--- title: "Connect FloQast to Claude: Audit Compliance Controls and Programs" slug: connect-floqast-to-claude-audit-compliance-controls-and-programs date: 2026-06-08 author: Uday Gajavalli categories: ["AI & Agents"] excerpt: "Learn how to connect FloQast to Claude using a secure MCP server. Automate compliance control audits, track month-end checklists, and analyze reconciliations." tldr: "Connect FloQast to Claude using Truto's dynamically generated MCP server. This guide covers bypassing custom API boilerplate, configuring secure token access, and automating month-end compliance workflows via AI." canonical: https://truto.one/blog/connect-floqast-to-claude-audit-compliance-controls-and-programs/ --- # Connect FloQast to Claude: Audit Compliance Controls and Programs If you need to connect FloQast to Claude to automate month-end close audits, monitor compliance controls, or analyze reconciliation statuses, you need a [Model Context Protocol (MCP) server](https://truto.one/what-is-mcp-and-mcp-servers-and-how-do-they-work/). This infrastructure layer acts as the translator between Claude's natural language tool calls and FloQast's REST API. You can either spend weeks building and maintaining this infrastructure yourself, or use a managed platform like Truto to dynamically generate a secure, authenticated MCP server URL. If your team uses ChatGPT, check out our guide on [connecting FloQast to ChatGPT](https://truto.one/connect-floqast-to-chatgpt-manage-reconciliations-and-analytics/) or explore our broader architectural overview on [connecting FloQast to AI Agents](https://truto.one/connect-floqast-to-ai-agents-sync-financial-entities-and-tasks/). Giving a Large Language Model (LLM) read and write access to your financial compliance ecosystem is an engineering risk. You have to handle secure token lifecycles, accurately map complex JSON schemas for highly specific financial objects, and deal with strict validation rules. Every time the FloQast API changes or your team needs access to a new compliance program, you have to update your server code, redeploy, and rigorously test the integration. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for FloQast, connect it natively to Claude, and execute complex audit workflows using natural language. ## The Engineering Reality of the FloQast API A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against a specific financial compliance API like FloQast is painful. You are not just building a generic proxy - you are mapping an LLM's unpredictable output to a highly structured financial data model. If you decide to [build a custom MCP server](https://truto.one/the-hands-on-guide-to-building-mcp-servers-for-ai-agents-2026/) for FloQast, you own the entire API lifecycle. Here are the specific challenges you will face: **Period-Locked Data and Strict Filtering** Unlike a generic CRM where you can simply pull a list of contacts, FloQast data is inherently tied to financial periods. Endpoints like reconciliations and checklists require strict `filter [month]` and `filter [year]` query parameters. If you expose raw endpoints to Claude without explicit schema definitions indicating that these filters are mandatory, the model will attempt generic `GET` requests and fail. A managed MCP server extracts these requirements from the API documentation and injects them into the tool's JSON schema as required properties, forcing the LLM to ask the user for the financial period before executing the call. **Complex Relational Hierarchies** FloQast's compliance module operates on a strict relational hierarchy: Entities map to Programs, Programs map to Processes, and Processes map to Controls. The API does not typically offer deep native expansion. To update a control, an LLM must often first list programs to find a `programId`, list processes to find a `processId`, and finally list controls. Building a custom MCP server means you have to accurately expose all these relational endpoints and ensure their schemas clearly describe to the LLM how the IDs map to each other. **Rate Limiting and Financial Close Bursts** During month-end close, automated agents querying checklists and reconciliations can easily trigger API quotas. It is critical to understand how this is handled: **Truto does not retry, throttle, or apply backoff on rate limit errors.** When the upstream FloQast API returns an HTTP 429 (Too Many Requests), Truto passes that error directly to the caller. However, Truto normalizes the upstream rate limit information into standardized IETF headers (`ratelimit-limit`, `ratelimit-remaining`, `ratelimit-reset`). The caller (your AI agent or multi-agent orchestration framework) is entirely responsible for reading these headers and implementing appropriate retry and exponential backoff logic. Instead of building schema translation and token management from scratch, you can use Truto. Truto exposes FloQast's endpoints as ready-to-use MCP tools, dynamically generating schemas based on real-time integration documentation. ## How to Generate a FloQast MCP Server with Truto Truto dynamically generates MCP tools from an integration's resource definitions. A tool only appears if it has an underlying documentation record, ensuring only well-defined endpoints are exposed to the LLM. You can spin up an MCP server for FloQast using either the Truto UI or the API. ### Method 1: Via the Truto UI For administrators and operators, the UI is the fastest way to generate a connection URL. 1. Navigate to your **Integrated Accounts** in the Truto dashboard. 