Corporate Environment Guide

Security just put a hold on your team’s AI coding tools. Until you can prove they authenticate through corporate SSO, leave an audit trail, and never exfiltrate source through an unapproved endpoint, nobody ships with them. You have a week. This guide is the playbook for getting Cursor, Claude Code, and Codex past that review and into real enterprise workflows, using Model Context Protocol (MCP) servers as the secure bridge to Jira, GitHub, Azure, and Slack.

What You’ll Walk Away With

• A working MCP setup that authenticates through your existing identity provider via OAuth 2.1, configured the same way in Cursor, Claude Code, and Codex
• Copy-paste prompts for the three workflows that justify the rollout: production incident response, a compliance/security audit chain, and an incident post-mortem
• Corporate proxy configuration that works for all three tools without leaking traffic
• A When This Breaks section covering the failures security actually asks about: data exposure, proxy/TLS interception, and legacy-system integration

Why MCP Is the Right Bridge for Enterprise

You’re mid-incident: error rates are spiking, and you need Azure logs, a Jira ticket, a Confluence runbook update, and a Slack heads-up. Without integration that’s five browser tabs and a lost train of thought. MCP servers let the agent orchestrate all of it from your IDE or terminal.

MCP matters in a corporate setting for one reason above features: it inherits your existing permission model instead of inventing a new one. An MCP server connects with your OAuth identity, so the agent can only touch what you can already touch, and every action is attributable to your account in the audit log. That is the sentence that gets security to sign off.

All three tools speak MCP. The server definitions are portable; only the config file location differs.

Authentication & SSO

Okta, Auth0, and Keycloak bridge your identity provider into MCP. The agent authenticates with corporate credentials over OAuth 2.1 + PKCE and inherits your existing roles and group memberships.

Project Management

Atlassian’s remote MCP server gives OAuth-secured access to Jira and Confluence. Create tickets, update runbooks, and query sprint status without a context switch.

Cloud Infrastructure

Azure and GitHub MCP servers bring DevOps into the loop: query logs, inspect CI runs, open PRs, and check deployment status through natural-language commands.

Monitoring & Quality

Sentry and SonarQube MCP servers wire observability and code quality into the workflow. Pull error context, triage hotspots, and check quality gates inline.

Setting Up Enterprise MCP Authentication

The MCP authorization spec mandates OAuth 2.1 with PKCE (SHA-256) for HTTP servers, so corporate SSO is a first-class citizen, not a workaround. The setup below uses the official Auth0 MCP server as the example; the same config shape applies to any server.

MCP server definitions are identical in substance across all three tools, an mcpServers block keyed by server name. Only the file location and the add command differ:

Cursor

Cursor reads MCP servers from .cursor/mcp.json in the project (or ~/.cursor/mcp.json globally). Add the Auth0 server:

.cursor/mcp.json

{
  "mcpServers": {
    "auth0": {
      "command": "npx",
      "args": ["-y", "@auth0/auth0-mcp-server", "run"]
    }
  }
}

On first use Cursor launches the OAuth flow in your browser; you authenticate with corporate credentials and inherit your Auth0 permissions.

Claude Code

Claude Code stores project servers in .mcp.json (commit it to share with the team). Add the local stdio server with one command:

claude mcp add auth0 -- npx -y @auth0/auth0-mcp-server run

The first prompt that touches Auth0 triggers the device-authorization flow against your tenant.

Codex

Codex stores MCP servers in ~/.codex/config.toml under a [mcp_servers.<name>] table:

~/.codex/config.toml

[mcp_servers.auth0]
command = "npx"
args = ["-y", "@auth0/auth0-mcp-server", "run"]

Codex authenticates on first use the same way. Note the underscore: it’s mcp_servers in TOML, not mcpServers.

For a remote, OAuth-native server such as Atlassian’s, you skip the local process entirely and point the tool at the HTTPS endpoint:

Cursor

.cursor/mcp.json

{
  "mcpServers": {
    "atlassian": {
      "url": "https://mcp.atlassian.com/v1/mcp"
    }
  }
}

Claude Code

claude mcp add --transport http atlassian https://mcp.atlassian.com/v1/mcp

Codex

~/.codex/config.toml

[mcp_servers.atlassian]
url = "https://mcp.atlassian.com/v1/mcp"

Note

Centralize on one Authorization Server (your existing IdP) for every MCP deployment. One control point for access policy, audit logging, and credential lifecycle is far easier to defend in a security review than per-tool credential stores.

The Workflow: Three Scenarios That Justify the Rollout

These are the demos that get a pilot approved. Each is tool-agnostic, the prompt is what matters, and it pastes into Cursor’s chat, the claude REPL, or codex interchangeably.

Scenario 1: Production Incident Response

You’re on-call, error rates just jumped, and the clock is running. Chain the work instead of tab-hopping.

