Connect your AI assistant to InStaff
This is the InStaff MCP server — it lets an AI assistant (Claude, ChatGPT, Gemini, or your own app) act on your InStaff account on your behalf: list deployments, search staff, update events, and more. Pick your client below.
https://mcp.instaff.jobs/mcpBefore you start
- Authentication is OAuth — "Connect InStaff". You will log in and approve access in your browser; your client then receives a token scoped to your manager account. Nothing to paste by hand.
- You need a
client_idfrom InStaff. Ask your InStaff representative to provision an OAuth client for your tool (it is a public client — no secret). For command-line tools, also tell them the callback URLhttp://localhost:8080/callbackso it can be registered. - Transport is Streamable HTTP. Hosted clients (Claude.ai, ChatGPT, the Gemini app) additionally need this server reachable over public HTTPS.
Claude Code Verified
Anthropic's CLI. Native remote MCP with the OAuth "Connect" flow on first use.
- Get a
client_idfrom InStaff (with callbackhttp://localhost:8080/callbackregistered). - Add the server — the
--callback-portmust match the registered callback:
claude mcp add --transport http instaff https://mcp.instaff.jobs/mcp \
--client-id <your client_id> --callback-port 8080 -s user
The first tool call opens your browser to log in & approve. -s user is required (otherwise it only registers for the current project). The callback runs on your machine, not on a server.
Claude Desktop via bridge
The Desktop app's native "Add custom connector" UI currently insists on dynamic registration, so use the mcp-remote bridge, which accepts a pre-issued client_id.
- Open the config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
- Add the server (replace the
client_id), then fully quit & relaunch Claude Desktop:
{
"mcpServers": {
"instaff": {
"command": "npx",
"args": [
"mcp-remote", "https://mcp.instaff.jobs/mcp",
"--static-oauth-client-metadata",
"{\"client_id\":\"<your client_id>\"}"
]
}
}
}
The native Settings → Connectors UI does not yet accept an admin-issued static client_id (it attempts dynamic registration first). The mcp-remote bridge above is the reliable path until that lands.
Claude.ai (web) OAuth · setup with InStaff
Custom connectors on claude.ai authenticate via OAuth. Add one under Settings → Connectors → Add custom connector and enter your MCP server URL.
| Requires | A Pro / Team / Enterprise plan, and this server on a public HTTPS URL (claude.ai cannot reach localhost). |
| Authentication | claude.ai registers itself dynamically by default; it does not accept a hand-typed static client_id. InStaff enables this for you via a Client ID Metadata Document so no manual credentials are needed. |
Connecting claude.ai requires a one-time setup on the InStaff side — please coordinate with your InStaff representative.
ChatGPT apps OAuth · public HTTPS
A custom connector added in ChatGPT's developer mode. ChatGPT accepts an InStaff-issued static client_id and secures it with PKCE, so no dynamic registration is needed.
- Get a
client_idfrom InStaff. - In ChatGPT: Settings → Apps & Connectors → Advanced settings, enable Developer mode.
- Settings → Apps & Connectors → Create: set a name and description, Connector URL =
https://mcp.instaff.jobs/mcp, choose OAuth and enter yourclient_id, then Create. - Open the connector and run a tool → log in & approve in your browser.
| Requires | A paid plan (Plus, Pro, Business, Enterprise, or Edu — not Free), this server on public HTTPS, and (on Business/Enterprise) connectors allowed by your workspace admin. |
| Transport | Streamable HTTP (supported). |
ChatGPT's connector UI has changed repeatedly; if the static client_id field isn't accepted, InStaff can enable the registration-free CIMD path instead. Confirm the exact steps with your InStaff representative.
Codex CLI OAuth
OpenAI's coding CLI. Connects to remote MCP over Streamable HTTP and logs in via OAuth (codex mcp login).
- Get a
client_idfrom InStaff. - Add the server, then log in:
codex mcp add instaff --url https://mcp.instaff.jobs/mcp --oauth-client-id <your client_id>
codex mcp login instaff
Requires a recent Codex version — static client_id + OAuth login are new (older versions were dynamic-registration-only and may need rmcp_client = true in config.toml). Codex can append a generated segment to its callback URL, so InStaff may need to register a flexible redirect or set a fixed callback — confirm with your InStaff representative.
Gemini CLI OAuth
Google's CLI. Connects to remote MCP over Streamable HTTP with a browser OAuth login. Configured by file (the gemini mcp add command has no OAuth flags).
- Get a
client_idfrom InStaff (with callbackhttp://localhost:7777/oauth/callbackregistered). - Add the server to
~/.gemini/settings.json— usehttpUrl(noturl) for Streamable HTTP:
{
"mcpServers": {
"instaff": {
"httpUrl": "https://mcp.instaff.jobs/mcp",
"oauth": {
"enabled": true,
"clientId": "<your client_id>",
"redirectUri": "http://localhost:7777/oauth/callback"
}
}
}
}
Run gemini and call an InStaff tool → the browser opens to log in & approve. Setting clientId makes the CLI skip dynamic registration; redirectUri pins the callback port (register the exact URL with InStaff, or omit it for a random port). The authorization & token URLs are auto-discovered.
Gemini connected app Gemini Enterprise · setup with InStaff
The consumer Gemini app (gemini.google.com) does not support custom MCP servers. Connecting one is a Gemini Enterprise (Google Agentspace) feature, configured by an admin in the Google Cloud console.
- Google Cloud console: Gemini Enterprise → Data stores → Create data store → Custom MCP Server.
- Enter the MCP Server URL (
https://mcp.instaff.jobs/mcp), the InStaff Authorization / Token URLs, the Client ID & Client Secret from InStaff, and the scopes; complete the OAuth login. - Enable the imported tools (each "action" is disabled by default).
| Requires | Gemini Enterprise (Standard / Plus / Frontline edition — not Business), the Discovery Engine Editor IAM role, and this server on public HTTPS. The feature is in Preview. |
| Transport | Streamable HTTP only (no SSE). |
| Note | Gemini Enterprise expects a confidential client (Client ID and Secret), unlike the public/no-secret client other tools use — InStaff issues a Gemini-specific client for this. |
Requires a Gemini-specific (confidential) OAuth client — please coordinate with your InStaff representative.
Custom / your own app OAuth 2.1
Any MCP client or your own code can connect. The server is a standard OAuth 2.1 Resource Server speaking Streamable HTTP.
| MCP endpoint | https://mcp.instaff.jobs/mcp — transport Streamable HTTP (POST, stateless; no SSE). |
| Discovery | An unauthenticated POST /mcp returns 401 with a WWW-Authenticate header pointing to the Protected Resource Metadata: https://mcp.instaff.jobs/.well-known/oauth-protected-resource |
| Auth flow | OAuth 2.1 authorization_code + PKCE (S256). Discover the Authorization Server from the metadata, run the flow with your InStaff-issued client_id (public client, no secret), and send the access token as Authorization: Bearer <token>. |
For local development you can skip OAuth: run the server with a DEV_TOKEN set and call https://mcp.instaff.jobs/mcp with no auth header.