(fix): Show managed identity picker for custom MCP connector connection creation

[Bhavd13]

Commit Type

• feature - New functionality
• fix - Bug fix
• refactor - Code restructuring without behavior change
• perf - Performance improvement
• docs - Documentation update
• test - Test-related changes
• chore - Maintenance/tooling

Risk Level

• Low - Very less impact
• Medium - Moderate changes, some user impact. The change only affects UI rendering for custom MCP connector connection creation (adding a managed identity picker that was previously hidden); no backend logic, serialization, or existing connector flows are altered.
• High - Major changes, significant user/system impact

What & Why

Custom MCP connectors with managed identity auth show no authentication options when creating a connection. Users only see a connection name field with no identity picker.

Root cause: CreateConnection component explicitly hides parameters of type managedIdentity. When the connector's only parameter set (e.g., oauthMI) uses this type, all parameters are hidden — leaving an empty form.

Fix:
Detect when the selected multi-auth parameter set contains a managedIdentity type parameter
Render the managed identity picker for that case
Add fallback MCP auth parameter sets (None, Basic, Key, MI) for custom connectors missing connectionParameterSets

Impact of Change

• Users: Custom MCP connector connection creation now shows the managed identity picker when the connector defines MI auth
• Developers: New optional connectionParameterSetsOverride prop on CreateConnectionInternal (designer-v2)
• System: No performance or architecture changes

Test Plan

• Unit tests added/updated
• E2E tests added/updated
• Manual testing completed
• Tested in: Consumption Logic App (Brazil South) with custom MCP connector using oauthMI managed identity parameter set.
  The fix adds conditional rendering of an existing component based on a new boolean flag; the component itself is already tested, and the behavior is validated through manual E2E testing with a real custom MCP connector.

Contributors

@Bhavd13

Screenshots/Videos

This is the default behaviour which will appear when user will select a custom mcp server. They will have to select the auth type and fill in the details

This is the behaviour when a custom deployed MCP with auth defined as MI is used. This is the use case for ICM team

[github-actions]

🤖 AI PR Validation Report

PR Review Results

Thank you for your submission! Here's detailed feedback on your PR title and body compliance:

✅ PR Title

• Current: (fix): Show managed identity picker for custom MCP connector connection creation
• Issue: None. The title is specific and clearly describes the user-facing change.
• Recommendation: No change needed.

---

✅ Commit Type

• Properly selected (fix).
• Only one commit type is selected, which is correct.

---

✅ Risk Level

• The selected risk level (Medium) matches the label risk:medium and is consistent with the scope of the UI-focused change.

---

✅ What & Why

• Current: Clear explanation of the empty-form issue, root cause, and the fix.
• Issue: None. This section is sufficiently detailed.
• Recommendation: No change needed.

---

✅ Impact of Change

• The impact section is well-scoped and maps to users, developers, and system behavior.
• Recommendation:
  • Users: No additional detail required.
  • Developers: The new connectionParameterSetsOverride prop is correctly called out.
  • System: No change needed.

---

✅ Test Plan

• The test plan passes because manual testing is provided and the PR includes a clear explanation that the behavior was validated with a real custom MCP connector.
• I also confirmed the diff includes implementation changes but no new unit/E2E tests; that is acceptable here because the PR explains the manual validation context.

---

✅ Contributors

• Contributor credit is present.
• Recommendation: No change needed.

---

✅ Screenshots/Videos

• Screenshots are included and relevant to the UI change.
• Recommendation: No change needed.

---

Summary Table

Section	Status	Recommendation
Title	✅
Commit Type	✅
Risk Level	✅
What & Why	✅
Impact of Change	✅
Test Plan	✅
Contributors	✅
Screenshots/Videos	✅

---

This PR passes review for title/body compliance. The advised risk level matches the submitter’s assessment, so no escalation is needed.

---

Last updated: Fri, 22 May 2026 19:02:43 GMT

[Copilot]

Pull request overview

This PR fixes connection creation UX for managed (custom) MCP connectors by ensuring authentication options appear—especially Managed Identity—when the connector metadata either hides MI parameters or omits connectionParameterSets.

