Disable MCP Server
Disable the JFrog MCP Server entirely, revoke all MCP sessions, or remove an individual user's MCP access on a self-managed JFrog Platform Deployment.
There are two supported ways to disable or restrict access to the JFrog MCP Server, depending on the scope of control required:
| Method | Who | Effect |
|---|---|---|
| Wingman deployment config | Operator | Shuts down MCP entirely. All /mcp/* requests return 404. |
| Delete the MCP application integration | Platform Admin | Revokes all issued tokens. Users must re-onboard to regain access. The Wingman service keeps running. |
Prerequisites
| Prerequisite | Applies To |
|---|---|
Access to modify the Wingman deployment configuration (environment variables, system.yaml, or Helm values) | Disabling the MCP service entirely |
| Platform Admin credentials for your JFrog Platform Deployment | Revoking all MCP sessions or an individual user's tokens |
Disable the MCP Service Entirely
Set wingman.mcp.enabled to false and restart the Wingman service. After restart, the /mcp/* endpoint is unmounted and every request returns 404.
Set the following environment variable on the host running Wingman, then restart the service:
JF_WINGMAN_MCP_ENABLED=falseAfter the Wingman service restarts, the JFrog MCP Server does not respond to any queries from AI-enabled tools or IDEs.
Revoke All MCP Access
Delete the MCP application integration from JFrog Access. This immediately revokes every token issued under that integration and forces all users to re-onboard before MCP can be used again.
Service Remains Active
Deleting the application integration revokes all issued tokens but does not stop the Wingman service. The
/mcp/*endpoint remains mounted. To take the MCP service offline entirely, use the deployment configuration method instead.
- Log in to your JPD as a Platform Admin.
- Go to Administration.
- Select User Management > Integrations.
- Select Application Integrations.
- Locate the Wingman MCP entry and delete it.
Remove an Individual User's MCP Access
Use one of the following options to remove MCP access for a single user.
Option 1: User Removes the MCP Server from Their Client
The user removes the JFrog MCP Server entry from their MCP client configuration (for example, Cursor or Claude Desktop). This stops that client from connecting but does not revoke the underlying token.
Option 2: Admin Revokes the User's MCP Tokens (Platform UI)
- Log in to your JPD as a Platform Admin.
- Go to Administration.
- Select User Management > Access Tokens.
- Search by username.
- Revoke each token whose Issuer matches the Wingman MCP application integration's client ID.
The user's MCP client receives 401 errors immediately.
Blocking Re-Authorization
Revoking a user's tokens does not prevent them from re-authorizing. To stop the user from reconnecting, remove or disable the user in your JPD. JFrog Access does not support a per-user block for a single integration.
Re-Enabling the MCP Server
To restore access after disabling, follow the steps in Enable MCP Server Integration.
Frequently Asked Questions
Q: What is the difference between disabling the MCP service and revoking the application integration?
Disabling the service (wingman.mcp.enabled=false) takes the /mcp/* endpoint offline entirely — all requests return 404. Revoking the application integration bulk-revokes all tokens but leaves the Wingman service running. Users receive 401 errors until they re-onboard.
Q: Can I block a specific user from using MCP without affecting others?
Yes. Revoke that user's MCP tokens via Administration > User Management > Access Tokens. To prevent re-authorization, remove or disable the user in your JPD.
Q: How do I re-enable MCP after disabling it?
See Enable MCP Server Integration for instructions.
Related Topics
- MCP Server Installation
- Enable MCP Server Integration
- MCP Server Helm Chart Installation
- MCP Server Docker Compose Installation
JFrog MCP Server Beta
The JFrog MCP Server is in beta. Client integration details may change as the feature evolves. By using this service, you agree to the JFrog MCP Server Beta Agreement.
Updated 1 day ago