Skip to main content
Activation required. AI access management must be enabled for your tenant before you can use it. To get started, contact the C1 support team for a walkthrough.
The Linear MCP server lets you govern access to Linear — issues, projects, cycles, teams, users, and comments — as tools your AI clients can call through C1. Linear supports two ways to authenticate, and you choose one when you register the server:
  • Per-user OAuth (recommended). Each person authorizes with their own Linear account, so every tool call runs under that user’s Linear identity and permissions.
  • Personal API key. A single key authenticates everyone, so all tool calls reach Linear as one shared identity.
For a deeper comparison of shared versus per-user credentials, see Configure authentication.

How C1 connects to Linear

C1 hosts the Linear MCP server, so your users’ AI clients only ever see MCP tools — they never call Linear directly. When an AI client calls one of these tools, C1 makes the matching request to the Linear API using the credentials you configure here, then returns the result to the AI client. The credentials you set up below are what C1 uses to call Linear on your users’ behalf.

Before you begin

  • AI access management must be enabled for your tenant. See Enable AI access management.
  • For per-user OAuth, you need to be a Linear workspace admin who can create an OAuth application.
  • For a personal API key, you need the Linear account whose access the key should carry.
If you don’t see Linear in your MCP server catalog, contact the C1 support team to enable it for your tenant.

Option 1: Set up per-user OAuth

With per-user OAuth, you register one Linear OAuth application and each user authorizes individually. This keeps every action attributable to the user who took it, with only the access that user already has in Linear.

Create a Linear OAuth application

Create an OAuth application in Linear so users can authorize C1 with their own Linear accounts. For Linear’s own walkthrough, see OAuth 2.0 authentication.
1
As a Linear workspace admin, open Settings > API > OAuth applications and select Create new.
2
Set the Redirect URI exactly to:
https://accounts.conductor.one/auth/callback
3
Select the scopes C1 needs for the operations you plan to govern, such as read, write, issues:create, and comments:create.
4
Save the application, then copy its Client ID and Client Secret.

Register the server with OAuth

With your OAuth application ready, register the server and provide its credentials.
1
Follow Register an MCP server and select Linear from the catalog.
2
When you configure authentication, choose per-user OAuth and enter your application’s client ID and client secret.
3
Save your changes. The first time a user calls a Linear tool from their AI client, they’re prompted to connect their Linear account.

Option 2: Use a personal API key

A personal API key authenticates every user as one shared Linear identity. The key acts as the user who created it and inherits all of that user’s permissions across every workspace and team they belong to. Use this when per-user attribution in Linear isn’t required.

Create a personal API key

Create a personal API key in Linear for the account C1 should run as. For Linear’s own walkthrough, see API and webhooks.
1
Sign in to Linear as the account C1 should run as, then open Settings > Security & access.
2
Under Personal API keys, select Create key.
3
Enter a label such as C1 and select Create.
4
Copy the key immediately. Linear shows it only once.
For a shared production setup, create the key from a dedicated service-account user with only the workspace memberships C1 needs, so activity is attributable to C1 rather than a person.

Register the server with a key

With your key ready, register the server and provide it as the credential.
1
Follow Register an MCP server and select Linear from the catalog.
2
When you configure authentication, choose Bearer token and paste your personal API key.
3
Save your changes. C1 starts a sync that discovers the tools the Linear server exposes.

How Linear credentials are shared

How Linear sees your users’ activity depends on the method you chose:
  • Per-user OAuth. Each user authorizes with their own Linear account, so tool calls run under that user’s Linear identity and inherit only the access they already have. Linear attributes each action to the individual user.
  • Personal API key. Every user’s tool calls use the one key you provided, so Linear sees a single shared identity. C1 still attributes each call to the individual user in the AI tool usage audit log.
For how shared and per-user credentials work across MCP servers, see Configure authentication.

Discover and govern tools

After you register the server, C1 runs tool discovery against Linear. Discovered tools appear on the server’s Tools tab. Each tool starts as either Pending review or automatically Approved, depending on the option chosen when the server was set up or your tenant’s default tool settings in Settings > AI Connections. See Require tool approval and Default tool classification. Before anyone can call a Linear tool, it must be approved, added to a toolset, and bound to an access profile. Continue to Govern tools and toolsets to set this up.
Tool discovery runs even if your credentials are incorrect, so seeing discovered tools doesn’t confirm that authentication is working. You confirm your Linear credentials when an approved user successfully calls a Linear tool from their AI client.

Manage your Linear credentials

  • Rotate the OAuth client secret in your Linear OAuth application under Settings > API > OAuth applications, then update the secret on the server’s authentication settings in C1.
  • Rotate a personal API key in Settings > Security & access by deleting the existing key, creating a new one, and updating it in C1. Linear personal API keys don’t expire on their own, so rotate them on a schedule.
  • Adjust access by editing the OAuth application’s scopes, or by changing the workspace memberships of the account that owns the personal API key.