OpenAI adds private MCP server access over outbound-only HTTPS

• OpenAI said OpenAIDevs' MCP announcement lets ChatGPT, Codex, and the Responses API connect to private MCP servers over outbound-only HTTPS, which keeps those servers inside a customer's network.
• The same update adds OpenAIDevs' workload identity post for cloud IAM-based auth to the OpenAI API, reducing the need to pass around long-lived API keys.
• OpenAI also expanded enterprise administration with OpenAIDevs' Admin API update covering spend alerts, model allowlists, data retention controls, hosted tool controls, and more granular cost visibility.
• Commentary from gdb's post and stevenheidel's note focused on the practical bit: OpenAI products can now reach local or private MCP endpoints without opening inbound access.

You can jump straight to OpenAI's secure MCP tunnels guide and its workload identity federation guide. The product surface is broader than one API feature, because OpenAIDevs attached ChatGPT and Codex to the same MCP tunnel story while the Admin API update quietly bundled spend, retention, and hosted-tool controls into the same enterprise push.

OpenAI framed the new MCP path around one concrete network assumption: the MCP server stays private, and the connection out to OpenAI runs over outbound-only HTTPS.

That matters mostly because the supported clients are not limited to one developer surface. According to OpenAIDevs' MCP announcement, the same tunnel model now covers ChatGPT, Codex, and the Responses API. The linked secure MCP tunnels guide is the canonical doc OpenAI pointed developers to for setup details.

Community replies immediately translated the launch copy into plainer language. gdb's post called it "bring-your-own MCP servers," while stevenheidel's note summarized it as securely connecting the Responses API to local MCP servers.

The second enterprise feature is identity plumbing. OpenAI said OpenAIDevs' workload identity post brings workload identity federation to the API platform so teams can plug OpenAI access into existing IAM workflows.

The practical claim in the launch copy is narrower than a generic security upgrade. OpenAI specifically said the workload identity post reduces the need to distribute permanent API keys across services. Its workload identity federation guide is the documentation entry point for the cloud identity flow.

OpenAI shipped a third piece at the same time, and it is the most operations-heavy one. OpenAIDevs' Admin API update says enterprises can now manage projects programmatically with a wider Admin API surface.

The new controls OpenAI listed are:

• spend alerts
• model allowlists
• data retention controls
• hosted tool controls
• more granular cost visibility for file search and web search

Bundled together, those items make this update read less like a single MCP feature launch and more like an enterprise platform pass across network access, identity, and governance. The MCP tunnel got the headline, but the Admin API post is where OpenAI disclosed the new knobs for cost, retention, and hosted-tool policy.