Quickstart

This quickstart walks you from “never connected an MCP server” to “searching your matters from your AI assistant” in under five minutes. It uses real Consilio data — your data — so the moment you finish, the connector is useful, not just configured.

What you’ll have at the end

An MCP-compliant AI assistant (Claude, Cursor, Copilot, etc.) authenticated as you, calling four read-only tools — searchMatters, searchWorkspaces, searchDocuments, searchTickets — against the matters you can already see in the Consilio portal.
Zero new credentials. Zero shared client secrets. Zero data exported outside Consilio’s footprint.

Prerequisites

A Consilio user account — the same one you use for portal.consilio.com and auth.ai.consilio.com. If you can sign in there, you can use Aurora MCP.
An MCP-compliant client. We test against:
- claude.ai (Pro / Team / Enterprise)
- Claude Desktop (macOS / Windows)
- Claude Code (terminal CLI)
- Cursor (code editor)
- GitHub Copilot
The MCP endpoint:
```
https://mcp.ai.consilio.com
```
Your client must support OAuth 2.1 with PKCE (S256) and RFC 9728 Protected Resource Metadata discovery. Every client listed above does.

Step 1 — Open your client’s connector settings

Aurora MCP works with any client that speaks MCP. Pick whichever applies to you:

claude.ai — Settings → Connectors → Add custom connector.
Claude Desktop — Settings → Developer → Edit config.
Claude Code — claude mcp add consilio https://mcp.ai.consilio.com.
Cursor — Settings → MCP → Add server.
GitHub Copilot — mcp.json workspace file (see Copilot integration guide).

Each client surfaces the same flow: you provide one URL, the client discovers everything else automatically, and a browser tab opens for authentication.

Step 2 — Point it at Aurora MCP

Use this endpoint. The same URL works with every compliant MCP client:

https://mcp.ai.consilio.com

Your assistant fetches https://mcp.ai.consilio.com/.well-known/oauth-protected-resource under the hood, learns which authorisation server to talk to, and walks you through the OAuth login automatically. You don’t paste a client secret. You don’t paste a token. You just give it the URL.

A browser window opens for auth.ai.consilio.com — that’s Consilio Identity, Consilio’s enterprise identity service. Use your normal Consilio credentials. SSO and MFA work exactly as they do on the portal.

After sign-in, you’ll see a consent screen describing the scopes the client is requesting (read-only access to matters, workspaces, documents, and tickets you can already see). Approve it and the tab closes itself.

Step 4 — Ask your assistant something

Try one of these prompts. Each maps cleanly to one of the four tools.

Prompt	Tool invoked
”What active matters do I have for Coho Capital?”	`searchMatters`
”Show me the workspaces inside A12345.”	`searchWorkspaces`
”Search the workspace for memos about the SEC investigation.”	`searchDocuments`
”Are any of my Consilio support tickets still open?”	`searchTickets`

The client invokes the appropriate Aurora MCP tool — as you — and feeds the result back to the assistant for citation. Every result is scoped to what you can already see in the portal: nothing more, nothing less.

Matter alpha-codes

A matter alpha-code is a single letter followed by 5 or 6 digits, e.g. A12345 or B204891. Tools that accept a matter scope validate this format up front. If you reference a matter by name (e.g. “the Coho Capital SEC one”), searchMatters will resolve it to a code first — the assistant will either ask you to pick from candidates or, if the prose is unambiguous, go straight to the matching matter.

Step 5 — Verify you’re authenticated as the right person

Ask:

Whose matters are you seeing?

The assistant won’t know your name from the token directly, but it can list matters and you’ll recognise them. If you see somebody else’s matters, you’re signed into the wrong account — sign out of auth.ai.consilio.com in that browser profile and re-authorise the connector.

Troubleshooting

”401 Unauthorized” from the connector

The token didn’t reach the gateway, expired mid-call, or was rejected by audience binding. Refresh the connector in your client’s settings and re-authorise. If the failure repeats, capture the timestamp and email support@consilio.com.

”No matters returned”

The user has no visible matters in Consilio with the criteria you supplied. Two checks:

Can you see the matter at portal.consilio.com? If not, Aurora MCP can’t see it either — your portal access needs to be provisioned first.
Try a broader query (a matter alpha-code, or just the client name with no other qualifiers).

Slow first response

The MCP server reranks ambiguous matter searches with a small language model; first calls inside a fresh container can take a couple of seconds while the model warms up. Subsequent calls are fast. This is expected, not a bug.

The browser tab opens but never returns

Likely a popup blocker or a stricter cookie policy. Allow popups for auth.ai.consilio.com and try again. If you’re on a managed browser profile, your IT policy may be blocking the redirect — try a normal browser profile.

”Connector requires PKCE” / “Audience mismatch”

Your client is older than the OAuth 2.1 + RFC 8707 + RFC 9728 baseline Aurora MCP requires. Update the client to its latest version.

Something else

The full error catalogue lives at reference / errors. If you can’t find your error there, open a support ticket — see FAQ → Support.

What’s next

Read the Security model — token-strip at the gateway, audience binding, identity-header injection, network isolation.
Browse the tool reference for the full input / output schemas.
Connect another client — every integration page uses the same endpoint.
Skim the FAQ before submitting a support ticket — most first-call questions are answered there.