home / mcp / netskope npa mcp server
AI-driven MCP server to manage Netskope Private Access via publishers, apps, brokers, policies, and SCIM integrations
Configuration
View docs{
"mcpServers": {
"johnneerdael-ns-private-access-mcp": {
"command": "node",
"args": [
"/path/to/ns-private-access-mcp/build/index.js"
],
"env": {
"NETSKOPE_TOKEN": "your-api-token",
"NETSKOPE_BASE_URL": "https://your-tenant.goskope.com"
}
}
}
}This MCP server provides AI-assisted automation to manage Netskope Private Access infrastructure. It enables you to deploy, configure, monitor, and enforce access policies through a set of coordinated tools, making NPA management faster, repeatable, and auditable.
You use the NetSkope NPA MCP server by running the local MCP instance and connecting a client that can drive actions through the MCP interface. Start by launching the local server, then point your MCP client at the appropriate runtime command so that your client can execute the designed workflows for publishers, private apps, local brokers, and policy management.
Prerequisites: you need Node.js and npm installed on your system.
# Environment setup for your tenant
export NETSKOPE_BASE_URL="https://your-tenant.goskope.com"
export NETSKOPE_TOKEN="your-api-token"
# Install dependencies, build, and start the MCP server
npm install
npm run build
npm startTo connect your MCP client, run the stdio-based command as shown. This starts the local MCP server process and exposes it to the client via a runtime script.
{
"mcpServers": {
"netskope_npa": {
"command": "node",
"args": ["/path/to/ns-private-access-mcp/build/index.js"],
"env": {
"NETSKOPE_BASE_URL": "https://your-tenant.goskope.com",
"NETSKOPE_TOKEN": "your-api-token"
}
}
}
}Use cases include setting up a complete NPA infrastructure for a new office, responding to security incidents with emergency workflows, and performing comprehensive compliance audits. By combining tools for publishers, private apps, local brokers, policy management, and SCIM integration, you can automate end-to-end workflows with built-in retries, validation, and error handling.
- The server uses type-safe, schema-driven validation to prevent misconfigurations. - All actions are designed to be orchestrated as part of transactional workflows where possible. - Ensure environment variables are kept secure and rotatable, especially API tokens and base URLs.
If you encounter validation errors, check the input parameters against the Zod schemas used by the tools, review retry and backoff behavior in workflows, and verify that the environment variables are correctly set for the running MCP process.
Limit access to the MCP client and the local MCP process. Use rotated API tokens, enforce least privilege for publishers and policies, and monitor for anomalous changes in policy and app configurations.
Check app name compliance before creating or updating a private app to ensure naming conventions are met.
Find the target publisher to associate with a new or existing private app.
Create a new private application within a publisher with foundational configuration.
Add organizational tags to a private app for better management and discovery.
Associate or re-associate a private app with one or more publishers.
Resolve identities via SCIM to enable group-based access control and provisioning.
Discover resources, services, and configurations across the NPA environment.
Validate access policies for correctness and policy-compliance before deployment.
Automate maintenance and upgrade scheduling for publisher resources.
Create and apply high-priority emergency policies during incidents.
Enable monitoring and discovery workflows to track resource state and changes.
Generate tokens for field deployment and device registration.
Audit publisher configurations for version and policy compliance.
Perform comprehensive compliance checks across the NPA environment.