Kiteworks MCP Server Overview
The Kiteworks MCP Server is a Model Context Protocol (MCP) server that gives AI assistants governed access to Kiteworks files, folders, forms, and user data. Every AI-initiated operation is authenticated with OAuth 2.1, encrypted with TLS 1.3, and logged to a tamper-evident audit trail — keeping your enterprise security and compliance requirements intact.
Unlimited agent workflows, policy controls, and audit telemetry at no additional cost for the first 6 months. Kiteworks admins can activate it through the admin console.
Capabilities
The MCP Server exposes four groups of tools to connected LLM applications:
- Upload and download files
- Retrieve file metadata
- Rename, move, and delete files
- Operate on single files or batches
- Navigate folder hierarchies
- Create, rename, move, and delete folders
- Search by name or content with filtering
- Operate on single folders or batches
- Generate Kiteworks Advanced Forms from templates
- Return preview links for generated forms
- Search files and folders by name or content
- Access current user details
- Check authentication status
Deployment Modes
The MCP Server ships in three deployment configurations to match different integration scenarios and user scales. Choose the mode that fits your environment:
Local STDIO Server
Single-user deployment running locally via standard input/output. Supports direct file upload and download from the local machine. Native binaries available for Windows, Linux, and macOS.
Best for: Individual developers and personal workflows.
Remote HTTPS Server
Centralized multi-user server with OAuth 2.1 authentication, deployable as a Docker container or systemd service. Supports concurrent users with per-user and per-session rate limiting.
Best for: Teams and enterprise deployments where multiple users share a single server.
Claude Desktop Connector
Available directly in the Claude Desktop connector marketplace — install it in a few clicks, no binary download or upload required. Provides a zero-configuration path to connecting Kiteworks with Claude.
Best for: Claude Desktop users who want a guided, one-click setup experience. See Claude Desktop Connector for setup steps.
Security Model
The Kiteworks MCP Server is built for regulated environments where data governance is non-negotiable. Its security model operates across three layers:
Authentication
The Remote HTTPS Server uses OAuth 2.1 with Dynamic Client Registration, Authorization Code flow with PKCE, and JWT access and refresh tokens. Tokens are automatically refreshed, so long-running sessions stay authenticated without user intervention.
Encryption & FIPS Compliance
When FIPS 140-3 mode is enabled, all cryptographic operations use approved algorithms:
| Requirement | Implementation |
|---|---|
| Data encryption | AES-256-GCM |
| Signatures | RSA with SHA-256 |
| Transport security | TLS 1.3 with NIST-approved curves |
| Key exchange | Hybrid X25519 + ML-KEM-768 (FIPS 203) for quantum-resistant forward secrecy |
Rate Limiting
Configurable rate limits can be applied at three levels independently: globally across all traffic, per authenticated user, and per active session. This allows fine-grained control over how AI applications consume Kiteworks resources.
Governed AI Use Cases
The Kiteworks Marketplace will offer a catalog of ready-to-use, policy-governed use cases built on the MCP Server. Each one automates a complex workflow while keeping every interaction with sensitive data compliant and governed. You'll be able to browse the catalog and add the use cases that fit your environment.
Kiteworks Marketplace Coming Soon
The Marketplace isn't available yet. Once it launches, you'll be able to explore the full catalog of use cases — see each one's purpose, governance controls, and requirements, and add the ones you need.
Frequently Asked Questions
What is the Kiteworks MCP Server?
The Kiteworks MCP Server is a Model Context Protocol server that exposes Kiteworks file management, folder operations, forms, and search capabilities as tools to AI clients such as Claude. It acts as a secure bridge between AI workflows and your Kiteworks instance, enforcing all access policies and generating audit trails for every operation.
How does the Kiteworks MCP Server differ from the REST API?
The REST API is a standard HTTP interface for programmatic integration. The MCP Server wraps a subset of that API as structured tools that AI models can discover and call in natural-language workflows. MCP is designed for human-in-the-loop AI use cases, while the REST API suits fully automated code integrations.
Is it safe to connect an AI model to Kiteworks through MCP?
Yes. The Kiteworks MCP Server enforces OAuth 2.1 authentication, respects all existing Kiteworks access control policies, encrypts data in transit with TLS 1.3, and generates tamper-evident audit trails for every AI-initiated operation. No action can bypass the governance layer.
What deployment modes does the Kiteworks MCP Server support?
The Kiteworks MCP Server supports three deployment modes: Local STDIO (for Claude Code and VS Code), the Claude Desktop Connector (installed from the marketplace), and Remote HTTPS (for shared or production environments). Choose the mode that matches how your team uses AI tools.
How is AI agent access governed?
Agent access can be governed with both ABAC and RBAC — using the Kiteworks Data Policy engine together with the user permission model. Every AI-initiated action is subject to the same attribute- and role-based controls that apply to your users, so agents never gain access beyond what their identity is permitted.
What use cases does the Kiteworks Marketplace offer?
The Kiteworks Marketplace offers a catalog of ready-to-use, policy-governed use cases that run through the Kiteworks MCP Server. They cover workflows such as governed folder operations, file management, and forms creation — all with identity verification, access enforcement, encrypted handling, and tamper-evident audit trails. They are built for regulated industries including financial services, healthcare, legal, and federal government.
Next Steps
Ready to connect Kiteworks to your LLM application?
- Installation & Setup → Install the MCP Server binary or Docker image for your deployment mode
- Claude Desktop Connector → Install and configure Kiteworks in Claude Desktop from the marketplace
- Kiteworks Marketplace Coming Soon — Ready-to-use, governed AI use cases built on the MCP Server