Deploy Anthropic MCP Tunnels

Connect Claude to your internal tools without exposing your network. Stacklok is the enterprise-ready management layer that makes Anthropic MCP Tunnels production-ready.

Anthropic MCP Tunnels is the first step, but enterprises face additional challenges

Anthropic MCP Tunnels enables your infrastructure to reach outward to Anthropic rather than the other way around. But the tunnel is a transport mechanism, not a complete deployment. Enterprises in regulated industries face a second layer of challenges the tunnel does not address:

Access Control

The tunnel connects Anthropic to your network. It does not decide which employees can access which tools, or enforce policy at the tool level. Without a governance layer, every user sees every tool.

Identity

Without identity federation, MCP deployments default to hardcoded credentials and shared service accounts. Audit trails show a token, not a person. Revoking access when someone leaves is a manual, error-prone process.

Observability

When AI agents make tool calls through the tunnel, that activity is invisible unless you have instrumented the MCP layer. In regulated industries, an unlogged tool call is a compliance gap.

You need an enterprise management layer on your side of the tunnel to move from proof of concept to production deployment.

Stacklok is the essential client-side piece

Stacklok sits on your side of the tunnel and handles everything the tunnel does not: which tools are available to which teams, who is allowed to call them, and a complete record of every call made. The tunnel connects Anthropic to Stacklok, and Stacklok governs everything behind it.

One Config; Every Surface

Before Stacklok, MCP servers had to be configured separately for Claude Code, Claude Enterprise, and every other Anthropic product. With Stacklok connected via the Anthropic tunnel, every Anthropic surface automatically gets access to your centrally managed MCP servers.

No Shared Credentials

Stacklok integrates with your existing identity provider: Okta, Microsoft Entra ID, Google Workspace. Authenticate once through your IdP and that identity governs access to every MCP server, across every Anthropic surface, for every team member with no credential sprawl.

Segment Tools by Team

Stacklok’s Virtual MCP Server (vMCP) aggregates your MCP servers into segmented endpoints gated by identity group. Your engineering team sees engineering tools. Marketing sees marketing tools. The segmentation is enforced per request at the Stacklok layer.

How to go from pilot to production deployment

We’ve distilled the path into four high-impact steps.

1

Establish your governance layer

  • Deploy Stacklok as the management layer on the customer side of your tunnel connection.
  • Connect your enterprise identity provider: Okta, Microsoft Entra ID, or Google Workspace OIDC.

Stacklok Advantage

Stacklok’s embedded authorization server handles OIDC and OAuth 2.0 natively. Identity integration is a configuration step, not a development project.

2

Register and isolate your MCP servers

  • Define which MCP servers your teams need: GitHub, Slack, Jira, internal APIs, databases.
  • Assign each server a minimal permission profile controlling network egress and filesystem access.

Stacklok Advantage

Every MCP server in Stacklok runs in an isolated container. Network access is scoped to the specific hosts each server needs. A compromised or misbehaving server cannot reach systems it was never meant to access.

3

Segment tool access by team

  • Create Virtual MCP Server (vMCP) endpoints that aggregate the right tools for each team or role.
  • Gate each endpoint using the identity groups already defined in your IdP.

Stacklok Advantage

A user whose identity token does not include the required group claim receives an authentication failure at the Stacklok layer, before the request reaches any MCP server. 

4

Connect and monitor

  • Deploy the Anthropic tunnel endpoint pointed at your Stacklok vMCP endpoints.
  • Enable OpenTelemetry and audit logging before any team goes live.

Stacklok Advantage

Stacklok exports structured OpenTelemetry metrics and JSON audit logs compatible with Splunk, Datadog, New Relic, and Elastic. 

Best practices for enterprise tunnel deployment

Do

  • Wire in your identity provider before any team connects a real MCP server to a real Anthropic surface.
  • Scope each MCP server’s permissions to the minimum access required for its function.
  • Instrument request volume, authentication failures, and tool call metadata before go-live, not after an incident.

Don’t

  • Treat the tunnel as your access control layer. The tunnel handles transport. Governance is a separate concern.
  • Allow all users to access all tools from a single shared endpoint. Segment by team from day one.
  • Deploy without audit logging in regulated environments. An unlogged tool call is a compliance gap.

Stacklok enablement path

We help you go from tunnel connected to production-ready fast.

One-Click Client Connectivity: Once Stacklok is connected via the Anthropic tunnel, every Anthropic surface — Claude Code, Claude Enterprise, and agentic products — gets access to your centrally managed tools automatically.

Architecture Advisory: Design your identity federation, tool segmentation, and network isolation strategy before deployment.

Implementation Support: Configure vMCP endpoints, connect your IdP, and integrate with your existing observability stack.

Kubernetes Deployment: Deploy the full Stacklok stack as a Kubernetes Operator with GitOps-compatible Helm charts for teams that need a production-grade, self-hosted runtime.