find and interact with those devices, and at Databricks, enterprises already use it to connect agents to native and external MCPs.
Over and over again, customers tell us the same thing: Auth is the bottleneck. Each provider has its own OAuth app registration, its own client secret, its own token refresh logic. Secrets need to be roamed, permissions need to be audited, and there is no centralized way to track which agents are accessing what. What should be done in minutes takes weeks.
Solution: AI gateway for external connectivity
AI Gateway This is solved by giving teams a single, governed way to connect agents to external systems:
- Control external MCP server through Unity Catalog: Each external MCP server is registered in the Unity Catalog, making it discoverable and controlled like any other catalog object. Administrators can enforce granular permissions, with all activity captured in a centralized audit table. Teams can also install MCP servers from partners Databricks Marketplace.
- Access from user: Agents act on behalf of the end user, so User A’s agent only sees what User A is allowed to see. This means agents can securely access personal emails, private repos, and restricted documents without highly privileged service accounts. Administrators can further restrict what agents are allowed to do by broadening the scope of OAuth permissions per connection, such as limiting GitHub connections to read-only repo access.
- Simplify authentication for external systems: Managed OAuth flows simplify authentication, with no need to register OAuth apps or manage secrets per provider. Choose from the dropdown and Databricks handles the full authentication lifecycle server-side. Supported providers today include Glenn, GitHub, Atlassian (Jira and Confluence), Google Drive, and SharePoint, with more to come.
- Works on cloud and providers Whether you run Databricks on AWS, Azure, or GCP, the same administration and authentication experience with pre-configured support for third-party providers like GitHub, Glean, and Atlassian.
how it works
Let’s learn how to connect GitHub as an external MCP server and take it up to a deployed agent.
Step 1. Make the connection.
- navigate to AI Gateway → Register MCP Server -> External MCP
- Select your authentication mode: Per-User OAuth (Recommended – each user authenticates with his or her own identity) or shared principal (single identity for all users)
- choose GitHub From Provider dropdown
- Create. Databricks handles OAuth app registration, token exchange, and refresh behind the scenes.
Step 2. Test it. You can verify the connection in two ways. In ai playgroundSelect the model with the tool enabled, browse your external MCP connections, select GitHub, and ask “What are the open pull requests in repo X?”
or test directly code using the DatabricksMCPClient: :
Step 3. Deploy your agent. Once verified, deploy with agent bricks.
Step 4. Monitor and trace. Once your agent is live, mlflow tracing Provides you with an end-to-end overview: every request, every tool call, every MCP server interaction, with full inputs and outputs. Combine with Unity Catalog audit logs to see who accessed what, when, and through which agent.
get started
Don’t let authentication be the reason your agents can’t access the tools they need. Start building agents that reason and act on both internal and external data. Get started today.
