rename saas-mcp

Author: ranbel

public/__redirects

@@ -2369,6 +2369,7 @@
 
 # Cloudflare One nav revamp (statics)
 /cloudflare-one/access-controls/applications/http-apps/mcp-servers/mcp-portals/ /cloudflare-one/access-controls/ai-controls/mcp-portals/ 301
+/cloudflare-one/access-controls/ai-controls/saas-mcp/ /cloudflare-one/access-controls/ai-controls/secure-mcp-servers/ 301
 /cloudflare-one/connections/connect-devices/warp/user-side-certificates/ /cloudflare-one/team-and-resources/devices/user-side-certificates/ 301
 /cloudflare-one/team-and-resources/devices/warp/user-side-certificates/ /cloudflare-one/team-and-resources/devices/user-side-certificates/ 301
 /cloudflare-one/team-and-resources/devices/warp/set-up-warp/ /cloudflare-one/team-and-resources/devices/cloudflare-one-client/set-up/ 301

src/content/docs/agents/guides/remote-mcp-server.mdx

@@ -157,7 +157,7 @@ The public MCP server example you deployed earlier allows any client to connect
 
 You can configure your MCP server to require user authentication through Cloudflare Access. Cloudflare Access acts as an identity aggregator and verifies user emails, signals from your existing [identity providers](/cloudflare-one/integrations/identity-providers/) (such as GitHub or Google), and other attributes such as IP address or device certificates. When users connect to the MCP server, they will be prompted to log in to the configured identity provider and are only granted access if they pass your [Access policies](/cloudflare-one/access-controls/policies/#selectors).
 
-For a step-by-step deployment guide, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/ai-controls/saas-mcp/).
+For a step-by-step deployment guide, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/).
 
 ### Third-party OAuth
 

src/content/docs/agents/model-context-protocol/authorization.mdx

@@ -30,7 +30,7 @@ The following sections describe each of these options and link to runnable code
 
 Cloudflare Access allows you to add Single Sign-On (SSO) functionality to your MCP server. Users authenticate to your MCP server using a [configured identity provider](/cloudflare-one/integrations/identity-providers/) or a [one-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/), and they are only granted access if their identity matches your [Access policies](/cloudflare-one/access-controls/policies/).
 
-To deploy an [example MCP server](https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-cf-access) with Cloudflare Access as the OAuth provider, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/ai-controls/saas-mcp/).
+To deploy an [example MCP server](https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-cf-access) with Cloudflare Access as the OAuth provider, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/).
 
 ### (2) Third-party OAuth Provider
 

src/content/docs/cloudflare-one/access-controls/ai-controls/linked-apps.mdx

@@ -62,7 +62,7 @@ Access will now validate the JWT token against the Linked App Token rule and pro
 
 ## SaaS MCP server (Access for SaaS with OAuth)
 
-If your MCP server is registered as an [Access for SaaS OIDC application](/cloudflare-one/access-controls/ai-controls/saas-mcp/) and implements [MCP OAuth](https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization), it receives an OAuth `access_token` from Cloudflare Access. The MCP server forwards this token to downstream self-hosted applications in the `Authorization: Bearer` header.
+If your MCP server is registered as an [Access for SaaS OIDC application](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/) and implements [MCP OAuth](https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization), it receives an OAuth `access_token` from Cloudflare Access. The MCP server forwards this token to downstream self-hosted applications in the `Authorization: Bearer` header.
 
 This approach requires your MCP server to implement the OAuth authorization code flow. Use the [self-hosted MCP server approach](#self-hosted-mcp-server-recommended) if you want Cloudflare to handle authentication for you.
 
@@ -79,7 +79,7 @@ accTitle: SaaS MCP server accessing internal applications
 ### Prerequisites
 
 - Add your downstream applications (for example, your `Internal API` and `Company wiki`) as [self-hosted Access applications](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/).
-- Add your MCP server as an [Access for SaaS OIDC application](/cloudflare-one/access-controls/ai-controls/saas-mcp/#access-for-saas-application).
+- Add your MCP server as an [Access for SaaS OIDC application](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/#access-for-saas-application).
 
