# MCP Data Flow Architecture > Source: https://ibl.ai/architecture-mcp How AI agents connect to institutional systems through Model Context Protocol Toggle between segments: Higher Education | Enterprise | K-12 | Government [Platform Architecture](/architecture) | [MCP Servers Service](/service/mcp-servers) --- ## AI Clients & Agents ### MCP-Compatible Clients Any MCP-compatible AI agent or application connects to the broker through a single interface. Agents see a unified tool catalog — they do not need to know which backend system serves each tool. MCP Protocol — tool discovery + tool calls --- ## ibl.ai Switchboard — MCP Broker ### MCP Broker Central orchestration layer — routes requests, enforces policy, caches responses, provides observability. #### Query Routing Maps tool calls to the correct MCP server based on intent and payload. #### RBAC Enforcement Checks requester role against tool policy before forwarding — deny-by-default. #### Response Caching Configurable TTL per tool — cached data inherits the same access controls. #### Observability Logs every request and response — metrics for latency, error rates, query patterns. Compliance enforcement at every layer — rate limiting protects source systems from overload. mTLS — mutual TLS between broker and each MCP server. --- ## MCP Servers — Higher Education Each server is a thin wrapper around one system's API — exposes capabilities as tools with defined inputs, outputs, and permissions. [Read the full Higher Education MCP Guide](/solutions/higher-education/mcp-guide) ### LMS MCP Server Canvas, Blackboard, Moodle, Open edX, Brightspace **Tools:** get_student_grades, get_course_roster, get_assignment_submissions, get_engagement_metrics **Data Flow:** Broker checks RBAC (advising.read, instructor.own_students) → LMS MCP Server authenticates with scoped service account → LMS REST/LTI API → Response filtered for PII → Audit log written ### SIS MCP Server Banner, Colleague, PeopleSoft, Workday Student, Jenzabar **Tools:** get_enrollment_standing, get_credit_hours, get_academic_holds, get_transfer_evaluations **Data Flow:** Broker checks RBAC (registrar.read, advising.read) → SIS MCP Server authenticates with scoped service account → SIS REST/SOAP API → Response filtered for PII → Audit log written ### Advising MCP Server EAB Navigate, Starfish, SSC Campus **Tools:** get_student_interventions, create_advising_alert, get_caseload_summary **Data Flow:** Broker checks RBAC (advising.read, advising.write) → Advising MCP Server authenticates with scoped service account → Advising REST API → Response filtered for PII → Audit log written ### Degree Audit MCP Server DegreeWorks, Stellic, uAchieve **Tools:** get_degree_progress, run_what_if_scenario, get_remaining_requirements **Data Flow:** Broker checks RBAC (advising.read, registrar.read) → Degree Audit MCP Server authenticates with scoped service account → Audit REST/batch API → Response filtered for PII → Audit log written ### CRM MCP Server Slate, Salesforce, Ellucian CRM **Tools:** get_admitted_no_deposit, get_prospect_engagement, get_inquiry_history **Data Flow:** Broker checks RBAC (enrollment.read, enrollment.write) → CRM MCP Server authenticates with scoped service account → CRM REST API → Response filtered for PII → Audit log written ### Financial Aid MCP Server Banner FA, PowerFAIDS, Workday FA **Tools:** get_aid_package_status, get_fafsa_status, get_satisfactory_academic_progress **Data Flow:** Broker checks RBAC (finaid.read) → Financial Aid MCP Server authenticates with scoped service account → FA REST/batch API → Response filtered for PII → Audit log written ### Identity / SSO MCP Server Shibboleth, CAS, SAML, Azure AD **Tools:** get_user_roles, get_group_memberships, resolve_user_identity **Data Flow:** Broker checks RBAC (identity.read) → Identity MCP Server authenticates with scoped service account → SAML/SCIM API → Response filtered for PII → Audit log written --- ## MCP Servers — Enterprise [Read the full Enterprise MCP Guide](/solutions/enterprise/mcp-guide) ### HRIS MCP Server Workday, SAP, Oracle HCM, ADP **Tools:** get_employee_profile, get_org_structure, get_benefits_status, get_pto_balance **Data Flow:** Broker checks RBAC (hr.read, manager.own_reports) → HRIS MCP Server authenticates with scoped service account → HRIS REST API → Response filtered for PII → Audit log written ### LMS MCP Server Cornerstone, Degreed, SAP SuccessFactors, LinkedIn Learning **Tools:** get_training_completions, get_certifications, get_compliance_gaps, get_learning_path_progress **Data Flow:** Broker checks RBAC (learning.read, compliance.read) → LMS MCP Server authenticates with scoped service account → LMS REST/SCORM API → Response filtered for PII → Audit log written ### CRM MCP Server Salesforce, HubSpot, Dynamics 365 **Tools:** get_contacts, get_deal_pipeline, get_account_engagement, get_revenue_forecast **Data Flow:** Broker checks RBAC (sales.read, sales.write) → CRM MCP Server authenticates with scoped service account → CRM REST API → Response filtered for PII → Audit log written ### Ticketing