1. Investigate — query your logs through the Azure (or your cloud’s) MCP server, which runs the KQL and returns formatted results inline.
2. File the incident — the Atlassian MCP server opens a labeled, assigned Jira ticket with the log summary attached.
3. Update the runbook — Confluence updates happen in the same session, no separate tab.
4. Notify the team — the Slack MCP server posts to your incident channel while you stay on the fix.

Tip

Copy-paste prompt for incident response (paste into Cursor, Claude Code, or Codex):

You are my on-call incident assistant. Execute these steps in order and stop for my confirmation before any write:

1. Query Azure Monitor logs for ERROR and WARN entries in the payment-service over the last 60 minutes; group by error type and show the top 5 with counts.
2. Draft a high-priority Jira incident in the PLAT project titled “Payment service elevated error rate”, body = the grouped log summary, and assign it to the current on-call. Show me the draft, then create it on my go.
3. Append a timestamped entry to the “Payment Service Runbook” Confluence page linking the Jira ticket.
4. Post a status message to the #platform-incidents Slack channel with the ticket link. Keep it to three sentences.

Scenario 2: Compliance and Security Audit

Security wants a quarterly pass over the main repositories. Turn a day of manual work into a single chain.

Tip

Copy-paste prompt for a security-audit chain:

Run our quarterly security audit and produce a single report:

1. Use the SonarQube MCP server to scan the api-gateway and auth-service projects. List every BLOCKER and CRITICAL issue with its OWASP category, file, and line.
2. For each CRITICAL issue, propose a concrete fix as a diff, do not apply it.
3. Create one Jira security task per CRITICAL issue in the SEC project, each linking back to the SonarQube finding and assigned to the component owner from CODEOWNERS.
4. Summarize pass/fail against our quality gate at the top of the report.

The agent reads only what your OAuth identity can see, and each Jira task it opens is attributed to you, exactly what the audit is meant to confirm.

Scenario 3: Incident Post-Mortem

The fire is out; now reconstruct what happened. This is where pulling four systems together saves the most time.

Tip

Copy-paste prompt for an incident post-mortem:

Build a post-mortem for incident INC-4521. Gather, then draft:

1. Pull the Jira ticket details and its full comment timeline.
2. Query Sentry for the error volume and affected releases during the incident window (use the timeline from step 1 to set the range).
3. List the GitHub commits and PRs merged to main in the 24 hours before the incident started.
4. Search Confluence for prior post-mortems with similar symptoms and link the two closest matches.
5. Draft a blameless post-mortem: timeline, impact, root cause, contributing factors, and three concrete action items with suggested owners.

Starter Pack: Essential Enterprise MCP Servers

Your initial four. Each card shows why it earns a slot and how to add it.

Microsoft Learn Docs MCP

Why: Grounds the agent in current Microsoft docs, essential for .NET and Azure work where training data goes stale.

Add it (remote HTTP, identical across tools — Claude Code shown):

claude mcp add --transport http mslearn https://learn.microsoft.com/api/mcp

Sample prompt: “Review this C# code against current .NET best practices from Microsoft Learn.”

GitHub MCP Server

Why: PR workflows, Actions monitoring, and issue triage. Use the official remote server with OAuth — the old @modelcontextprotocol/server-github npm package is deprecated.

Add it (OAuth on first use):

claude mcp add --transport http github https://api.githubcopilot.com/mcp/

Sample prompt: “Show me all failing CI runs this week and open issues for the broken tests.”

Atlassian Remote MCP

Why: OAuth-secured Jira and Confluence with zero local setup.

Add it:

claude mcp add --transport http atlassian https://mcp.atlassian.com/v1/mcp

Sample prompt: “Summarize all bugs fixed in the current sprint and update our release-notes page.”

Azure MCP Server

Why: One server, many Azure connectors (Monitor, PostgreSQL, SQL, Cosmos DB) behind natural language.

Add it (local stdio):

claude mcp add azure -- npx -y @azure/mcp@latest server start

Sample prompt: “Query Log Analytics for authentication failures and flag any publicly accessible storage accounts.”

Note

Prefer a remote OAuth server over a local stdio one when the vendor offers it. Remote servers handle auth through your IdP and remove the supply-chain question of an npm package running on every developer’s machine — a point security will raise.

MCP vs. Skills for enterprise augmentation

Not every capability needs a persistent server. Agent Skills are lighter-weight, single-purpose augmentations installed with one universal CLI from vercel-labs/skills:

npx skills add vercel-labs/agent-skills

The trade-off: reach for a skill when you want a focused, shareable behavior (a code-review checklist, a deployment runbook) that needs no live connection; reach for an MCP server when you need a persistent, authenticated link to a system of record like Jira or Azure. Skills work across Claude Code, Cursor, and Codex from the same install.

