The Netskope MCP Server enables comprehensive management of Netskope Network Private Access (NPA) infrastructure through APIs. Key capabilities include:
Publisher Management: Create, list, update, delete publishers; generate registration tokens; initiate bulk upgrades; retrieve available releases.
Local Broker Management: Configure and manage local brokers, including registration tokens and global settings.
Policy Rules: Create and manage access control policies based on users, devices, locations, and applications.
Private Applications: Configure and manage private apps, including tagging, publisher assignments, and discovery settings.
Diagnostics: Access user and device diagnostics for troubleshooting.
Upgrade Profiles: Schedule and manage publisher upgrades with timezone support.
Alert Configuration: Monitor and configure system event notifications.
Validation: Pre-validate resource configurations before deployment.
Search: Find specific publishers or private applications.
Publisher Associations: Manage traffic handling between private apps and publishers.
Used for publisher release management and versioning of Netskope components, with capabilities to configure and deploy specific Docker tags for upgrade profiles.
Allows installation of the Netskope NPA MCP server package via npm, though this is an installation method rather than a core integration.
Referenced as part of the deployment process for the MCP server, though this is a setup tool rather than a core integration.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Netskope MCP Servershow me all private apps that don't have access policies configured"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Netskope NPA MCP Server
A comprehensive Model Context Protocol (MCP) server for managing Netskope Private Access (NPA) infrastructure through AI-powered automation.
π Complete Documentation
This project includes extensive documentation organized for easy navigation:
π - Overview and navigation guide
Quick Access Links
Category | Description | Link |
ποΈ Architecture | Server design and patterns | |
π οΈ Tools Reference | Complete tool documentation | |
π Workflows | Common automation patterns | |
πΌ Real Examples | Complete use cases |
Related MCP server: Netskope MCP Server
Tool Overview
The MCP server provides 84 specialized tools across 10 categories:
Category | Tools | Primary Use Cases |
Publishers | 9 tools | Infrastructure deployment and management |
Private Apps | 15 tools | Application lifecycle and configuration |
Local Brokers | 7 tools | Network connectivity and routing |
Policy Management | 6 tools | Access control and security rules |
SCIM Integration | 5 tools | Identity and user management |
Upgrade Profiles | 7 tools | Automated maintenance scheduling |
Steering | 3 tools | Traffic routing and associations |
Alerts | 2 tools | Event monitoring and notifications |
Search | 2 tools | Resource discovery and querying |
Validation | 2 tools | Configuration compliance |
Real-World Usage Examples
π’ "Set up complete NPA infrastructure for our new London office"
AI Response: Executes comprehensive deployment workflow
β Creates publisher with auto-upgrade profile
β Configures local broker for internal routing
β Sets up core business applications (CRM, ERP, File Server)
β Creates access policies with SCIM group validation
β Enables monitoring and discovery for office network
β Generates registration token for field deployment
π¨ "URGENT: Security incident - lock down HR/Finance apps immediately"
AI Response: Emergency security response workflow
β Identifies all HR/Finance applications automatically
β Creates emergency policy group with highest priority
β Blocks access for all users except incident response team
β Enhances monitoring for security events
β Tags applications for incident tracking
π "Perform comprehensive compliance audit of our NPA environment"
AI Response: Automated compliance assessment
β Audits all publishers for version compliance
β Identifies applications without access policies
β Validates SCIM group references in policies
β Generates compliance score and remediation plan
β Creates detailed findings report with priorities
Quick Start
Environment Setup
export NETSKOPE_BASE_URL="https://your-tenant.goskope.com" export NETSKOPE_TOKEN="your-api-token"Install and Run
npm install npm run build npm startConnect via MCP Client
{ "mcpServers": { "netskope-npa": { "command": "node", "args": ["/path/to/ns-private-access-mcp/build/index.js"], "env": { "NETSKOPE_BASE_URL": "https://your-tenant.goskope.com", "NETSKOPE_TOKEN": "your-api-token" } } } }
Key Features
π€ AI-Native Design
Tools designed for LLM interaction with clear descriptions
Automatic parameter validation and transformation
Rich error context for troubleshooting
π Workflow Orchestration
Tools automatically coordinate with each other
Built-in retry logic and error recovery
Transactional operations where possible
π‘οΈ Production Ready
Comprehensive input validation using Zod schemas
Rate limiting and API quota management
Detailed logging and monitoring
π Integration Patterns
SCIM integration for identity resolution
Search tools for resource discovery
Validation tools for compliance checking
Installation Options
NPM Package
npm install @johnneerdael/ns-private-access-mcpLocal Development
git clone https://github.com/johnneerdael/ns-private-access-mcp.git
cd ns-private-access-mcp
npm install
npm run buildArchitecture Highlights
Tool Composition
Tools are designed to work together through well-defined interfaces:
// Example: Creating a private app with validation and tagging
1. validateName() -> Check app name compliance
2. searchPublishers() -> Find target publisher
3. createPrivateApp() -> Create the application
4. createPrivateAppTags() -> Add organizational tags
5. updatePublisherAssociation() -> Associate with publishersSchema-Driven Validation
Every tool uses Zod schemas for type safety and validation:
const createAppSchema = z.object({
app_name: z.string().min(1).max(64),
host: z.string().url(),
protocols: z.array(protocolSchema),
clientless_access: z.boolean()
});Error Resilience
Built-in patterns for handling common issues:
Automatic parameter extraction from MCP objects
Retry logic with exponential backoff
Graceful degradation for partial failures
Credits
John Neerdael (Netskope Private Access Product Manager)
Mitchell Pompe (Chief Netskope Solutions Engineer for NL)
Getting Help
Documentation Issues: Open an issue on GitHub
Feature Requests: Create a feature request issue
Bug Reports: Use the bug report template
Security Issues: See SECURITY.md
This MCP server transforms complex Netskope NPA management into simple, AI-driven conversations.
This server cannot be installed
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.