 ### 1. Configure downstream applications
 

src/content/docs/cloudflare-one/access-controls/ai-controls/mcp-portals.mdx

@@ -18,7 +18,7 @@ An MCP server portal centralizes multiple [Model Context Protocol (MCP) servers]
 
 Key benefits include:
 
-- **Streamlined access to multiple MCP servers**: MCP server portals support both unauthenticated MCP servers and MCP servers secured using OAuth (for example, via [Access for SaaS](/cloudflare-one/access-controls/ai-controls/saas-mcp/) or a [third-party OAuth provider](/agents/model-context-protocol/authorization/)). Users log in to the portal URL through Cloudflare Access and are prompted to authenticate separately to each server that requires OAuth.
+- **Streamlined access to multiple MCP servers**: MCP server portals support both unauthenticated MCP servers and MCP servers secured using OAuth (for example, via [Access for SaaS](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/) or a [third-party OAuth provider](/agents/model-context-protocol/authorization/)). Users log in to the portal URL through Cloudflare Access and are prompted to authenticate separately to each server that requires OAuth.
 
 - **Customized tools per portal**: Admins can tailor an MCP portal to a particular use case by choosing the specific tools and prompt templates that they want to make available to users through the portal. This allows users to access a curated set of tools and prompts — the less external context exposed to the AI model, the better the AI responses tend to be.
 
@@ -51,7 +51,7 @@ To add an MCP server:
 7. Add [Access policies](/cloudflare-one/access-controls/policies/) to show or hide the server in an [MCP server portal](#create-a-portal). The MCP server link will only appear in the portal for users who match an Allow policy. Users who do not pass an Allow policy will not see this server through any portals.
 
    :::caution
-   Blocked users can still connect to the server (and bypass your Access policies) by using its direct URL. If you want to enforce authentication through Cloudflare Access, [configure Access as the server's OAuth provider](/cloudflare-one/access-controls/ai-controls/saas-mcp/).
+   Blocked users can still connect to the server (and bypass your Access policies) by using its direct URL. If you want to enforce authentication through Cloudflare Access, [configure Access as the server's OAuth provider](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/).
    :::
 
 8. Select **Save and connect server**.

…access-controls/ai-controls/saas-mcp.mdx …trols/ai-controls/secure-mcp-servers.mdxsrc/content/docs/cloudflare-one/access-controls/ai-controls/saas-mcp.mdx renamed to src/content/docs/cloudflare-one/access-controls/ai-controls/secure-mcp-servers.mdx src/content/docs/cloudflare-one/access-controls/ai-controls/saas-mcp.mdx renamed to src/content/docs/cloudflare-one/access-controls/ai-controls/secure-mcp-servers.mdx

@@ -13,7 +13,7 @@ The **Linked App Token** policy selector allows an Access policy on one applicat
 Linked App Token supports two flows:
 
 - [**Self-hosted to self-hosted**](#self-hosted-to-self-hosted) — A self-hosted application forwards its Access JWT to another self-hosted application. This is the simplest setup and requires no additional OAuth configuration.
-- [**SaaS to self-hosted**](#saas-to-self-hosted) — An Access for SaaS application (such as an [MCP server using OAuth](/cloudflare-one/access-controls/ai-controls/saas-mcp/#access-for-saas-application)) sends its OAuth access token to a self-hosted application.
+- [**SaaS to self-hosted**](#saas-to-self-hosted) — An Access for SaaS application (such as an [MCP server using OAuth](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/#access-for-saas-application)) sends its OAuth access token to a self-hosted application.
 
 ## Self-hosted to self-hosted
 

src/content/docs/cloudflare-one/access-controls/applications/linked-app-token.mdx

@@ -42,7 +42,7 @@ This section will discuss the process of consolidating and securing access to yo
 
 The Model Context Protocol supports [OAuth 2.1 for authorization](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization). You can configure your MCP server to use Cloudflare Access as its OAuth provider. This allows you to secure the MCP server with Access policies, using signals from your existing identity providers (IdPs), device posture providers, and other rules to control who can log in to the server. Once the user is authenticated through Access, Access passes an OAuth ID token to the MCP server. You can then implement server-side access controls based on the user identity attributes included in the token. For example, you may wish to limit access to specific tools based on user emails.
 
-To set up the Cloudflare Access OAuth integration, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/ai-controls/saas-mcp/).
+To set up the Cloudflare Access OAuth integration, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/access-controls/ai-controls/secure-mcp-servers/).
 
 ### Consolidate MCP servers into a portal