Connect SolarWinds Service Desk to Claude: Sync Incidents and Roles

If your IT organization uses SolarWinds Service Desk, you know the platform is a dense repository of incidents, hardware assets, software licenses, and access policies. Connecting a Large Language Model (LLM) like Claude to this system allows you to automate ticket triage, audit user access hierarchies, and generate post-mortem reports. To make this connection, you need a Model Context Protocol (MCP) server to act as the translation layer between Claude's function calls and the SolarWinds REST API.

You can either spend engineering cycles building, hosting, and maintaining this infrastructure yourself, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL. (If your team uses ChatGPT, check out our guide on connecting SolarWinds Service Desk to ChatGPT or explore our architectural overview on connecting SolarWinds Service Desk to AI Agents).

Giving an AI agent raw access to an IT Service Management (ITSM) tool (see our 2026 ticketing integrations strategy guide) is risky without strict controls. Every time an endpoint changes or a custom field is added, a hardcoded integration breaks. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for SolarWinds Service Desk, connect it to Claude, and execute complex IT operations using natural language.

The Engineering Reality of the SolarWinds Service Desk API

A custom MCP server is essentially a self-hosted integration proxy. You have to handle authentication lifecycles, map massive JSON schemas to MCP tool definitions, and deal with vendor-specific data structures. Implementing this against the SolarWinds Service Desk API introduces a few highly specific engineering headaches that you have to solve before an LLM can successfully interact with it.

The "Layout" Query Parameter Complexity Unlike many standard REST APIs that return flat objects, SolarWinds relies heavily on a layout query parameter to dictate the shape and depth of the returned JSON. If you query an incident without specifying the layout, you receive a shallow object. If you request an expanded layout, the response suddenly contains deeply nested arrays of comments, attachments, service statistics, and audit histories. If you expose this directly to an LLM without strict schema guidance, the model will hallucinate property paths or fail to extract nested data. Truto handles this by binding the layout parameter into well-defined tool schemas, ensuring Claude knows exactly what shape of data to expect back.

Attachment Retrieval and Handling IT tickets are useless without their context, and in ITSM, context lives in attachments - screenshots, log files, and error traces. The SolarWinds API handles attachments via dedicated sub-resources that return binary streams. LLMs cannot natively ingest raw byte streams via standard JSON-RPC tool calls. A proper MCP layer must handle the extraction, temporary hosting, or text extraction of these files. Truto exposes specific tools for downloading attachments, allowing Claude to interface with the metadata or proxy the content into its context window safely.

Hard Rate Limits and Error Handling SolarWinds enforces strict API quotas to protect tenant performance. If an over-eager AI agent gets caught in a loop - perhaps attempting to summarize every incident from the past three years - the API will return an HTTP 429 Too Many Requests error. It is critical to understand that Truto does not absorb, retry, or apply backoff to rate limit errors. If SolarWinds returns a 429, Truto passes that error directly back to the caller. However, Truto actively normalizes the upstream rate limit information into standardized IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). This predictable standard means your agent framework only needs to write one retry logic block, rather than handling bespoke vendor error codes.

How to Generate a SolarWinds Service Desk MCP Server

Truto derives MCP tools dynamically. When you authorize a SolarWinds Service Desk connection (an integrated account), Truto evaluates the integration's documented resources and generates a secure JSON-RPC endpoint.

You can spin up this server using either the Truto dashboard or the API.

Method 1: Via the Truto UI

If you are setting up an internal tool or testing a workflow, the UI is the fastest path.

1. Log into your Truto dashboard and navigate to the integrated account page for your SolarWinds connection.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Configure the server parameters. You can name it, filter which methods the LLM can use (e.g., read-only), and set an optional expiration date for temporary access.
5. Copy the generated MCP server URL. This URL contains a securely hashed token scoped specifically to this IT environment.

Method 2: Via the Truto API

If you are building a multi-tenant AI application and need to programmatically provision MCP servers for your end-users, you can use the Truto API.

