> For the complete documentation index, see [llms.txt](https://docs.zenlytic.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.zenlytic.com/mcp/reltio.md). # Reltio Connect Zoë to the [Reltio AgentFlow MCP server](https://docs.reltio.com/developer-resources/ai-integrations/reltio-model-context-protocol-mcp-server-at-a-glance/reltio-agentflow-mcp-server) — Reltio's hosted MCP endpoint for AgentFlow tool orchestration — so she can search entities, explore relationships, and invoke other AgentFlow tools against your Reltio tenant directly from Zenlytic chats. Authenticate with a static `Authorization` header containing a Reltio OAuth 2.0 access token minted from a service account's client credentials. ## What Zoë can access Through the Reltio AgentFlow MCP server, Zoë can call the tools Reltio exposes for your tenant — typically entity search and lookup, relationship traversal, match candidate retrieval, activity history, and other AgentFlow operations against the data Reltio manages. The exact tool surface is set by Reltio and may grow over time; retrieve the current list with the [MCP Metadata API](https://docs.reltio.com/developer-resources/ai-integrations/reltio-model-context-protocol-mcp-server-at-a-glance/mcp-metadata-api) or by clicking **Test Connection** in Zenlytic. Every tool call runs as the Reltio identity attached to the access token, so Zoë's permissions in Reltio are whatever that identity can see and do. ## Prerequisites Before you start, confirm the following: * A **Reltio tenant** with **AgentFlow** and the **MCP server** enabled. If you don't see the MCP endpoint at `https://.reltio.com/ai/tools/mcp/`, contact Reltio Support to turn it on. * Your assigned Reltio **namespace** (the subdomain that prefixes `.reltio.com` in your tenant URL). * A **dedicated service account** in Reltio scoped to the **least-privileged** set of permissions Zoë needs. You'll mint client credentials against this account. * **Zenlytic requirements.** The `mcp-client` flag enabled on your workspace and `admin` role. See the [MCP overview](/mcp/overview.md) for the full list. ## Create Reltio client credentials The Reltio AgentFlow MCP server uses OAuth 2.0 client credentials. Each client ID/secret pair is tied to a Reltio service account, and the role assigned to that account is the role Zoë will run as in Reltio. 1. In Reltio, follow [Creating client credentials](https://docs.reltio.com/reltio/whats-new-and-notable/whats-new-at-a-glance/platform-changes-at-a-glance/enhance-your-security-with-single-sign-on-sso-and-prepare-for-multi-factor-authentication-mfa/migrating-service-accounts-from-password-to-client-credentials-authentication/creating-client-credentials) to generate a `client_id` and `client_secret` for the service account you want Zoë to run as. Avoid using a personal user account so you can rotate or revoke Zoë's access independently. 2. Scope the service account's role to the **minimum permissions** Zoë needs — read-only on entities and relationships is enough for search and exploration workflows. 3. Copy the generated client secret immediately — Reltio only shows it once. Store it in your secrets manager. ## Mint an access token Zenlytic doesn't run the OAuth client credentials flow on your behalf, so you mint the access token outside Zenlytic and paste it into the connection. Exchange the client credentials for an access token: ```bash curl -X POST "https://auth.reltio.com/oauth/token?grant_type=client_credentials" \ -H "Authorization: Basic $(echo -n "${CLIENT_ID}:${CLIENT_SECRET}" | base64)" \ -H "Content-Type: application/x-www-form-urlencoded" \ -H "Accept: application/json" ``` The response is a JSON document with an `access_token` field. Copy that value — it's what you'll paste into the `Authorization` header in the next step. > **Reltio does not support refresh tokens.** Access tokens expire and must be regenerated by re-running the request above. Plan a rotation cadence that matches the token lifetime and update the Zenlytic connection each time you mint a fresh token. ## Set up the connection in Zenlytic 1. Open **Workspace Settings → Extensions → MCP** and click **Add Connection**. 2. Fill out the form: * **Name** — a label that will appear in the chat tool menu, for example `Reltio (prod)`. * **URL** — the Reltio AgentFlow MCP endpoint for your tenant: `https://.reltio.com/ai/tools/mcp/`. Replace `` with your assigned Reltio namespace. Must use `https://`. 3. Add the required header (see [Configure request headers](#configure-request-headers)). 4. Click **Test Connection**. Zenlytic opens an MCP session against the Reltio server and lists the tools it advertises. 5. Review the tool list and toggle off any tools Zoë shouldn't be able to call. Newly-discovered tools are pre-selected. 