The SAS MCP Server is an open-source Model Context Protocol (MCP) server that connects an AI coding assistant, such as GitHub Copilot, Claude Code, Gemini CLI, your choice, directly to your SAS Viya environment. No copy-pasting code into a browser. No tab-switching between your editor and SAS Studio. Just: ask, execute, iterate.

 

By the end of this post, GitHub Copilot in Visual Studio Code will be able to see 26 live SAS MCP tools and talk directly to your SAS Viya environment. That's the goal. Let's get there.

 

 

MCP

 

In Tron, the Master Control Program (MCP) was an AI that started as a chess program and quietly grew into something far more ambitious: a single, all-powerful system that could absorb other programs, commandeer any resource on the network, and execute tasks across the entire digital world, all through one centralized control point.

 

Sound familiar?  😊

 

The SAS MCP Server, of the Model Context Protocol (MCP) kind, isn't trying to take over anything (probably or not yet). The parallel is real: one server, one interface, connecting your AI assistant to all of SAS Viya's capabilities: code execution, data management, model scoring, reports, regardless of which underlying product powers each one. A single control point for the whole platform.

 

The key difference: the SAS MCP works for you, not against you. And it's open source, so you can see exactly what it's up to.

 

To understand how it works from GitHub Copilot, you may want to watch the demonstration in Putting the SAS MCP Server to Work in GitHub Copilot.

 

 

What You'll Need

 

- A SAS Viya environment (this post was tested against SAS Viya versions LTS 2025.09 and Stable 2026.03).

- Admin access, or at least enough permissions to touch SAS Logon Manager config in SAS Environment Manager

- Your Viya endpoint URL, e.g. https://yoursasviya.com  

- A trusted certificate, in the form of a .pem file for your environment

- Visual Studio Code (VS Code) + Git Bash (or any Bash-compatible terminal)

- Python 3.12+, or uv (which will sort Python out for you)

- GitHub Copilot extension in VS Code.

- A GitHub account. There's a Free tier for GitHub Copilot.

 

 

The 10-Step Path

 

There are two sides to this: SAS Viya configuration and local MCP server configuration. They're both lightweight, but a few steps have landmines. I'll flag them.

 

 

Step 1: Remove the form-action Policy from SAS Logon Manager

 

This is the one people skip and then spend 45 minutes wondering why authentication keeps failing.

 

In SAS Environment Manager → Configuration, find the content-security-policy entry for SAS Logon Manager.

 

Select any image to see a larger version.
Mobile users: To view the images, select the "Full" version at the bottom of the page.

 

If you don't see SAS Logon Manager, create a new configuration and select SAS Logon Manager.

 

Look for this component: form-action 'self'; or form-action 'self' https://login.microsoftonline.com; for Microsoft Single Sign-On (SSO).

 

 

 

Delete it. The whole thing. Don't leave an empty form-action.

 

This policy, when present, blocks the OAuth callback from completing — which means VS Code never finishes authenticating to the MCP server. It's subtle, it's silent, and it will ruin your day.

 

The MCP doesn't negotiate. Remove the policy, or it doesn't let you in. The original Master Control Program had the same energy.

 

Full instructions: Configuration details for the SAS MCP Server.

 

 

Step 2: Clone the Repository

 

Open VS Code, set Git Bash as your default terminal (F1 → Terminal: Select Default Profile → Git Bash), and clone:

 

cd ~/
git clone https://github.com/sassoftware/sas-mcp-server.git
cd ~/sas-mcp-server

 

If you're on Windows, verify you're in Git Bash, not PowerShell. Bash commands in PowerShell produce “creative” but unhelpful errors.

 

 

Step 3: Set Up Python with uv

 

uv is a fast Python package manager. If you don't have it:

 

pip install uv
cd ~/sas-mcp-server

 

One quirk in some demo environments: pyproject.toml may need an email added to the authors field. Change the name to match your organization. For example:

 

authors = [{name = "SAS Institute Inc.", email = "user@sas.com"}]

 

If uv sync complains, that's likely why. Fix it and re-run.

 

Then, inside the project:

 

uv sync

 

This reads pyproject.toml, resolves everything, and creates a virtual environment, .venv, in the project folder. If the virtual environment doesn't appear, run uv venv then uv sync, then close and reopen the terminal.

 

Verify it worked:

 

python --version   # Should be 3.12+

 

Restart VS Code if you still don’t see 3.12+.

 

 

Step 4: Add the Certificate File

 

Your local MCP server needs to trust your Viya environment's TLS certificate. Drop the .pem file into the project root. Mine is called edu_trustedcerts.pem:

 

sas-mcp-server/
├── .env
├── edu_trustedcerts.pem   ← here
├── pyproject.toml
└── ...

 

If you're pulling it from a Kubernetes deployment:

 

NS=your_sas_viya_namespace
kubectl -n $NS cp $(kubectl get pod -l app=sas-logon-app -n $NS -o=jsonpath='{.items[0].metadata.name}'):security/trustedcerts.pem \
  ~/.certs/edu_trustedcerts.pem

 

Then download the file and copy it into your project folder. The path in the project has to match what's in .env where we declare environment variables. If it doesn't, authentication will fail quietly and you'll be confused.

 

 

Step 5: Configure .env

 

cp .env.sample .env

 

Edit .env and fill in your values:

 

VIYA_ENDPOINT=https://yoursasviya.demo.sas.com

SSL_VERIFY=true
REQUESTS_CA_BUNDLE=edu_trustedcerts.pem
SSL_CERT_FILE=edu_trustedcerts.pem

VIYA_USERNAME=youruser
VIYA_PASSWORD='yourpassword'

 

There are other variables declared in this file, but we will be working with the defaults:

- CLIENT_ID: sas-mcp

- HOST_PORT: 8134

- MCP_SIGNING_KEY: default

- MCP_BASE_URL: http://localhost:{HOST_PORT  }

- COMPUTE_CONTEXT_NAME: SAS Job Execution compute context

 

See Environment file options for more explanations.