Make a POST request to /integrated-account/:id/mcp with your desired configuration:

// POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp
// Authorization: Bearer <TRUTO_API_TOKEN>
 
{
  "name": "SolarWinds ITSM AI Agent",
  "config": {
    "methods": ["read", "write"], // Restrict to specific CRUD operations if needed
    "tags": ["incidents", "roles"] // Restrict tools to specific resource categories
  },
  "expires_at": "2026-12-31T23:59:59Z"
}

The API provisions the server and returns the endpoint:

{
  "id": "mcp_srv_9x8y7z6w5v",
  "name": "SolarWinds ITSM AI Agent",
  "config": {
    "methods": ["read", "write"],
    "tags": ["incidents", "roles"]
  },
  "expires_at": "2026-12-31T23:59:59Z",
  "url": "https://api.truto.one/mcp/abc123def456..."
}

How to Connect the MCP Server to Claude

Once you have your Truto MCP URL, connecting it to Claude is a straightforward process (learn more about managed MCP for Claude). You do not need to install local SDKs or write any Python/TypeScript wrapper code.

Method A: Via the Claude UI (Desktop or Web)

Anthropic natively supports adding remote MCP endpoints directly via the interface.

1. Open Claude and navigate to Settings -> Integrations -> Add MCP Server (or Settings -> Connectors -> Add custom connector depending on your plan tier).
2. Name the integration (e.g., "SolarWinds IT Support").
3. Paste the URL you generated from Truto.
4. Click Add.

Claude will perform a handshake (initialize), request the tool list, and immediately make the SolarWinds operations available to your chat interface.

Method B: Via Manual Configuration File

If you are running Claude Desktop and prefer managing your integrations via code, or if you are integrating into a headless agent framework, you can map the server using standard Server-Sent Events (SSE) transport.

Edit your claude_desktop_config.json file:

{
  "mcpServers": {
    "solarwinds_service_desk": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "--url",
        "https://api.truto.one/mcp/abc123def456..."
      ]
    }
  }
}

Restart Claude Desktop. The agent is now securely tethered to your SolarWinds instance.

Hero Tools for SolarWinds Service Desk

When Truto generates the MCP server, it exposes SolarWinds API endpoints as context-aware tools. Below are the highest-leverage tools your AI agent will use for ITSM operations.

list_all_solar_winds_service_desk_incidents

Retrieves the current queue of incidents. This tool supports the layout query parameter, meaning the LLM can request deep context (like comment history and custom fields) or just a shallow list for triage.

"Fetch the latest 10 open incidents assigned to the network infrastructure team. Use the detailed layout to include the latest comment thread for each ticket."

get_single_solar_winds_service_desk_incident_by_id

Drills down into a specific ticket. Useful when the LLM identifies a high-priority issue from the list and needs exhaustive details to attempt automated remediation or draft a response.

"Get the full details for incident ID 49201. Analyze the service statistics and tell me if this ticket is currently breaching our 4-hour resolution SLA."

update_a_solar_winds_service_desk_incident_by_id

Allows the AI agent to mutate the ticket state - changing priority, assigning it to a new group, resolving it, or updating custom properties.

"Update incident 49201. Change the status to 'Resolved', set the priority to 'Low', and assign it back to the original reporter."

create_a_solar_winds_service_desk_comment

The workhorse for asynchronous communication. The agent uses this to log its findings, update the end-user, or leave internal notes for human engineers.

"Create a new internal comment on incident 49201. Paste the error trace analysis I just generated and flag that a database restart is recommended."

solar_winds_service_desk_attachments_download

Interacts directly with the file payload attached to a ticket. Crucial for workflows where users upload screenshots of error messages or CSVs of corrupted data.

"Check if incident 50012 has any attachments. If it does, download the log file and summarize the stack trace causing the application crash."

list_all_solar_winds_service_desk_roles

Queries the security and access control hierarchy. IT admins frequently use this to audit which users hold specific access profiles within the organization.