Changes:

• Add fallback MCP connectionParameterSets (None/Basic/Key/Managed Identity) for managed MCP servers when the connector response doesn’t provide auth parameter sets.
• Introduce connectionParameterSetsOverride on CreateConnectionInternal to allow callers to supply fallback auth options.
• Update CreateConnection to detect multi-auth parameter sets that include a managedIdentity-typed parameter and render a Managed Identity picker for that case.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File	Description
libs/designer-v2/src/lib/ui/panel/recommendation/browse/mcpToolWizard.tsx	Adds fallback MCP auth parameter sets and passes them into connection creation for managed MCP servers.
libs/designer-v2/src/lib/ui/panel/connectionsPanel/createConnection/createConnectionInternal.tsx	Adds an optional override prop and uses it when connector auth parameter sets are missing.
libs/designer-v2/src/lib/ui/panel/connectionsPanel/createConnection/createConnection.tsx	Detects MI multi-auth sets and renders the MI picker + passes selected identity through on submit.

[github-actions]

📊 Coverage Check

The following changed files need attention:

⚠️ libs/designer-v2/src/lib/ui/panel/connectionsPanel/createConnection/createConnection.tsx - 69% covered (needs improvement)
⚠️ libs/designer-v2/src/lib/ui/panel/connectionsPanel/createConnection/createConnectionInternal.tsx - 31% covered (needs improvement)
⚠️ libs/designer-v2/src/lib/ui/panel/connectionsPanel/createConnection/formInputs/legacyManagedIdentityPicker.tsx - 10% covered (needs improvement)
⚠️ libs/designer-v2/src/lib/ui/panel/recommendation/browse/mcpToolWizard.tsx - 57% covered (needs improvement)

Please add tests for the uncovered files before merging.

[takyyon]

@preetriti1 Mind reviewing this when you get a chance please?

[github-actions]

❌ PR Validation Error

An error occurred while validating your PR. Please try again later or contact the maintainers.

Error: Unexpected token '`', "```json
{
"... is not valid JSON

[preetriti1]

The Authentication Type input is getting removed from UI after Managed Identity is selected, why is that? Shouldn't we allow user to change the auth type?

[preetriti1]

Can you please check why the auth dropdown is missing after selecting MI

[Bhavd13]

The Authentication Type input is getting removed from UI after Managed Identity is selected, why is that? Shouldn't we allow user to change the auth type?

@preetriti1
The second image where you see the auth type missing when MI is selected uses a custom template deployed as a MCP connector. The ICM team will be using a deployed custom template, this template will already have auth type defined as MI, hence no dropdown for auth type will appear. They will also populate the audience property in the template itself so it wont be added here again since the custom connector will create a connection on its own using those params. Here is a snippet from the template which defines auth -

"connectionParameterSets": { "uiDefinition": { "displayName": "Authentication type", "description": "Type of authentication to be used." }, "values": [ { "name": "oauthMI", "uiDefinition": { "displayName": "Logic Apps Managed Identity", "description": "Create a connection using a Logic Apps Managed Identity" }, "parameters": { "token": { "type": "managedIdentity", "managedIdentitySettings": { "resourceUri": "api://icmmcpapi-ppe/mcp.tools" }, "uiDefinition": { "displayName": "Logic Apps Managed Identity", "tooltip": "Managed Identity", "description": "Sign in with a Logic Apps Managed Identity", "constraints": { "location": "logicapp", "required": "true" } } } },

[Bhavd13]

Can you please check why the auth dropdown is missing after selecting MI

So the way I have made changes is that, if a custom template is not deployed in the mcp custom connector, then it will ask users to connect and will provide all the auth options as shown. This will be a fallback method. Incase they have a template defined and auth selected (which is the use case for ICM team) then they dont need to select auth type here again and fill in the params. The schema is shared by Rama so if you have any questions related to that, I can add you to the group too.
I did have a question though. Do we need to allow auth selection in the custom mcp if schema doesnt define auth type? Because previously we were not doing it that way, so I wonder if we should bring that change as it might affect others using custom mcp

[preetriti1]

See, you are no where checking anything specific to mcp custom template scenario but a generic check if the parameter managedIdentity is set...
Are you sure this is not true in other cases like legacyMultiAuth and also other connectors like serviceProviders/managed apis where user has selected managed identity.? because then you might be breaking those scnearios to show the extra input in connection creation.

[preetriti1]

I do have some concerns but dont want to block this PR