Multi-Tenanted Authentication/Authorization

[grippstick]

Pre-submission Checklist

• I have checked that this question would not be more appropriate as an issue in a specific repository
• I have searched existing discussions and documentation for answers

Question Category

• Protocol Specification
• SDK Usage
• Server Implementation
• General Implementation
• Documentation
• Other

Your Question

I have a multi-tenanted[Partitioned by Firm] application and I am building an MCP Server for it.

Let's say there is one tool that searches and returns a list of Claim Names. It should only search and return the Names based on their active Firm.

Ideally I would like them to authenticate into a specific Firm and have the FirmID baked into the token, but I see no way to have them logout and then log back in to get a new token with a new firm.

Should I include a tool to get a list of all Available Firms, then include the FirmID as a parameter for all other tools?

Has anyone else dealt with a situation like this?