eXo Platform dropped a significant piece of infrastructure for enterprise AI integration this week with the general availability launch of its MCP server. The open-source digital workplace platform is now exposing 98 tools to external AI agents through the Model Context Protocol, allowing organizations to connect assistants like Anthropic's Claude or OpenAI-compatible services directly to their collaboration environments using OAuth-based authentication.

What the Model Context Protocol Brings to Enterprise

MCP isn't just another REST API wrapper—it's specifically designed for how modern AI models actually work. Traditional APIs were built for developers; MCP translates business systems into a format large language models can understand and invoke natively. Think of it as giving your AI assistant actual hands inside your enterprise stack instead of just asking it to read about what you do. The protocol handles tool discovery, authentication, and execution through a standardized client-server model where eXo acts as the MCP server exposing its capabilities.

Inside the 98-Tool Arsenal

The breadth here is notable. These tools span ten functional domains: spaces, tasks and projects, social stream activity, notes and wiki content, news and articles, documents and files, calendar and agenda events, categories, user identity management, and internal messaging. That's not a demo collection—it's near-complete coverage of what users actually do inside eXo Platform. The article even shows Claude.ai introspecting the MCP server directly and generating a full tool inventory. Three standout capabilities include create_space for bootstrapping entire collaboration environments in one call, create_task_in_project for rich task creation with assignee and status fields, and create_activity for posting directly to social streams—all actions that normally require navigating through multiple UI screens.

The Security Model: Governance Built Into the Protocol

This is where eXo's "Controlled AI" philosophy becomes concrete. The MCP server layers protection across four distinct levels: administrators must first approve which external services can connect, users then grant explicit OAuth consent with read-only or read/write scopes, permissions remain continuously revocable from user settings at any time, and critically—external assistants only access whatever the authenticated user could already see inside eXo. Existing space boundaries, role-based permissions, and content restrictions all still apply. No bypass is possible because the MCP layer sits on top of the platform's existing permission enforcement rather than circumventing it.

Embedded AI Versus External Agents: Choosing Your Attack Surface

eXo's positioning this as complementary rather than competitive with its native embedded AI. Internal capabilities work best for in-platform productivity tasks like semantic search across internal knowledge bases, drafting communications, or acting directly on user context. The MCP integration opens different scenarios—orchestrating multi-system workflows combining eXo with CRM, ERP, or ticketing systems; using external web intelligence to gather market data and then publishing synthesized reports into the platform; or connecting automation platforms like n8n, Make, or Zapier for custom enterprise agent pipelines.

Getting Connected: What's Available Today

The service is live now on eXo Hubs cloud environments with support for Anthropic Claude, OpenAI-compatible clients, and Mistral AI integration. OEM partners including Orange Business through its Live Collaboration offering have access as well. For private cloud or dedicated deployments, administrators configure approved external services according to their governance policies. Users retrieve a personal MCP endpoint URL from their settings, paste it into their chosen assistant's configuration, complete OAuth authentication with selected permission scopes, and they're operational—no DevOps involvement required for end users.

Key Takeaways

  • 98 tools now exposed across collaboration spaces, tasks, documents, calendar, messaging, and social features
  • OAuth-based integration keeps user consent and administrator approval as gatekeepers
  • External assistants inherit only the authenticated user's existing platform permissions
  • Available on eXo Hubs with support for Claude, OpenAI-compatible clients, Mistral AI, n8n, Make, Zapier

The Bottom Line

This is enterprise-grade MCP implementation done right—open enough to enable real automation workflows but locked down enough that security teams won't need to have nightmares about shadow AI running wild. Whether enterprises actually adopt this breadth of tool access remains to be seen, but the architecture choices show eXo learned from early AI integration mistakes: governance first, capabilities second.