Note: Lattice MCP is currently only available for customers with data hosted in the US.
Connecting an AI tool to the Lattice MCP Server does not change what you can access in Lattice. The MCP Server uses the same login and permission model as the Lattice platform, so AI tools can access only the data and actions your authenticated account is authorized to access.
OAuth Basics
When you connect an AI tool to Lattice through the MCP Server, you log in with your own Lattice credentials. From that point on, the AI tool can access only the data you can see and the actions you can take in the Lattice platform.
Lattice has no separate, MCP-specific permissions. The MCP Server uses the same authentication and permission model as the rest of the platform, so your access through an AI tool always matches your access in Lattice itself.
Currently, Lattice MCP Server provides Manager and Individual Contributor capabilities only; administrative capabilities are not available. This applies to all users, including administrators. For example, a Super Admin who can view all employee data through the Lattice Admin interface will, through the MCP Server, have access only to the Manager and Individual Contributor capabilities currently supported. Data available exclusively through the Admin interface is not accessible through the MCP Server.
What happens when you request something you can't access?
The MCP Server responds differently depending on whether you are reading or writing data.
- Read requests return only the data you are permitted to see. Sometimes that means partial results. For example, if you ask for a peer's reviews, you get the reviews you submitted for that peer, which you can already see in Lattice, but not other reviewers' submitted reviews. Other times, it means no data at all, such as a request for your manager's private self-review.
- Write requests that you are not permitted to make will return an error explaining that you don't have permission for that action.
Sensitive information
The MCP Server applies the same data standards as the Lattice platform rather than creating its own. Just as someone could type sensitive information directly into Lattice, they could enter it through an AI tool connected by the MCP. A few things to keep in mind:
- Lattice is not designed for storing Protected Health Information (PHI), and the Lattice Terms of Service prohibit customers from entering PHI into the platform.
- Your IT, Security, and Compliance teams are responsible for determining the policies and technical controls that govern how employees use AI systems with Lattice and other business applications.
- Common safeguards include AI gateways, MCP proxies, DLP solutions, or other security controls that inspect or restrict prompts before they reach AI systems.
Controlling who can use the MCP
The Lattice MCP Server uses the same authorization model as the Lattice platform and does not currently provide separate, MCP-specific permission settings. To control which employees can connect AI tools to Lattice, configure access within your AI platform. Many enterprise AI platforms allow administrators to limit which users or groups can connect to specific MCP servers.
Keeping your credentials safe
Setting up a connection involves a Client ID and, in some cases, a Client Secret. When you are first connecting to an AI system, your IT administrator will tell you if a Client Secret is needed.
The Client Secret is sensitive, so Lattice shows it only once when you create it. This follows a common security practice of revealing a secret key only at creation. Treat the Client Secret carefully:
- Treat the Client Secret like any other credential. Store it only in your organization's approved secrets management solution, and avoid sharing it through email, chat, or documents.
- Follow your organization's established processes for managing and rotating secrets.
If you believe a Client Secret has been exposed, generate a new one in Lattice as soon as possible. Systems using the previous secret will need to be updated with the new secret before they can authenticate again.