Corporate Proxy Configuration

Most enterprises route external traffic through a proxy. All three tools honor the standard HTTPS_PROXY / HTTP_PROXY / NO_PROXY environment variables, so the setup is identical, set them in the shell that launches the tool:

export HTTPS_PROXY=http://corporate-proxy:8080
export HTTP_PROXY=http://corporate-proxy:8080
export NO_PROXY=localhost,127.0.0.1,.internal.company.com

Cursor (an Electron app) inherits these when launched from a terminal with them set; Claude Code and Codex read them directly. If your proxy performs TLS interception, point Node at your corporate root CA so certificate validation still passes:

export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/corporate-root-ca.pem

Caution

When chaining several MCP operations in one prompt, watch the context budget. A 10-step audit that pulls full log dumps into context can blow past limits and start truncating. Have the agent summarize between steps, or split a heavy chain into two focused prompts.

When This Breaks

”Security is worried about data exposure”

The most common blocker, and the one MCP answers well:

1. Permissions are inherited, not granted. The agent acts as you through OAuth; it cannot read a Jira project or repo you can’t already see.
2. OAuth 2.1 + PKCE, no stored passwords. The MCP authorization spec mandates it for HTTP servers; credentials never live in prompts or config.
3. Every action is attributable. MCP calls run under your identity and land in the same audit logs as your manual actions.
4. Turn off training retention. Confirm your AI provider’s zero-retention / no-training setting (Anthropic, OpenAI, and Google all offer this on business tiers) and document it for the review.

”Our proxy intercepts TLS and connections fail”

Symptom: MCP servers and model calls fail with UNABLE_TO_GET_ISSUER_CERT_LOCALLY or self-signed certificate in certificate chain. Cause: the proxy re-signs TLS with a corporate CA that Node doesn’t trust. Fix: set NODE_EXTRA_CA_CERTS to your corporate root CA bundle (above). Never disable certificate validation with NODE_TLS_REJECT_UNAUTHORIZED=0 — that defeats the interception your security team relies on and will fail the review.

”We need to integrate a legacy or proprietary system”

No off-the-shelf server exists for your internal API? Build a thin MCP server. The official SDKs are attribute/decorator-driven, you expose a method, not subclass a base class. In C# with the official ModelContextProtocol NuGet package:

[McpServerToolType]
public static class LegacyOrderTools
{
    [McpServerTool, Description("Look up an order in the legacy ERP by ID.")]
    public static string GetOrder(string orderId) =>
        LegacyErpClient.FetchOrder(orderId); // wrap your existing API
}

// Program.cs — register and serve over stdio
builder.Services
    .AddMcpServer()
    .WithStdioServerTransport()
    .WithToolsFromAssembly();

For SOAP or other legacy protocols, have the agent draft a REST facade first, then wrap that:

Tip

Copy-paste prompt for modernizing a legacy service:

Help me put an MCP-friendly facade over our legacy SOAP order service:

1. Read the WSDL at ./contracts/order-service.wsdl and list every operation with its inputs and outputs.
2. Generate a minimal REST wrapper (one endpoint per operation) in our standard Express + TypeScript style, with input validation and structured error responses.
3. Write a thin MCP tool definition that calls each REST endpoint.
4. Add health checks for both the legacy SOAP backend and the new REST layer so we can monitor the migration.

Rolling It Out: Start Low-Risk, Then Scale

Lead with read-only operations so the first weeks generate trust, not incidents:

1. Weeks 1–2: Documentation search (Microsoft Learn, Confluence) — read-only, zero blast radius.
2. Weeks 3–4: Monitoring and logs (Azure Monitor, Sentry) — still read-only.
3. Weeks 5–6: Issue-tracking queries (Jira, GitHub) — reads first, then supervised writes.
4. Weeks 7–8: Automated ticket creation and updates, gated behind confirmation prompts.
5. Month 3+: Broader workflow automation once governance and audit are proven.

Codify access in a policy file your team can review and version:

team-mcp-policy.md

## Approved MCP servers
- Microsoft Learn (read-only docs): all developers
- GitHub MCP: all developers
- Atlassian MCP: team leads and above
- Azure MCP: DevOps team only
- Auth0 MCP: security-team approval required

## Usage guidelines
- Authenticate through corporate SSO only
- No production credentials in prompts
- Confirmation required before any infrastructure write
- AI-generated code is reviewed before merge

Note

Build the business case with your own baseline, not borrowed numbers. As a sketch: if a developer saves a few hours a week of context-switching at a loaded cost of roughly $100/hour, even modest savings across a 50-person team add up quickly — but measure cycle time before and after the pilot rather than quoting a headline multiple. Track time-to-PR-merge, manual compliance checks per month, and time-to-find-an-answer; those three move visibly when MCP removes tab-hopping.

What’s Next

• Security & Compliance with MCP — OAuth flows, audit trails, and data governance in depth
• Large Codebase Navigation — strategies for million-line repositories
• Cost Optimization Strategies — manage AI spend while keeping value high
• Microservices Development — MCP patterns for distributed systems
• Database Development Patterns — natural-language SQL with security guardrails

Enterprise AI adoption isn’t about replacing developers; it’s about removing the tab-hopping between the systems they already use. MCP gives Cursor, Claude Code, and Codex a secure, permission-inheriting bridge to that ecosystem. Start read-only, attribute every action, measure your own baseline, and scale what the numbers justify.