MCP Architecture Guide for Enterprise: Connecting Corporate Systems to AI Agents

A practical walkthrough for CIOs, CLOs, and IT leadership.

See the Enterprise AI overview for business context, or the general MCP architecture guide for a broader introduction to MCP.

In this guide

1. The enterprise data problem
2. Inventory your systems
3. Build MCP servers for each system
4. Add an MCP broker
5. Connect agents
6. Example: Employee onboarding status
7. Example: Compliance training gaps
8. Example: Knowledge preservation
9. Security checklist for enterprise
10. Next steps

1. The Enterprise Data Problem

Corporations run HRIS platforms (Workday, SAP SuccessFactors, Oracle HCM, ADP), learning management systems (Cornerstone, Degreed, SAP SuccessFactors Learning, LinkedIn Learning), CRMs (Salesforce, HubSpot, Dynamics 365), ticketing systems (ServiceNow, Jira, Freshdesk), collaboration tools (Teams, Slack, SharePoint), and identity providers (Okta, Azure AD).

Each system has its own API, its own authentication model, its own schema, and its own rate limits. Every workforce automation project — onboarding workflows, compliance dashboards, skills gap analyses — re-solves the integration problem from scratch.

Model Context Protocol (MCP) fixes this. You build one thin wrapper per system (an "MCP server"), add a broker that routes and governs requests, and then any AI agent can ask cross-system questions through a single, stable interface. No more point-to-point integrations.

2. Inventory Your Systems

Before writing any code, document every system that holds data an AI agent might need. For each, note the vendor, what data it holds, and what API is available.

Typical enterprise system inventory:

Category	Common Systems	Key Data	API Type
HRIS	Workday, SAP, Oracle HCM, ADP	Employee records, org structure, benefits, PTO	REST
LMS	Cornerstone, Degreed, SAP SuccessFactors, LinkedIn Learning	Training courses, completions, certifications	REST / SCORM
CRM	Salesforce, HubSpot, Dynamics	Contacts, deals, pipeline, engagement	REST
Ticketing	ServiceNow, Jira, Freshdesk	Incidents, requests, resolutions	REST
Knowledge Base	SharePoint, Confluence, Google Drive	Policies, SOPs, documentation	REST / Graph
Identity	Okta, Azure AD, SAML	Roles, groups, entitlements	SCIM / REST

Your inventory will look different. The point is to get every data source on paper before you start building, so you can plan server boundaries and access controls upfront.

3. Build MCP Servers for Each System

Each MCP server wraps exactly one source system. It translates the vendor's API into a set of standardized tools that any MCP-compatible agent can call. One server for Workday. One for Cornerstone. One for ServiceNow. Never combine multiple vendors into a single server — that defeats the purpose.

Here's pseudocode for an HRIS server tool that checks an employee's onboarding status:

@tool("get_employee_onboarding_status")
def get_employee_onboarding_status(employee_id: str) -> dict:
    """
    Pull onboarding checklist status from HRIS.
    Returns completed items, outstanding items, start date,
    department, and assigned manager.
    """
    # Authenticate with scoped service account (read-only)
    client = hris_client(scope="onboarding:read")

    employee = client.get_employee(employee_id)
    checklist = client.get_onboarding_checklist(employee_id)

    return {
        "employee_name": employee.name,
        "start_date": employee.start_date,
        "department": employee.department,
        "manager": employee.manager,
        "checklist_completed": checklist.completed_items,
        "checklist_outstanding": checklist.outstanding_items,
        "checklist_progress": f"{checklist.done}/{checklist.total}"
        # NOTE: No SSN, salary, or benefits data returned
    }

Security defaults for every server

Scoped service accounts — each server gets its own credentials with minimal permissions. Never share admin tokens.
Deny-by-default — tools expose only the fields the agent needs. Everything else is excluded.
PII minimization — employee SSN, salary data, and benefits details are never returned unless the requesting role is explicitly authorized.
SOC 2 alignment — log every tool call, every response, and every error. Make logs tamper-evident.
Audit logging — who asked, what tool was called, what data was returned, and when. This is non-negotiable for enterprise deployments.

4. Add an MCP Broker

The broker sits between agents and servers. It handles routing (which server answers which question), policy enforcement (who is allowed to see what), and caching (so you don't hammer source systems with duplicate requests).

Different roles see different data. This is where enterprise RBAC gets enforced:

Role	Data Access
HR partner	Full employee records, onboarding status, training completions, compensation (within their business unit)
Manager	Direct reports only: performance, training status, PTO balances. No salary or benefits data.
IT admin	System access, provisioning status, ticket history. No HR or compensation data.
Employee	Own data only: own PTO balance, own training progress, own tickets. Cannot see anyone else's records.

An employee can ask "What's my PTO balance?" and get an answer. The same employee asking "What's someone else's salary?" gets denied at the broker level before the request ever reaches the HRIS server.

5. Connect Agents

Once your servers are running and the broker is enforcing policy, any MCP-compatible agent can ask cross-system questions. The agent doesn't need to know which system holds which data — it just asks, and the broker routes.

