Visier MCP

Learn about Visier's Model Context Protocol (MCP) server.

Overview

The Model Context Protocol (MCP) is an open-source standard for connecting AI applications to external systems. MCP allows AI systems to access real-time information from various sources. Through MCP servers, organizations can expose their APIs and data in a standardized way, enabling more powerful and context-aware AI interactions.

Each AI application's output quality is client-dependent because different AI applications use different LLMs to interact with MCP. Visier MCP demonstrates successful results with Anthropic's Sonnet LLMs.

Visier MCP connects MCP-compatible client applications, such as Claude Desktop and Cursor, to Visier to retrieve data for use in external systems. The MCP server provides a common interface through which your clients can query Visier APIs without requiring custom API integrations for each AI application you want to integrate with Visier. Use Visier MCP to access real-time, standardized data while maintaining your Visier users' data security and controls.

With your data loaded in Visier, use MCP to answer business questions such as:

• How many people are close to retirement age?
• Who are my top performers?
• What's the total cost of my workforce?

In an AI agent, you can access Visier MCP tools alongside other non-Visier MCP tools to combine server capabilities. For example, let's say your organization connects to the Google Calendar MCP. You can ask your AI agent to compare the amount of meeting hours you spend with your team's highest and lowest performers. To accomplish your request, the AI agent uses Visier Query MCP Server to find your team's highest and lowest performers. Then, the AI agent uses the Google Calendar MCP to search your calendar for any meetings with those individuals and identifies people you should schedule more time with and when.

However, there is some risk in using MCP servers. We do not recommend connecting untrusted MCP servers to AI agents that also access Visier MCP. For more information about risks, see Security considerations.

Available tools

Visier Query MCP Server supports the following Vee tools:

• Ask Vee AI agent
• Get sample Vee questions

Visier Query MCP Server supports the following data out tools:

• Get an object reference graph
• Run an aggregate metric query
• Run a list query
• Search analytic objects
• Search properties for an analytic object
• Search metrics
• Search dimensions for a metric
• Search dimensions for an analytic object
• Search dimension members for filtering

Difference between Vee tools and data out tools

By default, Visier MCP answers user questions with the Ask Vee AI agent tool. Visier MCP answers user questions with the other tools if:

• Vee can't answer the question.
• The user wants to see the full thinking logic of the agent and disables Vee tools or tells the agent not to use Vee.
• The user wants to ask more complicated business questions that require multiple tools, such as prompts.

Use Vee tools for most users and use cases. Vee is a purpose-built AI agent developed and continuously improved by Visier. When you ask a question through an MCP client, Vee interprets your intent, determines how to query your Visier data, and returns a response. Visier monitors and evaluates Vee's response quality and optimizes the agent to reliably handle the most common workforce analytics questions.

The data out tools are structured wrappers around Visier's public data out APIs. These tools do not use Vee at all. Instead, your MCP client's AI, such as Claude or Cursor, takes over the reasoning role entirely. The client decides which tools to call, in what order, and how to interpret the results. Visier designed the data out tools to return results in an LLM-friendly format, such as only returning the top members of a dimension rather than exhaustive lists that would overwhelm the model. However, the overall quality of the response depends on your client agent's capabilities and the quality of your prompts.

For most users, Vee tools are the right choice. Use data out tools for advanced scenarios where Vee cannot answer a specific question and you have the resources to write well-engineered prompts and build evaluation pipelines to measure response quality. You can enable or disable specific tools in most MCP clients. Optionally, disable data out tools so that your MCP client only uses Vee tools.

Available prompts

Prompts are pre-built templates that guide the AI agent through structured analytic workflows and provide step-by-step instructions on how and which tools to use to complete a complicated task. Visier MCP provides a set of prompts that highlight what prompts can accomplish. You can follow the prompts as examples for how to write your own complicated instructions.

Prompts require a user to invoke the prompt. This differs from tools, which the AI agent calls based on user requests. Tools are supported across most AI clients, but some AI clients haven't implemented prompts yet. For a full list of AI clients that support prompts, see Example Clients.

Visier Query MCP Server supports the following prompts:

• Employee analysis instructions: Provides instructions to analyze data on a specific employee. Important properties like jobs, organizations, tenure, compensation, performance, risk of resignation, and related analytic objects will be analyzed. The employee may also be compared with metrics across the organization.
• Candidate analysis instructions: Provides instructions to analyze data on a specific candidate. Important properties like job, employer, location, skills, and related analytic objects will be analyzed.
• Requisition analysis instructions: Provides instructions to analyze and compare the applicants for a specific requisition. Important properties like job, location, reason, status, and related analytic objects will be analyzed. The applicants who applied to the requisition will also be compared to each other.

Limitations

Visier Query MCP Server requests reflect your data as of the latest data load in Visier.

Because Visier Query MCP Server connects to Visier APIs, API rate limits apply. Calls over these limits are rejected. For more information, see API Rate Limiting.

An MCP server's understanding of natural language depends on the AI agent's capabilities and may vary from agent to agent.

Security considerations

Before enabling Visier MCP, be aware of the following security considerations.

Data processing roles and responsibility

When you use Visier MCP to connect to a third-party AI tool, you decide which third-party AI tools to connect to and you determine the purpose for using them. Your use of these tools is governed by your own direct agreement with that tool's provider.

Lethal trifecta attacks and cross-tool communication and data leakage risks

If an agent has the following 3 capabilities, there is risk of data theft through a lethal trifecta attack:

• Access to your private data.
• Exposure to untrusted content, such as internet sources, emails, or task-tracking tools.
• Ability to communicate externally, such as replying to emails or support requests.

