When setting client credentials for a Model Context Protocol (MCP) Server in Okta for AI Agents, Okta locks the Client ID field and displays the Client Secret field as blank. This is expected behavior by design, as Okta secures the Client Secret and prevents it from displaying after the initial entry. To update the credentials, disconnect the MCP Server, generate new credentials, delete the old credentials, and re-add the server.

• Okta Identity Engine (OIE)
• Okta for AI Agents
• Model Context Protocol (MCP) Server configuration

This behavior is by design. Once set and saved, Okta locks the Client ID and prevents edits. After saving, Okta displays the Client Secret field as blank because Okta stores the secret securely and does not re-display it after the initial entry.

How are the MCP Server credentials updated in Okta?

Disconnect the MCP Server from the AI Agent, create new credentials, delete the old configuration, and re-add the server to update the credentials.

1. Disconnect the MCP Server from the AI Agent.
2. Create new client credentials in the OAuth provider.
3. Delete the old credentials from the MCP Server configuration.
4. Re-add the MCP Server to the AI Agent using the new credentials.

NOTE: Plan credential rotation in advance, as the process requires briefly disconnecting the MCP Server.

Related References

• Add MCP servers