 

Then (and this trips people up) source the file before running any scripts:

 

source .env
echo $VIYA_ENDPOINT  # Confirm it's set

 

Editing .env doesn't automatically export variables into your shell session. Source it. Every time you open a new terminal.

 

 

Step 6: Register the OAuth Client

 

The SAS MCP server will be looking for a sas-mcp client registered on the SAS Viya side. Its redirect URI points to the MCP_BASE_URL.

 

The SAS R&D engineers wrote a short utility to help you register this client.

 

uv run python examples/register_mcp_client.py

 

Enter your SAS Viya admin credentials when prompted. A successful run looks like this:

 

Client 'sas-mcp' registered successfully.
  Redirect URI: http://localhost:8134/auth/callback
  Scopes: openid
  Grant types: authorization_code, refresh_token

 

The redirect URI matters. If you later change the host, port, or client ID, re-run this script. The registered URI has to match what the server expects.

 

 

 

Step 7: Start the MCP Server

 

uv run app

 

You should see:

 

INFO: Uvicorn running on http://0.0.0.0:8134
INFO: Connecting to SAS Viya at https://server.demo.sas.com
INFO: Application startup complete.

 

You may see warnings about JWT signing keys and non-secure cookies. For local development, ignore them. For production: use a strong MCP_SIGNING_KEY and deploy over HTTPS. The only option seems to be a Kubernetes deployment.

 

 

Keep this terminal open. The server has to stay running.

 

The MCP is now running. Unlike its 1982 namesake, it's not trying to absorb all other programs. It just wants to talk to SAS Viya.

 

 

Step 8: Tell VS Code Where the MCP Server Is

 

Create .vscode/mcp.json in the project root:

 

{
  "servers": {
    "sas-execution-mcp": {
      "url": "http://localhost:8134/mcp",
      "type": "http"
    }
  }
}

 

VS Code will show a Start option at the top of the file. Click it. This triggers the authentication flow.

 

 

Step 9: Authenticate

 

VS Code will open a browser prompt:

 

The application Visual Studio Code wants to access the MCP server SAS Viya Execution MCP Server.

 

Allow it. Sign in with your Viya credentials. When the browser asks to return to VS Code, allow that too.

 

Back in your MCP server terminal, you should see a cascade of OAuth calls: /well-known/, /register, /authorize, /auth/callback, /token. That's the whole OAuth dance completing successfully.

 

At the top of mcp.json, you should now see:

 

26 tools, 8 prompts

 

 

If you don't see tools, check this short list:

 

• Is uv run app still running?
• Did authentication finish in the browser?
• Was form-action actually removed from SAS Logon Manager?
• Does the .pem path in .env point to a real file?

 

 

Step 10: Connect GitHub Copilot

 

Open Copilot Chat. Switch to Agent Mode. This is required for tool calling, not just conversation.

 

Type a prompt in the chat and press Enter. The first time you will have to sign in with GitHub (or Google, Apple, or GHE depending on your setup).

 

Open Tools → expand sas-execution-mcp. You should see the full tool list.

 

Test it:

 

Tell me what sas-execution-mcp tools you have available.

 

If Copilot lists tools like execute_sas_code and submit_batch_job, you're done. It works.

 

The Master Control Program wanted to control the Grid. This one just hands Copilot 26 tools and gets out of the way.

 

 

Shutting Down Cleanly

 

Stop the MCP connection from mcp.json, then CTRL+C the server terminal (where you ran uv run app).

 

If you need to experiment with different environment variables (.env) or you’re working in shared environments, you'll want to also deregister the OAuth client when you're finished.

 

# Get vars from .env plus CURL_CA_BUNDLE
source .env
export CURL_CA_BUNDLE="$REQUESTS_CA_BUNDLE"

# Retrieve a SAS Viya access token (user is assumed to be a SAS Administrator)
export BEARER_TOKEN=`curl -s -X POST \
    "${VIYA_ENDPOINT}/SASLogon/oauth/token" \
    -u "sas.cli:" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=password&username=${VIYA_USERNAME}&password=${VIYA_PASSWORD}" | awk -F: '{print $2}'|awk -F\" '{print $2}'`

# Delete the client if it exists
echo Delete a client if it exists
curl -s -X DELETE "${VIYA_ENDPOINT}/SASLogon/oauth/clients/sas-mcp" \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${BEARER_TOKEN}"

 

What You've Built

 

GitHub Copilot can now call live SAS Viya tools directly from your editor. It can execute code, browse CAS tables, submit batch jobs, score models, and explain what happened in plain English when something goes wrong.

 

The original MCP said "I've got better things to do than play games with you." This one disagrees; it will happily play along with whatever SAS task you throw at it and try to accomplish it.

 

The setup is a one-time cost. What comes after is the interesting part.

 

Putting the SAS MCP Server to Work in GitHub Copilot covers actually using it: code execution, CAS discovery, job management, VA reports, model scoring. That's where it gets good.

 

I’ll finish exactly how the Master Control Program concluded his conversations:

 

End of line.

 

 

Acknowledgements

 

Acknowledging David Weik, Bryan Behrenshausen, and Harry Keen for their excellent work.

 

 

Find more articles from SAS Global Enablement and Learning here.