Barndoor LLM Gateway updates
Route smarter, spend less
Barndoor LLM Gateway customers can now set a spend or usage budget on a specific model, and automatically route traffic to a different model when that budget is exhausted, without any manual intervention or failed requests.This means that customers can:
- Set a budget on expensive models and fall back to cheaper ones when the budget runs out
- Get routed to the next LLM model if one hits a rate limit or becomes unavailable, with no disruption to workflows
- Have access to premium models up to a defined limit, then route them to standard models beyond that
Barndoor MCP Governance updates
Field-level data protection and controls
Barndoor data protection field controls bring response transformation to MCP tool traffic. Rather than blocking an entire tool call or scanning for content patterns, field controls let admins specify exactly which fields should be removed from MCP tool requests and responses before they reach the agent or the underlying system.
Field controls work in both directions:
On responses: when an agent queries a tool, specific fields can be stripped from what comes back. For example, an agent querying Salesforce opportunities can be prevented from ever seeing the Amount field, regardless of what value is in it.
On requests: when an agent is writing data to a tool, specific fields can be removed from what gets sent. For example, preventing an agent from writing a deal amount into a Salesforce Opportunity field, even if the agent attempts to do so.
Admins can see the actual fields that the MCP server returns or accepts, and can select which ones to remove.
This is different from detection-based data protection, which evaluates content such as SSN, API key, or credit card number. Field-level data protection doesn’t evaluate content, but rather it’s based on the field itself. If a data protection policy is set to exclude the “Amount” field in a Salesforce query, no amount value is ever presented to the agent, regardless of what’s contained in the field.
My Apps page redesign
The My Apps page in Barndoor is generally where end users connect their personal accounts to MCP servers. The page has been redesigned from a list view to a card-based layout, with each card showing the MCP server, a connect or disconnect button, a URL copy option, and a clear indicator of whether the user is currently connected.
The UI design update makes it more intuitive and straightforward for users to connect to MCP servers.
New MCP connectors for marketers, developers, data engineers
This month’s release adds six new MCP connectors, expanding coverage across marketing, experimentation, data warehousing, and infrastructure:
- Klaviyo: a marketing automation and CRM platform for e-commerce businesses to run email, SMS, and push campaigns. With this MCP, agents can pull customer segments, campaign performance, or trigger marketing actions directly from a chat interface.
- Statsig: a product development platform for feature flags, A/B testing, and more. This MCP lets agents check flag states, review experiment results, and manage rollouts programmatically.
- Google BigQuery: this is Google Cloud’s serverless data warehouse for running fast SQL queries over large datasets. This MCP allows agents to query tables, explore schemas, and pull analytics directly from BigQuery
- Cloudflare API: this MCP gives agents access to Cloudflare’s core account and zone management functions.
- Cloudflare DNS Analytics: this MCP gives agents access to DNS query volume, response patterns, and traffic distribution for a domain for teams that want visibility into DNS performance and behavior.
- Apify: a cloud platform for web scraping and automation. This MCP lets agents launch scraping jobs and retrieve structured web data on demand.
Platform updates
SCIM provisioning
Barndoor now supports SCIM provisioning, letting IT teams manage Barndoor access directly from their identity provider. When a user is added to or removed from a group in Okta, that change is automatically pushed to Barndoor in real time.
SCIM builds on the SSO support Barndoor already provides. Barndoor connects to any identity provider that supports OIDC or SAML 2.0, including Okta, Microsoft Entra ID, Google Workspace, Ping Identity, Auth0, and OneLogin. SCIM adds automated provisioning on top of that existing connection.
Barndoor is now listed in the Okta Integration Network.

Break-glass (emergency admin access)
Break-glass access is a safety mechanism that ensures organizations can always get back into Barndoor even if their identity provider is unavailable.
Enforcing SSO means all standard accounts must log in to Barndoor through the identity provider. The break glass account stays password-protected by design, giving admins a safety net to log in to Barndoor if the identity provider ever becomes unavailable.
Sign up for a demo
Ready to empower your knowledge workers with governed AI at scale? Book a demo or start a free trial to see Barndoor in action.
Note to customers: If any of the features above aren’t visible in your account yet, reach out to your account executive and we’ll get them turned on for you.












