refine mcp page

ranbel · ranbel · commit 7ce7d3c261a5 · 2025-08-25T15:18:19.000-04:00
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/mcp-portals.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/mcp-portals.mdx
@@ -40,26 +40,36 @@ To add an MCP server:
 6. In **HTTP URL**, enter the full URL of your MCP server. For example, if you want to add the [Cloudflare Documentation MCP server](https://github.com/cloudflare/mcp-server-cloudflare/tree/main/apps/docs-vectorize), enter `https://docs.mcp.cloudflare.com/sse`.
 7. Add [Access policies](/cloudflare-one/policies/access/) to show or hide the server in an [MCP server portal](#create-a-portal). The MCP server link will only appear in the portal for users who match an Allow policy. Users who do not pass an Allow policy will not see this server through any portals.
 
-	:::note
+	:::caution
 	Blocked users can still connect to the server (and bypass your Access policies) by using its direct URL. If you want to enforce authentication through Cloudflare Access, [configure Access as the server's OAuth provider](/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp/).
 	:::
-8. Select **Add server**.
-9. If the MCP server supports OAuth, you will be redirected to log in to your OAuth provider. You can log in to any account on the MCP server. The account used to authenticate will serve as the "admin" credential for that MCP Server. If you do not configure "user auth required" in your MCP portal, then the portal will use this admin credential to make requests.
+8. Select **Save and connect server**.
+9. If the MCP server supports OAuth, you will be redirected to log in to your OAuth provider. You can log in to any account on the MCP server. The account used to authenticate will serve as the admin credential for that MCP server. You can [configure an MCP portal](#create-a-portal) to use this admin credential to make requests.
 
 Cloudflare Access will validate the server connection and fetch a list of tools and prompts. Once the server is successfully connected, the [server status](#server-status) will change to **Ready**. You can now add the MCP server to an [MCP server portal](#create-a-portal).
 
 ### Server status
 
-The MCP server status indicates the connectivity status of the MCP server to Cloudflare Access.
+The MCP server status indicates the synchronization status of the MCP server to Cloudflare Access.
 
 | Status | Description |
 | ------ | ----------- |
-| Unknown | ?|
-| Inactive | The latest syncronized of tools, prompts and resources failed due to expired or incorrect credentials|
-| Waiting | The server's tools, prompts and resources are being syncronized|
-| Ready | The server was successfully syncronized and all tools, prompts and resources are available|
+| Error  | The server's authentication failed or was interrupted. To fix the issue, [reauthenticate the server](#reauthenticate-the-mcp-server). |
+| Inactive | The latest synchronization of tools, prompts and resources failed due to expired or incorrect credentials.  To fix the issue, [reauthenticate](#reauthenticate-the-mcp-server) and [resync](#synchronize-the-mcp-server) the server.|
+| Waiting | The server's tools, prompts and resources are being synchronized. |
+| Ready | The server was successfully synchronized and all tools, prompts and resources are available. |
 
-### Refresh the MCP server
+### Reauthenticate the MCP server
+
+To reauthenticate an MCP server in Cloudflare Access:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications** > **AI controls**.
+2. Select the **MCP servers** tab and find the server that you want to reauthenticate.
+3. Select the three dots > **Reset authentication**.
+
+You will be redirected to log in to your OAuth provider. The account used to authenticate will serve as the new admin credential for this MCP server.
+
+### Synchronize the MCP server
 
 If your MCP server updates its tools and prompts, you can instruct Cloudflare Access to refresh the server profile in Zero Trust:
 
@@ -78,7 +88,11 @@ To create an MCP server portal:
 3. Enter any name for the portal.
 4. Under **Custom domain**, select a domain for the portal URL. Domains must belong to an active zone in your Cloudflare account. You can optionally specify a subdomain.
 5. [Add MCP servers](#add-an-mcp-server) to the portal.
-6. (Optional) Under **MCP servers**, configure the tools and prompts available through the portal. "require user auth" will prompt the user to utilize their own login credentials to establish a connection with the MCP Server, if it support OAuth authentication.
+6. (Optional) Under **MCP servers**, configure the tools and prompts available through the portal.
+7. (Optional) Configure **Require user auth** for servers that support OAuth:
+		- `Enabled`: (default) User will be prompted to utilize their own login credentials to establish a connection with the MCP server.
+		- `Disabled`: Users who are connected to the portal will automatically have access to the MCP server via its [admin credential](#reauthenticate-the-mcp-server).
+
 7. Add [Access policies](/cloudflare-one/policies/access/) to define the users who can connect to the portal URL.
 8. Select **Add an MCP server portal**.
 9. (Optional) [Customize the login experience](#customize-login-settings) for the portal.
@@ -114,3 +128,23 @@ To test in Workers AI Playground:
 6. ?? How do you log in to the individual MCP servers in the portal?
 
 Workers AI Playground will show a **Connected** status.
+
+## View portal logs
+
+To view requests made through an MCP server portal:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications** > **AI controls**.
+2. Find the portal that you want to view logs for, then select the three dots > **Edit**.
+3. Select **Logs**.
+
+### Log fields
+
+Portal logs include the following fields:
+
+| Field | Description |
+| ----  | ----------- |
+| Time  | |
+| Status | |
+| Server | |
+| Capability | |
+| Duration | |
