The Netskope NPA MCP Server enables management of Netskope Network Private Access infrastructure through Large Language Models. It provides a structured way to configure and control private applications, publishers, policies, and other ZTNA components via a Model Context Protocol interface.
You can install the Netskope MCP server using npm:
npm install @johnneerdael/netskope-mcp
To connect the MCP server with your Netskope environment, you'll need to set up your MCP configuration with the appropriate environment variables.
Add this to your MCP settings file:
{
"mcpServers": {
"netskope-mcp": {
"command": "wsl.exe",
"args": [
"bash",
"-c",
"source ~/.nvm/nvm.sh && NETSKOPE_BASE_URL=https://your-tenant.goskope.com NETSKOPE_API_KEY=your-token npx -y @johnneerdael/netskope-mcp"
]
}
}
}
Add this to your MCP settings file:
{
"mcpServers": {
"netskope-mcp": {
"command": "npx",
"args": ["-y", "@johnneerdael/netskope-mcp"],
"env": {
"NETSKOPE_BASE_URL": "https://your-tenant.goskope.com",
"NETSKOPE_API_KEY": "your-token"
}
}
}
}
The server requires these environment variables:
https://your-tenant.goskope.com)Example configuration:
export NETSKOPE_BASE_URL="https://your-tenant.goskope.com"
export NETSKOPE_API_KEY="your-api-token"
To get an inventory of all private applications:
listPrivateApps
This returns details about all configured private applications including their protocols, publishers, and security settings.
To create a private application:
createPrivateApp({
"app_name": "Internal Website",
"host": "internalapp.company.local",
"clientless_access": true,
"is_user_portal_app": true,
"protocols": [
{
"port": "443",
"type": "tcp"
}
],
"publishers": [
{
"publisher_id": "123",
"publisher_name": "DC-Publisher-1"
}
],
"trust_self_signed_certs": false,
"use_publisher_dns": true
})
To retrieve details for a specific application:
getPrivateApp({ id: 123 })
To modify an existing application:
updatePrivateApp({
"id": 123,
"app_name": "Updated Internal Website",
"host": "internalapp.company.local",
"clientless_access": true,
"is_user_portal_app": true,
"protocols": [
{
"port": "443",
"type": "tcp"
},
{
"port": "8080",
"type": "tcp"
}
],
"publishers": [
{
"publisher_id": "123",
"publisher_name": "DC-Publisher-1"
}
],
"trust_self_signed_certs": false,
"use_publisher_dns": true
})
Publishers are components that handle traffic to private applications.
To view all configured publishers:
listPublishers
To create a new publisher:
createPublisher({
"name": "East-DC-Publisher",
"lbrokerconnect": false
})
To generate a token for registering a publisher:
generatePublisherRegistrationToken({ publisherId: 123 })
To initiate upgrades for multiple publishers:
bulkUpgradePublishers({
"publishers": {
"apply": {
"upgrade_request": true
},
"id": ["123", "456"]
}
})
To view all configured access rules:
listRules
To create an access policy rule:
createRule({
"name": "Finance Team Access",
"description": "Allow Finance team access to financial applications",
"enabled": true,
"action": "allow",
"policy_group_id": 1,
"priority": 10,
"conditions": [
{
"type": "group",
"operator": "in",
"value": ["Finance"]
},
{
"type": "private_app",
"operator": "in",
"value": [123, 456]
}
]
})
To modify an existing rule:
updateRule({
"id": 10,
"name": "Finance Team Access",
"description": "Allow Finance team access to financial applications - Updated",
"enabled": true,
"action": "allow",
"policy_group_id": 1,
"priority": 5,
"conditions": [
{
"type": "group",
"operator": "in",
"value": ["Finance"]
},
{
"type": "private_app",
"operator": "in",
"value": [123, 456, 789]
}
]
})
Local brokers enable on-premises ZTNA deployments.
To view all configured local brokers:
listLocalBrokers
To create a new local broker:
createLocalBroker({
"name": "HQ-Local-Broker"
})
To generate a token for broker registration:
generateLocalBrokerRegistrationToken({ id: 123 })
To check the current alert settings:
getAlertConfig
To modify alert notification settings:
updateAlertConfig({
"adminUsers": ["[email protected]", "[email protected]"],
"eventTypes": [
"UPGRADE_WILL_START",
"UPGRADE_STARTED",
"UPGRADE_SUCCEEDED",
"UPGRADE_FAILED",
"CONNECTION_FAILED"
],
"selectedUsers": "[email protected]"
})
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"cursor-rules-mcp": {
"command": "npx",
"args": [
"-y",
"cursor-rules-mcp"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.