Kiteworks MCP Server Installation & Setup
The setup path depends on your deployment mode and the MCP client you're connecting to. This page covers the Claude Desktop Connector, Local STDIO setup for individual users, the one-time Admin Portal enablement, and Remote HTTPS deployment for administrators setting up a shared server.
Unlimited agent workflows, policy controls, and audit telemetry at no additional cost for the first 6 months. Kiteworks admins can activate it through the admin console.
| I want to… | Deployment mode | Go to |
|---|---|---|
| Enable Kiteworks MCP for my organization (required first step) | Admin Portal | Configure MCP in Admin Portal |
| Connect Kiteworks to Claude Desktop from the connector marketplace | Claude Desktop Connector | Claude Desktop Connector |
| Use Kiteworks from Claude Code or VS Code on my machine | Local STDIO | Local STDIO |
| Deploy a shared MCP server for my team or organization | Remote HTTPS | Remote HTTPS |
Configure MCP in Admin Portal
Start here. Kiteworks MCP is governed by a single fixed OAuth application managed from the Admin Portal console. Enabling it is the one required step before anyone can connect. Once it is on, users can start using the Claude Desktop Connector or any other local MCP installation.
Enable Kiteworks MCP
-
Log into the Kiteworks Admin Portal consoleSign in as an administrator.
-
Open the Kiteworks MCP settingsGo to Application Setup → Apps and Plugins and select the Kiteworks MCP tab. The fixed app is disabled by default.
-
Enable Kiteworks MCPToggle Kiteworks MCP to enabled and click Save. That's it — users can now start using the Claude Desktop Connector or other local MCP installations.
Optional configuration
The defaults work for most local deployments. Adjust these only if your environment requires it:
- Disable local MCP — turn off the local redirect if you want users to connect only through an MCP server deployed on a remote server.
- Add the remote callback URL — if you run a remote MCP server, add its callback (redirect) URL so the fixed app can complete the OAuth flow for remote clients.
- Configure scopes — adjust the OAuth scopes granted to the fixed app to widen or narrow what connected AI clients can do. Note that currently only the scopes selected by default map to supported functionality in the Kiteworks MCP Server.
Claude Desktop Connector
The quickest way to connect Kiteworks to Claude Desktop. The Kiteworks MCP Server is now available directly in the Claude Desktop connector marketplace — you no longer need to download a binary and upload it manually. The full install, permissions, and configuration walkthrough lives on its own page.
Claude Desktop Connector
Install from the marketplace · Configure permissions · Manage the connection
Download the Binary
For Local STDIO deployments (Claude Code and VS Code), native binaries for Windows, Linux, and macOS are available from the Kiteworks MCP GitHub repository. Always download the latest release to ensure you have current security patches.
Kiteworks MCP — GitHub Releases
Binaries for Windows, Linux, and macOS · Source code · Changelog
Local STDIO — Claude Code & VS Code
The Local STDIO binary runs on your machine and gives AI agents a direct data channel for uploading and downloading files — capabilities not available in Remote HTTPS mode. Install it once and register it with your MCP client.
Claude Code
Register the binary as an MCP server using the claude mcp add command.
Replace /path/to/kiteworks-mcp with the actual path to the downloaded binary
and https://your.kiteworks.domain with your instance URL.
claude mcp add --transport stdio kiteworks \
/path/to/kiteworks-mcp start https://your.kiteworks.domain
claude mcp add --transport stdio kiteworks ^
C:\Path\To\kiteworks-mcp.exe start https://your.kiteworks.domain
Start Claude Code and type /mcp, then select kiteworks and authenticate in your browser when prompted.
Optional flags
Append these after the start command as needed:
| Flag | Effect |
|---|---|
--insecure-absolute-paths | Allow file operations on absolute paths (e.g. /home/user/docs/file.txt). By default, only relative paths are permitted. |
--enable-destructive-tools | Enable move and delete operations. Disabled by default as a safety measure. |
--ca-cert /path/to/ca_chain.pem | Trust a custom CA certificate. Required if your Kiteworks instance uses a self-signed or private CA certificate. |
--insecure-absolute-paths
allows access to any path on the file system — use with caution in shared or
multi-user environments.
Visual Studio Code
Add Kiteworks as an MCP server in your VS Code settings. See the VS Code MCP Servers Guide ↗ for full documentation. A minimal configuration looks like this:
{
"mcpServers": {
"kiteworks": {
"command": "/path/to/kiteworks-mcp",
"args": [
"start",
"https://your.kiteworks.domain"
]
}
}
}
Add optional flags (e.g. --enable-destructive-tools, --ca-cert) to the args array as needed.
Remote HTTPS Server
The Remote HTTPS server runs as a centralized service that multiple users connect to via their MCP clients. Deployment is a multi-step process — creating the directory structure, generating cryptographic secrets, placing TLS certificates, writing the environment configuration, and setting up a reverse proxy. The full, up-to-date instructions live in the Kiteworks MCP GitHub repository.
Remote HTTPS Deployment Guide
Directory setup · Secret generation · Docker Compose · systemd · Reverse proxy config
Security Notes
A few behaviors worth knowing before going to production:
- Credentials are never exposed to the LLM. OAuth tokens are stored in your operating system's encrypted keychain or credential store — not in the AI context window.
- File content is not automatically shared with the LLM. In Local STDIO mode, binary files are transferred without entering the LLM context. Text files can be loaded into context explicitly.
- TLS certificate validation is enforced. The MCP Server validates the TLS certificate of your Kiteworks instance and will abort if it cannot be verified. Use
--ca-certto supply a custom CA chain for self-signed or private CA certificates. - FIPS 140-3 mode can be enabled by setting
GODEBUG=fips140=onlyas an environment variable before starting the server.
Next Steps
With the server installed and connected:
- Claude Desktop Connector → Install and use the Kiteworks connector in Claude Desktop
- Kiteworks Marketplace Coming Soon — Ready-to-use, governed AI use cases built on the MCP Server
- Available MCP Tools ↗ — Full list of tools exposed to connected LLM applications