"List all custom roles defined in our SolarWinds directory. Highlight any role that grants 'Delete' permissions to the global hardware asset inventory."

To view the complete schema definitions and the full inventory of available SolarWinds endpoints - including categories, groups, and tasks - visit the SolarWinds Service Desk integration page.

Workflows in Action

Connecting tools is just the prerequisite. The actual value comes from orchestrating these tools into chained, autonomous workflows. Here is how Claude executes real-world ITSM scenarios using the Truto MCP server.

Scenario 1: Automated Incident Triage and Enrichment

Level 1 support teams spend hours reading vague tickets and manually routing them to the correct engineering pod. You can offload this entirely to Claude.

User Prompt: "Review all unassigned incidents created in the last 2 hours. Read their descriptions, determine if they belong to the Database or Frontend team, write a short technical summary as an internal comment, and reassign the ticket to the appropriate group."

Step-by-step Execution:

1. Claude calls list_all_solar_winds_service_desk_incidents using query parameters to filter for status: unassigned and a recent time window.
2. For each incident returned, the model evaluates the description string.
3. Claude calls list_all_solar_winds_service_desk_groups to find the exact internal ID for the "Database" and "Frontend" engineering pods.
4. Claude calls create_a_solar_winds_service_desk_comment on each ticket, appending its technical summary.
5. Claude calls update_a_solar_winds_service_desk_incident_by_id to update the group_id parameter, effectively routing the ticket.

Result: The user sees an empty unassigned queue, and the engineering teams see enriched, properly routed tickets in their respective buckets.

Scenario 2: Zero-Trust Role and Privilege Auditing

Security teams need to constantly verify that access controls have not drifted. Generating these reports manually across nested groups and roles is tedious.

User Prompt: "Audit our SolarWinds access controls. Retrieve all roles and all user groups. Cross-reference them and alert me if any group outside of the 'Global Admins' group has been assigned a role with administrative privileges."

Step-by-step Execution:

1. Claude calls list_all_solar_winds_service_desk_roles to extract the master list of permission sets.
2. Claude calls list_all_solar_winds_service_desk_groups to pull the directory of active teams.
3. Claude parses the relationships between the models, identifying which roles are mapped to which groups.
4. It evaluates the permission flags within the roles to identify admin-level capabilities.
5. It outputs a formatted Markdown report directly into the chat interface detailing the security violations.

Result: The security engineer receives an instant compliance audit of ITSM permissions without clicking through dozens of UI menus.

Security and Access Control

Giving an LLM access to an enterprise IT desk demands strict security constraints. Truto's MCP architecture provides several layers of protection without requiring you to write custom middleware.

• Method Filtering: When provisioning the server, you can restrict the token to specific operations. Passing methods: ["read"] ensures the LLM can pull incident data but physically cannot execute create, update, or delete tools, preventing accidental data corruption.
• Tag Filtering: You can scope the MCP server by resource type. If you only want an agent handling user profiles, you can filter by tags: ["directory"], completely hiding incident or asset endpoints from the model's context.
• Additional Authentication (require_api_token_auth): By default, the MCP URL acts as a secure bearer token. For higher security, enabling this flag forces the connecting client to also supply a valid Truto API token, guaranteeing that possession of the URL alone is useless without authorized credentials.
• Time-to-Live (expires_at): You can generate ephemeral MCP servers for temporary access (e.g., granting a contractor's AI agent access to SolarWinds for exactly 48 hours). Once the timestamp passes, the token is automatically wiped from the distributed key-value store.

Next Steps for IT Automation

Connecting SolarWinds Service Desk to Claude transforms an ITSM platform from a static database into an active, intelligent participant in your IT operations. By using an MCP server, you abstract away the brutal reality of vendor API authentication, nested query parameters, and pagination, allowing your AI models to focus purely on solving the user's workflow.

You do not need to build and maintain this translation layer yourself.