MCP for customer teams
What Onboard MCP is, what features it exposes, and how CS and onboarding teams use it day to day.
Operational AI on live Onboard data
Connect Claude, Amazon Quick, Cursor, or other MCP clients once—then ask questions, run briefs, and draft updates against the same projects and customers your team already manages in Onboard.
Onboard MCP (Model Context Protocol) lets AI assistants work inside your onboarding and CS operations—not as a separate chatbot, but as a copilot that reads projects, tasks, KPIs, discussions, and customer context with the same permissions as your API key or signed-in user.
This page is for leaders, CS managers, and implementation teams deciding whether MCP fits your workflow. For setup steps, see MCP setup. For agent-by-agent patterns, see MCP use cases — AI agents.
What MCP is (in one minute)
MCP is an open standard for connecting AI tools to structured actions hosted by a vendor. Onboard hosts MCP at https://rest.onboard.io/mcp/… so desktop and web AI clients can:
- Discover intent-based tools (for example “summarize onboarding status for Acme”).
- Call those tools with natural language or structured arguments.
- Receive action-ready answers with IDs, confidence, and suggested next steps—not raw API dumps.
Your team keeps human checkpoints: write tools default to preview mode; customer emails are drafted, not sent; configuration changes require explicit approval.
What customers actually do with it
Teams that adopt MCP typically start with one narrow job, prove value in a week, then add focused agents—not one giant “do everything” assistant.
Morning stand-up without tab-hopping
A CSM or onboarding manager opens Claude, Amazon Quick, or Raycast and asks: “What projects need attention today?” The assistant calls list_active_projects, find_blocked_tasks, and summarize_onboarding_status—then returns a short brief with customer names, overdue work, and links. No manual export from dashboards.
Executive and QBR prep
Before a quarterly review, someone asks for KPI health and account risks for one customer. Tools like get_kpi_dashboard, get_customer_workspace_context, and identify_project_risks pull live metrics and delivery signals. The output is an outline (wins, risks, asks) that a human validates before the meeting.
Post-call follow-up in minutes
After a customer call, a rep pastes sanitized notes and asks the assistant to map action items to existing tasks—or propose new ones with owners and dates. recommend_next_steps, create_tasks (preview), and draft_customer_email accelerate follow-up; post_comment or post_project_update apply only after review (apply=true).
Launch week command center
During go-live, the team tracks dependencies across workstreams. get_project_context, find_blocked_tasks, and assign_owner help surface blockers for daily stand-ups. Leadership uses the same connection for a Friday Chief-of-Staff rollup across programs.
New customer setup (with discovery first)
Implementation teams use MCP during discovery interviews, then preview launches from templates: get_template_catalog, create_project_from_template (preview), create_tasks. Material configuration still goes through human approval—MCP reduces copy-paste and missed fields, not governance.
Risk and expansion radar
Mature programs add daily passes: a risk agent scans for churn and disengagement signals; an opportunity agent looks for expansion cues—both grounded in get_customer_workspace_context and meeting insights when configured. Humans own outreach; the agent recommends.
Features at a glance
| Capability | What it means for your team |
|---|---|
| Workflow tools | Intent-based actions—search customers, summarize status, list KPIs, find blockers, draft updates—without learning REST paths. |
| Preview-before-write | Creates, comments, and updates default to preview; set apply=true only when ready. |
| Hosted MCP (HTTP/SSE) | No server to run; connect remote clients to https://rest.onboard.io/mcp/sse. |
| API key or OAuth | Most desktops use an API key; Claude custom connectors can use OAuth per user (Connecting). |
| Same tenancy as REST | MCP respects your Onboard permissions; it does not bypass access control. |
| KPI dashboard access | get_kpi_dashboard mirrors the in-app KPI dashboard for AI-driven reviews. |
| Discussions & inbox | get_recent_inbox_messages and post_comment tie AI to customer threads (with human send approval). |
Advanced [API] tools | Power users and engineers can browse the full OpenAPI catalog and run_api_request when needed. |
| Prompts & resources | Built-in playbooks (weekly CSM summary, kickoff plan) and context schemas—full support on stdio; optional on hosted HTTP. |
Product language: customer-facing copy says Project; OpenAPI still uses tag Map for filters—assistants should say “project” to your team and customers.
How MCP compares to other integrations
| Approach | Best for |
|---|---|
| MCP + AI desktop | Daily copilots, briefs, drafting, ad hoc questions in natural language |
| REST API | Custom apps, ETL, deterministic automation you own end-to-end |
| Webhooks | Event-driven sync when something changes in Onboard |
| Zapier / iPaaS | No-code triggers and actions between systems (Integrations) |
Many customers use MCP alongside REST and webhooks: MCP for human-in-the-loop AI operations; APIs and iPaaS for production pipelines.
Typical rollout (what works)
- Pick one client — Claude Desktop, Amazon Quick, or Cursor are common starting points (full client list).
- One API key or OAuth connector — Admin creates a key under Integrations → API or registers Claude OAuth (security guide).
- One agent, one job — For example: daily onboarding brief only. Expand to review, reporting, or risk after the first workflow sticks.
- Human gates — Treat previews as drafts; confirm in Onboard before customer-visible sends.
Supported clients (examples)
- Claude Desktop — strongest default MCP UX; OAuth custom connectors.
- Amazon Quick — remote MCP with API token as Bearer.
- OpenAI Agent Builder — visual workflows with MCP tool node.
- Cursor, Raycast, Windsurf — power-user and engineering workflows.
See MCP desktop clients for the full matrix.
Security in plain terms
- MCP is only as safe as the credentials and clients you allow.
- Use least-privilege API keys, rotate on the same schedule as other production secrets, and review Security & permissions (MCP).
- Staging and production fail closed when hosted MCP auth is not configured—your admin must enable keys, OAuth, or bearer-as-token before routes are public.
Next steps
- Introduction to MCP — technical primer
- MCP setup — URLs and authentication
- MCP use cases — AI agents — Chief of Staff, onboarding, review, risk, and more
- AI workflow examples — copy-ready prompt patterns
- Connecting to Onboard MCP — OAuth Client ID, Inspector, production reference
For engineers maintaining the server: docs/api/mcp-architecture.md and docs/api/mcp-agent-tool-playbook.md in the onboard-rest-api repository.
How is this guide?