
Scalekit
Auth stack for AI apps: agent identity, OAuth 2.1 for MCP servers, SSO, and a token vault.

Overview
Scalekit: authentication built for the agentic era
AI agents break the assumptions traditional auth was built on: they act on behalf of users across dozens of services, need scoped and revocable access, and must be auditable at every step. Scalekit is an auth stack designed for exactly this — it gives AI apps an OAuth 2.1 authorization server for MCP servers, delegated agent identity, and a tool-calling layer, alongside the enterprise SSO and provisioning that B2B buyers demand.
The delegation model is the core idea: agents act as specific users with those users' approved permissions, never as over-privileged service accounts. Tokens live in an AES-256 encrypted vault with per-tenant isolation and auto-refresh, every request is scope-checked per connector and per tenant, and the full delegation chain — user, agent, tool, scope, result — is logged and exportable to SIEMs.
Key Features
- OAuth 2.1 authorization server for MCP servers, so agents authenticate to your tools with standards-based flows
- Delegated agent identity: agents inherit specific users' approved permissions rather than blanket service-account access
- Encrypted token vault (AES-256) with per-tenant isolation and automatic refresh
- Pre-built connectors for popular apps — Gmail, Slack, HubSpot, Notion, Salesforce — plus custom connectors for internal APIs
- Audit logging of the complete delegation chain, exportable to SIEM systems
- Full-stack B2B auth included: enterprise SSO, multi-tenant OAuth, and a free tier with 5,000 tool calls per month; Growth plan at $99/month for 100,000 calls
Ideal Use Case
Scalekit fits teams shipping AI products that must act inside customers' SaaS stacks — an agent that files tickets, sends emails, or updates CRMs on a user's behalf — and MCP server builders who need real OAuth in front of their tools before enterprise security teams will approve deployment.
How Scalekit differentiates
General-purpose auth platforms treat agents as an afterthought; Scalekit was built agent-first by the team that previously built Freshworks' authentication platform. The company raised a $5.5M seed round co-led by Together Fund and Z47 in 2026, and lists Von, SiftHub, and Napkin.ai among its customers, with a stated 99.99% uptime target and sub-50ms p95 latency.
FAQ
What is MCP auth and why does it matter? Model Context Protocol servers expose tools to AI agents; Scalekit puts an OAuth 2.1 authorization server in front of them so access is scoped, revocable, and standards-compliant.
Does Scalekit replace my existing auth provider? It can — it includes enterprise SSO and full-stack B2B auth — or it can run alongside an existing provider to handle only the agentic side.
Is there a free tier? Yes: 5,000 tool calls per month with unlimited connected accounts. The Growth plan is $99/month for 100,000 calls with overages at $0.50 per 1,000.
How are credentials protected? Tokens are stored in an AES-256 encrypted vault with per-tenant isolation, automatic refresh, and per-request scope enforcement.
tl;dr
Scalekit is the auth stack for AI apps — MCP OAuth, delegated agent identity, token vault, and enterprise SSO in one platform, free to start and $99/month at growth scale.
Related
Looking for more options? Browse the Developer Tools directory or read our best AI coding tools listicle. Scalekit is also tracked on Crunchbase.
Why Use Scalekit

User Reviews
Similar Tools