6. Click **Add Connection** to save. ## Configure request headers Add the following in the **Headers** section of the Zenlytic connection modal. Header values are masked in the UI and encrypted at rest. | Header | Value | | --------------- | --------------------------------------------------------------------------------------------------- | | `Authorization` | `Bearer YOUR_RELTIO_ACCESS_TOKEN`. Include the `Bearer` scheme and a single space before the token. | ### Verify the token Before saving the connection, sanity-check the token against the Reltio MCP endpoint: ```bash curl -X POST \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' \ https://.reltio.com/ai/tools/mcp/ ``` A `200` response that lists your tools means the token, service account permissions, and namespace are wired up correctly — the MCP server will accept the same credentials. ## Use the connection in chat Once the connection has at least one selected tool, it appears in the chat tool menu. Toggle it on for any conversation where you want Zoë to use Reltio tools. The toggle is per-conversation, so different chats can mix Reltio with other MCP connections as needed. A few specifics to share with your users: * **One service account, one permission set.** Every user sharing the connection sees whatever Reltio data the service account's role can see. If you need different access for different teams, mint a separate access token from a separate service account scoped to a different role and wire it up as its own Zenlytic connection. * **Be specific in prompts.** Naming the entity type, attribute, or tool explicitly produces more reliable tool calls than vague references — for example, "Search for contacts with last name `Smith` in the `California` region." * **Tokens expire.** When Zoë starts returning `401 Unauthorized` errors mid-conversation, the token has expired. Mint a new one and update the connection's `Authorization` header. ## Manage the integration * **Rotate the access token:** Re-run the `curl` command in [Mint an access token](#mint-an-access-token), then **Edit** the connection in Zenlytic and overwrite the `Authorization` header value with the fresh token. Because Reltio doesn't issue refresh tokens, this is a routine operation rather than an exception — script it on the cadence that matches your token lifetime. * **Rotate the client secret:** In Reltio, generate a new client secret for the service account, mint a fresh access token with the new credentials, and update the Zenlytic `Authorization` header. Revoke the old client secret in Reltio once you've confirmed the new one works. * **Refresh tools:** If Reltio adds new tools or changes existing tool schemas, the next call may fail with a "tools have changed" error. Open the connection, click **Refresh Tools**, review the new set of tools, and **Save Changes**. * **Adjust permissions:** Edit the role attached to the service account in Reltio if you need to broaden or restrict what Zoë can do. The change takes effect on the next request — no Zenlytic update needed. * **Disable the integration:** Click **Delete** on the connection card to remove it immediately. Zoë stops seeing the Reltio tools in any new conversation. For belt-and-suspenders, also revoke the client credentials in Reltio. ## Troubleshoot * **`401 Unauthorized` from Reltio:** The access token is missing, malformed, or expired. Confirm the `Authorization` header includes the `Bearer` scheme with a single space, and mint a fresh token if it's been longer than the token lifetime since you last set it. Reltio doesn't support refresh tokens, so expired tokens must be regenerated from the client credentials. * **`403 Forbidden` on a tool call:** The role attached to the service account doesn't have permission for the action Zoë attempted. Either tighten the tool list in the Zenlytic connection modal so Zoë can't call that tool, or expand the role's permissions in Reltio. * **Tool list looks short or empty:** AgentFlow or the MCP server may not be enabled on your Reltio tenant, or the service account's role has limited permissions. Contact Reltio Support to confirm the MCP server is on, and double-check the role's permissions. * **`Invalid namespace` or DNS errors when saving:** The `` in the URL doesn't match a Reltio tenant. Confirm the value with your Reltio administrator and ensure the URL is exactly `https://.reltio.com/ai/tools/mcp/` (trailing slash included). * **Connection works in Test Connection but fails in chat:** Either the access token expired between test and use, or Reltio's tool surface has changed since you saved. Mint a fresh token, then open the connection in workspace settings and click **Refresh Tools**. * **Can't reach the MCP endpoint:** Confirm outbound HTTPS to `.reltio.com` and `auth.reltio.com` is allowed from Zenlytic's network. If your Reltio tenant is on a private VPC or restricted egress, contact Reltio Support — the public AgentFlow MCP endpoint must be reachable from Zenlytic. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zenlytic.com/mcp/reltio.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.