MCP Server ServiceNow, Jira, Freshdesk **Tools:** get_open_incidents, get_resolution_metrics, create_ticket, get_service_requests **Data Flow:** Broker checks RBAC (it.read, it.write) → Ticketing MCP Server authenticates with scoped service account → Ticketing REST API → Response filtered for PII → Audit log written ### Knowledge Base MCP Server SharePoint, Confluence, Google Drive **Tools:** search_documents, get_policy_content, get_sop_versions, get_document_metadata **Data Flow:** Broker checks RBAC (docs.read) → Knowledge Base MCP Server authenticates with scoped service account → REST/Graph API → Response filtered for PII → Audit log written ### Identity MCP Server Okta, Azure AD, SAML **Tools:** get_user_roles, get_group_memberships, resolve_user_identity **Data Flow:** Broker checks RBAC (identity.read) → Identity MCP Server authenticates with scoped service account → SCIM/REST API → Response filtered for PII → Audit log written --- ## MCP Servers — K-12 [Read the full K-12 MCP Guide](/solutions/k-12/mcp-guide) ### SIS MCP Server PowerSchool, Infinite Campus, Skyward **Tools:** get_student_enrollment, get_attendance_records, get_grade_report, get_demographics **Data Flow:** Broker checks RBAC (teacher.own_students, counselor.caseload) → SIS MCP Server authenticates with scoped service account → SIS REST/SOAP API → Response filtered for PII → Audit log written ### LMS MCP Server Canvas, Schoology, Google Classroom **Tools:** get_assignments, get_submissions, get_course_engagement, get_gradebook **Data Flow:** Broker checks RBAC (teacher.own_classes, admin.district) → LMS MCP Server authenticates with scoped service account → LMS REST/LTI API → Response filtered for PII → Audit log written ### Behavior / PBIS MCP Server SWIS, Kickboard, LiveSchool **Tools:** get_behavior_incidents, get_interventions, get_referrals, get_pbis_points **Data Flow:** Broker checks RBAC (counselor.read, admin.read) → Behavior MCP Server authenticates with scoped service account → Behavior REST API → Response filtered for PII → Audit log written ### Transportation MCP Server Transfinder, Tyler, Versatrans **Tools:** get_route_assignments, get_ridership_data, get_bus_tracking, get_no_shows **Data Flow:** Broker checks RBAC (transport.read, admin.read) → Transportation MCP Server authenticates with scoped service account → Transport REST/batch API → Response filtered for PII → Audit log written ### Parent Communication MCP Server ParentSquare, Remind, ClassDojo **Tools:** get_message_history, send_translated_message, get_engagement_metrics, get_consent_status **Data Flow:** Broker checks RBAC (teacher.own_families, admin.district) → Parent Comm MCP Server authenticates with scoped service account → Comm REST API → Response filtered for PII → Audit log written ### Special Education MCP Server Frontline, GoalBook, SEIS **Tools:** get_iep_summary, get_accommodations, get_service_logs, get_goal_progress **Data Flow:** Broker checks RBAC (sped.read — restricted to case managers and authorized staff) → SpEd MCP Server authenticates with scoped service account → SpEd REST/batch API → Response filtered for PII → Audit log written ### Identity MCP Server Clever, ClassLink, Google, Microsoft **Tools:** get_user_roles, get_class_rosters, resolve_student_identity **Data Flow:** Broker checks RBAC (identity.read) → Identity MCP Server authenticates with scoped service account → SCIM/REST API → Response filtered for PII → Audit log written --- ## MCP Servers — Government [Read the full Government MCP Guide](/solutions/government/mcp-guide) ### HRIS MCP Server Workday, SAP, Oracle HCM **Tools:** get_employee_profile, get_org_chart, get_clearance_level, get_onboarding_status **Data Flow:** Broker checks RBAC (hr.read, manager.own_reports) → HRIS MCP Server authenticates with scoped service account → HRIS REST API → Response filtered for PII → Audit log written ### LMS MCP Server Cornerstone, SAP SuccessFactors, Degreed **Tools:** get_mandatory_training_status, get_certifications, get_compliance_deadlines, get_course_completions **Data Flow:** Broker checks RBAC (learning.read, compliance.read) → LMS MCP Server authenticates with scoped service account → LMS REST/SCORM API → Response filtered for PII → Audit log written ### Case Management MCP Server Agency case management platforms **Tools:** get_case_status, get_case_history, get_pending_actions, get_case_metrics **Data Flow:** Broker checks RBAC (case.read, case.write) → Case Mgmt MCP Server authenticates with scoped service account → Case REST API → Response filtered for PII → Audit log written ### Citizen Services MCP Server Citizen services portals, program eligibility systems **Tools:** get_inquiry_status, check_program_eligibility, get_application_status, get_service_metrics **Data Flow:** Broker checks RBAC (citizen.read) → Citizen Services MCP Server authenticates with scoped service account → Portal REST API → Response filtered for PII → Audit log written ### Document Management MCP Server SharePoint, Records Management systems **Tools:** search_policies, get_sop_content, get_regulatory_docs, get_document_versions **Data Flow:** Broker checks RBAC (docs.read, classification check) → Doc Mgmt MCP Server authenticates with scoped service account → REST/Graph API → Response filtered per clearance → Audit log written ### Ticketing MCP Server ServiceNow **Tools:** get_open_incidents, get_service_requests, get_provisioning_status, create_ticket **Data Flow:** Broker checks RBAC (it.read, it.write) → Ticketing MCP Server authenticates with scoped service account → ServiceNow REST API → Response filtered for PII → Audit log written ### Identity MCP Server Okta, Azure AD + PIV/CAC **Tools:** get_user_roles, get_clearance_level, get_entitlements, verify_piv_cac **Data Flow:** Broker checks RBAC (identity.read) → Identity MCP Server authenticates with scoped service account → SAML/SCIM API → Response filtered for PII → Audit log written --- ## MCP Security Model Defense-in-depth — security enforced at every layer of the MCP data flow. ### RBAC at the Broker Every request is checked against the requester's role before forwarding. Deny-by-default — tools must be explicitly enabled per role. ### PII Minimization Input validation before calling upstream APIs. Output filtering to strip data the requester does not need. ### Scoped Service Accounts Each MCP server authenticates with its own credentials, scoped to only the operations it needs. ### Audit Logging Every tool call is logged: requester identity, tool name, parameters, timestamp, outcome. Immutable logs routed to your SIEM. ### Transport Security mTLS between broker and servers. TLS for all external API calls. No plaintext transport anywhere in the chain. ### Data Residency MCP servers run inside your data center or cloud tenancy. Data is queried in place, not copied to external systems. --- ## Complete MCP Data Flow Sequence 1. AI agent or MCP-compatible client initiates a tool call (e.g., a cross-system query) 2. Request arrives at the ibl.ai Switchboard MCP Broker via the MCP protocol 3. Broker authenticates the requester via SSO and resolves their roles and permissions 4. Broker checks RBAC policy — does this role have permission to call this tool? Deny-by-default 5. Broker routes the request to the appropriate MCP server based on the tool name and routing rules 6. MCP server authenticates with its scoped service account to the backend system 7. Backend system returns raw data — MCP server filters the response for PII minimization based on requester role 8. MCP server writes an immutable audit log entry (requester, tool, parameters, timestamp, outcome) 9. Filtered, structured result returns through the broker to the requesting agent 10. Agent combines results from multiple MCP servers into a single, coherent answer for the user --- ## Role-Based Data Access ### Higher Education (FERPA) | Campus Role | LMS | SIS | Advising | Degree Audit | CRM | Financial Aid | |-------------|-----|-----|----------|--------------|-----|---------------| | Academic Advisors | Caseload grades | Enrollment, GPA | Full (own caseload) | Progress, what-if | — | — | | Registrar Staff | — | Full (all students) | — | Full access | — | — | | Faculty | Own sections only | Own students only | — | — | — | — | | Financial Aid Staff | — | SAP data | — | — | — | Full access | | Enrollment Mgmt | — | — | — | — | Prospects + admitted | Package status | ### Enterprise (SOC 2) | Role | HRIS | LMS | CRM | Ticketing | Knowledge Base | |------|------|-----|-----|-----------|----------------| | HR Business Partners | Own business unit | Compliance reports | — | — | Policies | | People Managers | Direct reports only | Team completions | — | Team tickets | SOPs | | L&D Admins | Org structure | Full access | — | — | Training content | | Sales Ops | — | — | Full access | — | Sales playbooks | | IT Support | — | — | — | Full access | IT docs | ### K-12 (FERPA + COPPA) | Role | SIS | LMS | Behavior | Transport | Parent Comm | Special Ed | |------|-----|-----|----------|-----------|-------------|------------| | Teachers | Own students | Own classes | — | — | Own families | — | | Counselors | Caseload | Caseload grades | Full (caseload) | — | Caseload families | IEP (if case mgr) | | Principals | School-wide | School-wide | School-wide | School routes | School families | School SpEd | | District Admins | District-wide | District-wide | District-wide | All routes | District-wide | District-wide | | Transportation Staff | — | — | — | Full access | — | — | ### Government (FedRAMP / NIST 800-53) | Role | HRIS | LMS | Case Mgmt | Citizen Svc | Documents | Ticketing | |------|------|-----|-----------|-------------|-----------|-----------| | HR / Personnel | Full (own agency) | Compliance reports | — | — | HR policies | — | | Supervisors | Direct reports | Team completions | — | — | Team SOPs | Team tickets | | Case Workers | — | — | Own caseload | Related inquiries | Program regs | — | | Citizen-Facing Staff | — | — | — | Public inquiries | Public docs | — | | IT / Security | — | — | — | — | IT docs | Full access | --- *[View on ibl.ai](https://ibl.ai/architecture-mcp)*