2. Select your connected FloQast account. 3. Click the **MCP Servers** tab. 4. Click **Create MCP Server**. 5. Select your desired configuration. For auditing, you might want to restrict the server to read-only access by checking the appropriate method filters. 6. Click Generate and copy the provided MCP Server URL (e.g., `https://api.truto.one/mcp/abc123def456`). ### Method 2: Via the Truto API For developers building programmatic onboarding flows, you can generate MCP servers via the Truto API. This creates a secure token stored in a distributed key-value store, binding it to the specific integrated account. ```bash curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \ -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "name": "FloQast Audit AI Server", "config": { "methods": ["read", "update"] } }' ``` The API validates that FloQast has tools available, generates a secure token, and returns a ready-to-use URL: ```json { "id": "mcp_9f8e7d6c5b", "name": "FloQast Audit AI Server", "config": { "methods": ["read", "update"] }, "expires_at": null, "url": "https://api.truto.one/mcp/a1b2c3d4e5f6..." } ``` ## Connecting the FloQast MCP Server to Claude Once you have your Truto MCP URL, you need to configure your client. The server operates over HTTP POST with JSON-RPC 2.0 messages. ### Method A: Via the Claude UI (Desktop/Web) If you are using Claude's application interface (or similarly, ChatGPT Enterprise): 1. Copy your generated MCP server URL. 2. In Claude, navigate to **Settings -> Integrations -> Add MCP Server** (or Custom Connectors). 3. Name the connector "FloQast". 4. Paste the URL and click **Add**. 5. Claude will automatically initialize the connection, perform a handshake, and fetch the available FloQast tools. ### Method B: Via Manual Configuration File If you are running Claude Desktop and prefer managing configuration as code, you can use the official Server-Sent Events (SSE) transport wrapper provided by the Model Context Protocol SDK. Open your `claude_desktop_config.json` file (typically located at `~/Library/Application Support/Claude/claude_desktop_config.json` on macOS) and add the server: ```json { "mcpServers": { "floqast_compliance": { "command": "npx", "args": [ "-y", "@modelcontextprotocol/server-sse", "--url", "https://api.truto.one/mcp/a1b2c3d4e5f6..." ] } } } ``` Restart Claude Desktop. The application will connect to Truto and automatically register the FloQast operations. ## Essential FloQast MCP Tools for Claude Truto normalizes FloQast's API into standardized tools. The query parameters and request bodies are passed as a flat argument object by the LLM, which Truto safely parses and routes to the correct upstream endpoint. Here are the critical hero tools your AI agent will use for compliance and audit operations. ### 1. list_all_flo_qast_programs **Description:** Lists compliance programs in FloQast. **Contextual Usage:** Programs represent the top-level frameworks (e.g., SOX, SOC 2, ISO 27001). Your agent needs this tool to map program names to their internal `id` values before looking up specific controls. > "Claude, pull a list of all active compliance programs in our FloQast account. I need the internal program IDs for the SOX framework." ### 2. list_all_flo_qast_controls **Description:** Lists controls in FloQast. Accepts optional filters for `month`, `year`, `activity status`, and `programId`. **Contextual Usage:** The workhorse tool for auditing. Because financial APIs require tight scoping, you must prompt the LLM to provide the specific period. The tool schema strictly defines `month` and `year` to prevent the LLM from hallucinating query formats. > "Fetch all compliance controls under the SOX program ID `prog_123` for October 2023. Filter only for controls that are currently active." ### 3. get_single_flo_qast_control_by_id **Description:** Gets a specific control by its unique `id`, returning deep metadata including owners, assignees, descriptions, and assertion mapping. **Contextual Usage:** Once the agent identifies an anomalous or failed control from the list view, it uses this tool to inspect the full definition and identify the responsible parties for remediation. > "Get the detailed configuration for control ID `ctrl_889`. I need to see the exact description, the assigned owner, and the frequency of the control." ### 4. update_a_flo_qast_control_by_id **Description:** Updates an existing control in FloQast. **Contextual Usage:** Used for remediation workflows. The agent can update control metadata, reassign owners, or adjust descriptions based on changes in compliance policy. > "Update control `ctrl_889`. Change the description to note that log retention must now be 365 days, and reassign the owner to user `usr_554`." ### 5. list_all_flo_qast_checklists **Description:** Lists checklist items for a specific month and year, returning completion status, schedule details, and signature assignments. **Contextual Usage:** Essential for month-end close reporting. The LLM can retrieve the checklist and cross-reference which teams are lagging on their sign-offs. > "Pull the month-end checklist for November 2023. Identify any items related to 'Payroll' that lack signatures and list the assigned users." ### 6. list_all_flo_qast_reconciliations **Description:** Lists reconciliations for a given period. Requires `filter [month]` and `filter [year]`. Returns details including account status and related TLCs (Trial Balance, Ledger, Subledger). **Contextual Usage:** Allows the agent to audit the actual financial reconciliation process, checking if ledger balances tie out correctly against subledgers. > "Retrieve all reconciliations for December 2023. Provide a summary of any accounts where the status is not 'Reconciled'." For the complete inventory of available FloQast endpoints and their exact JSON schema definitions, visit the [FloQast integration page](https://truto.one/integrations/detail/floqast). ## Workflows in Action Connecting an LLM to FloQast unlocks powerful, multi-step automation. Here is how specific personas use these tools in practice. ### Scenario 1: The Month-End Reconciliation Audit **Persona:** Corporate Controller During the financial close, the Controller needs a rapid summary of trailing checklists and unreconciled accounts. Instead of manually clicking through FloQast, they prompt Claude. > "Review our FloQast instance for the November 2023 close. First, pull the checklist and tell me what tasks are overdue. Second, pull the reconciliations for the same period and summarize any accounts that haven't tied out yet. Flag the owners of the overdue items." **Execution Sequence:** 1. Claude calls `list_all_flo_qast_checklists` with arguments `{"filter [month]": "11", "filter [year]": "2023"}`. 2. Claude parses the checklist response, filtering for items missing signatures. 3. Claude calls `list_all_flo_qast_reconciliations` with arguments `{"filter [month]": "11", "filter [year]": "2023"}`. 4. Claude cross-references the data and generates a cohesive status report. **Result:** The Controller receives a formatted summary of bottlenecks, identifying exactly which accounts are delaying the close and who is responsible, entirely bypassing the FloQast UI. ### Scenario 2: Compliance Control Remediation **Persona:** IT Compliance Administrator Following a policy update, an administrator needs to identify specific controls and update their assignees. > "Find our SOC 2 compliance program. Then pull all active controls for December 2023 under that program. Find the control titled 'Database Access Review' and update its assignee to user ID `usr_999`." **Execution Sequence:** 1. Claude calls `list_all_flo_qast_programs` to find the ID for the SOC 2 program (e.g., `prog_soc2`). 2. Claude calls `list_all_flo_qast_controls` with arguments `{"filter [month]": "12", "filter [year]": "2023", "programId": "prog_soc2"}`. 3. Claude filters the returned list locally to find the ID of the 'Database Access Review' control (e.g., `ctrl_db_42`). 4. Claude calls `update_a_flo_qast_control_by_id` passing the `id` and the new `assignee` array. **Result:** The LLM successfully navigates FloQast's relational hierarchy, discovers the correct internal IDs, and mutates the required record - all driven by a single natural language command. ## Security and Access Control Exposing financial compliance data to an AI model requires strict governance. [Truto's MCP servers](https://truto.one/managed-mcp-for-claude-full-saas-api-access-without-security-headaches/) enforce security at the infrastructure layer, ensuring that you maintain absolute control over what the LLM can see and do. * **Method Filtering:** You can explicitly configure the server to block mutation endpoints. Setting `methods: ["read"]` during server creation guarantees the LLM can only execute GET requests, eliminating the risk of accidental data deletion. * **Tag Filtering:** Restrict tool generation to specific integration domains. By providing an array of tags (e.g., `tags: ["compliance"]`), the server will only generate tools for resources that match those categories, hiding unrelated financial ledgers from the model's context. * **Time-to-Live (Expires At):** Use the `expires_at` property to create ephemeral access. The backend scheduler will automatically execute a cleanup alarm, purging the token from the distributed key-value store and terminating access at the exact millisecond required. * **Dual Authentication Layer:** By enabling `require_api_token_auth: true`, possession of the MCP URL is no longer sufficient. The connecting client must also supply a valid Truto API token in the `Authorization` header, binding the AI agent's execution strictly to authenticated enterprise users. ## The Architecture of AI-Driven Compliance Building an MCP server from scratch means dealing with FloQast's period-locked endpoints, handling hierarchical mapping, and parsing rate limit headers into exponential backoffs. It is an undifferentiated engineering tax that drains resources from core product development. Using a [managed MCP server](https://truto.one/managed-mcp-for-claude-full-saas-api-access-without-security-headaches/) via Truto eliminates the API boilerplate. You get dynamically generated schemas, normalized pagination, and a self-contained token architecture that natively integrates with Claude. Stop writing custom API wrappers for your AI agents. Let the protocol handle the plumbing, and let the LLM handle the compliance audits. :::cta{buttonText="Talk to us" buttonUrl="https://cal.com/truto/partner-with-truto"} Ready to connect FloQast to your AI agents without the engineering overhead? Set up a managed MCP server in minutes. :::