An HR partner asks: "How is this employee's onboarding going?" The agent calls tools on three servers (HRIS, LMS, Ticketing), combines the results, and returns a single coherent answer. No custom integration code. No middleware. No ETL pipeline.

The following examples show what this looks like in practice.

6. Example: Employee Onboarding Status

An HR partner asks the agent: "How is Priya Sharma's onboarding going?"

The agent pulls from three systems:

HRIS (Workday)

Start date: February 12
Department: Engineering
Manager: David Chen
Onboarding checklist: 6 of 11 items complete
Outstanding: security training, benefits enrollment, team introduction meeting

LMS (Cornerstone)

3 of 5 required onboarding modules complete
Overdue: "Data Privacy Fundamentals" (due February 17)
Next up: "Engineering Code Standards"

Ticketing (ServiceNow)

Laptop: delivered
VPN access: granted
GitHub org invitation: pending (submitted February 13, awaiting IT approval)

The agent combines these into a single response:

Priya Sharma — Onboarding Status

Priya started on Feb 12 in Engineering, reporting to David Chen. She's 6/11 on her onboarding checklist with three items outstanding: security training, benefits enrollment, and her team intro meeting.

On the training side, she's completed 3 of 5 required modules. "Data Privacy Fundamentals" is overdue (was due Feb 17). Her next module is "Engineering Code Standards."

IT provisioning is mostly done — laptop delivered, VPN active. One open item: her GitHub org invitation was submitted Feb 13 and is still awaiting IT approval.

Recommended actions: Follow up on the overdue Data Privacy training, schedule her team intro, and escalate the GitHub access request.

7. Example: Compliance Training Gaps

A CLO asks the agent: "Which teams have the lowest compliance training completion?"

The agent queries two systems. From HRIS, it pulls all active employees grouped by department. From the LMS, it pulls compliance module completion status for each employee. It cross-references the two, calculates completion rates per team, and identifies the departments below the 80% threshold.

Compliance Training Gap Report

Three departments are below the 80% compliance training threshold:

Field Sales — 62% complete (14 of 23 employees). 9 overdue, including 3 who haven't started.
Product Engineering — 71% complete (34 of 48 employees). 14 overdue, mostly on "Information Security Essentials."
Customer Support — 76% complete (19 of 25 employees). 6 overdue, 4 within one week of deadline.

I've drafted summary emails for each department head with the specific employees who are overdue and their missing modules. Would you like me to send them?

Without MCP, building this report would require a custom integration between the HRIS and LMS, a data pipeline to join records by employee ID, and a separate reporting tool to present the results. With MCP, the agent asks two tools and does the analysis in real time.

8. Example: Knowledge Preservation

When an experienced employee announces retirement, the organization faces an urgent question: what institutional knowledge walks out the door with them?

The agent queries the knowledge base (SharePoint, Confluence) for all documents the employee authored, training materials they created, and processes they own. It cross-references with the LMS to find any courses where they are the sole subject-matter expert. It checks the ticketing system for recurring issues they typically resolve.

Knowledge Transfer Plan — Margaret Torres (Retiring April 30)

Margaret is the sole author of 23 SharePoint documents across 3 process areas (vendor onboarding, procurement approvals, contract review). She created 4 training modules in Cornerstone that 180+ employees have completed. She is the escalation point for 12 recurring ServiceNow ticket types.

Gaps identified:

No backup author assigned for any of the 23 documents
2 training modules have not been updated since 2023 and reference deprecated workflows
No documented runbook for 8 of the 12 ticket escalation types she handles

Recommended timeline: Begin knowledge transfer sessions by March 15 to allow 6 weeks of overlap before her departure.

This kind of analysis is nearly impossible to do manually across disconnected systems. With MCP servers wrapping each source, the agent can generate this plan in seconds.

9. Security Checklist for Enterprise

Enterprise deployments have non-negotiable security requirements. Every item below should be in place before your MCP infrastructure goes to production.

SOC 2 compliant architecture — controls mapped to Trust Services Criteria. Audit-ready documentation for every component.

Role-based access control — HR sees employee data, managers see direct reports only, employees see their own data only. Enforced at the broker level.

PII minimization — salary, SSN, and benefits details are never exposed beyond HR scope. Servers strip sensitive fields before returning results.

Audit logging for all queries — who asked, what tool was called, what data was returned, and when. Logs are tamper-evident and retained per your retention policy.

Okta / Azure AD identity integration — the broker authenticates users against your existing identity provider. No separate credentials to manage.

Data stays on corporate infrastructure — deploy on your own infrastructure or private cloud. No data leaves your security perimeter.

No proprietary data used for model training — your corporate data is never used to train or fine-tune foundation models. Query data is ephemeral.

Rate limiting to protect source systems — the broker enforces per-server rate limits so agents cannot overwhelm Workday, ServiceNow, or any other source API.

10. Next Steps

If you're ready to connect your corporate systems to AI agents, here's where to go:

Talk to our team — we'll walk through your system inventory and scope the project.
MCP Servers service page — details on how we build, deploy, and manage MCP servers for enterprise clients.
Enterprise AI solutions — the full picture of what AI agents can do for corporate learning and workforce operations.