The lethal trifecta attack is a special case of indirect prompt injection. Indirect prompt injection is where an attacker places a malicious prompt in a location the AI agent might access, such as a public website, a support ticket, or an email. When the AI agent encounters the malicious text, the malicious prompt can trick the AI agent into overriding its original instructions and executing harmful commands. Combined with access to private data and the ability to communicate externally, this malicious prompt can trick the agent into leaking private data. For more information about the lethal trifecta, see The lethal trifecta for AI agents: private data, untrusted content, and external communication.

The only known mechanism to completely prevent exploitation of the lethal trifecta is to avoid building it at all. Use the Rule of Two: do not allow an agent to perform more than 2 of the 3 capabilities within a session. If an agent must perform all 3 capabilities within the same session, do not allow it to act independently; keep a human involved to supervise and approve the agent's actions. Take care when connecting multiple MCP servers to ensure you do not create the lethal trifecta. Before enabling MCP through profile capabilities:

• Educate users about the lethal trifecta.
• Train users to spot malicious actions.
• Instruct users to avoid becoming complacent.

Indirect prompt injection

An attacker places a malicious prompt in a location the AI agent might access, such as a public website, a support ticket, or an email. Because AI agents combine instructions and data, it is difficult for an agent to identify which prompts are legitimate and which prompts are injected. This can be exploited to make the agent perform unintended and potentially malicious actions.

Context poisoning

In a multi-tool environment, tools share the AI agent's context or memory. An attacker can inject malicious or misleading information into the agent's context through one tool. Subsequent calls to Visier MCP could then be influenced by the poisoned context, causing the agent to retrieve inaccurate data from Visier.

Mitigation and best practices

To protect against these security risks, administrators should implement the following safeguards.

Train your users

Educate users about the risks of:

• The lethal trifecta and how to avoid combining all 3 capabilities.
• Connecting untrusted MCP tools to their AI agent.
• Allowing the AI agent to access untrusted external content.

Use trusted MCP tools only

Only enable MCP servers from trusted, verified sources. Do not allow users to connect untrusted MCP servers to AI agents that also have access to Visier MCP. Each AI agent has its own methods for registering and verifying MCP servers, so check your client's trusted sources.

What Visier is doing

To ensure MCP is only available to intended users, access to MCP is controlled through a feature toggle and requires that administrators assign a profile or profile additional capability to approved MCP users. For more information, see Prerequisites. Additionally, MCP uses OAuth 2.0 authorization to grant user access to Visier MCP in AI agents without ever sharing user passwords. For more information, see OAuth 2.0.

Visier data security persists in MCP; users can only access data through MCP that they are allowed to access in Visier.

For support, contact Visier Technical Support.

Frequently asked questions

Hosting and infrastructure

Is Visier MCP a fully-managed SaaS service hosted on Visier-owned infrastructure?

Yes. Visier fully manages all Visier MCP servers and hosts them on Visier-operated Amazon EC2 and Azure instances. The service runs outside your organization's network boundary.

Which data center region will Visier provision my MCP instance in?

Visier MCP server uses the same regional placement as your Visier tenant. For example, if your tenant is hosted on Visier servers in the US region, your MCP server will also run in the US region.

Connectivity

How does my MCP client connect to Visier MCP?

Visier MCP follows the standard MCP specification using HTTPS with Server-Sent Events (SSE) over the public internet. Your server is reachable at the following public HTTPS endpoint.

1
https://{vanity_name}.app.visier.com/visier-query-mcp

Per the MCP specification, Visier MCP server uses OAuth 2.0 to secure access rather than network-level controls. Any client that complies with MCP's Authorization supports this communication model.

To retrieve OAuth endpoint URLs for token requests, do one of the following:

• If your MCP client supports Server Metadata Discovery, follow the steps in Sequence Diagram.
• If your MCP client doesn't support Server Metadata Discovery, follow the steps in (Optional) Manually retrieve authorization server metadata.

After obtaining an access token, send it in the Authorization header for all Visier MCP requests. For more information, see Access Token Usage.

Authentication and session management

Does Visier cache authentication tokens server-side?

No. Visier MCP uses stateless JSON Web Tokens (JWTs) validated by signature. Visier MCP servers do not store access tokens. Your MCP client is responsible for storing and refreshing tokens according to the MCP specification.

Most MCP clients cache the access token and refresh token in memory or in a secure persistent store for the duration of the application session.

How long is a session valid before re-authentication is required?

Visier MCP uses a two-token OAuth 2.0 model:

• Access token: Valid for 60 minutes. Your MCP client uses this token to make requests to Visier MCP server.
• Refresh token: Valid for 8 hours. If your MCP client supports standard OAuth 2.0 refresh flows, it will automatically request a new access token every 60 minutes using the refresh token without interrupting the user.

Re-authentication is required when the refresh token expires after 8 hours.

Are there configurable session timeout options?

Session validity periods are not configurable. If your organization requires custom session timeout periods, contact your contact your Customer/Partner Success Manager to register your interest.

Which type of OAuth client registration does Visier support?

Visier supports Preregistration. To obtain your static client ID and credentials, see Register a Client Application.

Observability

Do Vee tool queries made through Visier MCP appear in the Vee question log?

Yes. Queries made through Visier MCP to Vee appear in the Vee Logs under a distinct client type. MCP activity is identifiable and separate from other query sources.

In this section