A comprehensive Model Context Protocol (MCP) server for managing Netskope Private Access (NPA) infrastructure through AI-powered automation.
This project includes extensive documentation organized for easy navigation:
π Start with the Complete Documentation - Overview and navigation guide
| Category | Description | Link |
|---|---|---|
| ποΈ Architecture | Server design and patterns | Server Architecture |
| π οΈ Tools Reference | Complete tool documentation | Publisher Tools, Private App Tools, Policy Tools |
| π Workflows | Common automation patterns | Common Workflows |
| πΌ Real Examples | Complete use cases | Real-World Examples |
The MCP server provides 84 specialized tools across 10 categories:
| Category | Tools | Primary Use Cases |
|---|---|---|
| Publishers | 9 tools | Infrastructure deployment and management |
| Private Apps | 15 tools | Application lifecycle and configuration |
| Local Brokers | 7 tools | Network connectivity and routing |
| Policy Management | 6 tools | Access control and security rules |
| SCIM Integration | 5 tools | Identity and user management |
| Upgrade Profiles | 7 tools | Automated maintenance scheduling |
| Steering | 3 tools | Traffic routing and associations |
| Alerts | 2 tools | Event monitoring and notifications |
| Search | 2 tools | Resource discovery and querying |
| Validation | 2 tools | Configuration compliance |
AI Response: Executes comprehensive deployment workflow
- β Creates publisher with auto-upgrade profile
- β Configures local broker for internal routing
- β Sets up core business applications (CRM, ERP, File Server)
- β Creates access policies with SCIM group validation
- β Enables monitoring and discovery for office network
- β Generates registration token for field deployment
AI Response: Emergency security response workflow
- β Identifies all HR/Finance applications automatically
- β Creates emergency policy group with highest priority
- β Blocks access for all users except incident response team
- β Enhances monitoring for security events
- β Tags applications for incident tracking
AI Response: Automated compliance assessment
- β Audits all publishers for version compliance
- β Identifies applications without access policies
- β Validates SCIM group references in policies
- β Generates compliance score and remediation plan
- β Creates detailed findings report with priorities
-
Environment Setup
export NETSKOPE_BASE_URL="https://your-tenant.goskope.com" export NETSKOPE_TOKEN="your-api-token"
-
Install and Run
npm install npm run build npm start
-
Connect via MCP Client
{ "mcpServers": { "netskope-npa": { "command": "node", "args": ["/path/to/ns-private-access-mcp/build/index.js"], "env": { "NETSKOPE_BASE_URL": "https://your-tenant.goskope.com", "NETSKOPE_TOKEN": "your-api-token" } } } }
- Tools designed for LLM interaction with clear descriptions
- Automatic parameter validation and transformation
- Rich error context for troubleshooting
- Tools automatically coordinate with each other
- Built-in retry logic and error recovery
- Transactional operations where possible
- Comprehensive input validation using Zod schemas
- Rate limiting and API quota management
- Detailed logging and monitoring
- SCIM integration for identity resolution
- Search tools for resource discovery
- Validation tools for compliance checking
npm install @johnneerdael/ns-private-access-mcpgit clone https://github.com/johnneerdael/ns-private-access-mcp.git
cd ns-private-access-mcp
npm install
npm run buildTools are designed to work together through well-defined interfaces:
// Example: Creating a private app with validation and tagging
1. validateName() -> Check app name compliance
2. searchPublishers() -> Find target publisher
3. createPrivateApp() -> Create the application
4. createPrivateAppTags() -> Add organizational tags
5. updatePublisherAssociation() -> Associate with publishersEvery tool uses Zod schemas for type safety and validation:
const createAppSchema = z.object({
app_name: z.string().min(1).max(64),
host: z.string().url(),
protocols: z.array(protocolSchema),
clientless_access: z.boolean()
});Built-in patterns for handling common issues:
- Automatic parameter extraction from MCP objects
- Retry logic with exponential backoff
- Graceful degradation for partial failures
- John Neerdael (Netskope Private Access Product Manager)
- Mitchell Pompe (Chief Netskope Solutions Engineer for NL)
- Documentation Issues: Open an issue on GitHub
- Feature Requests: Create a feature request issue
- Bug Reports: Use the bug report template
- Security Issues: See SECURITY.md
This MCP server transforms complex Netskope NPA management into simple, AI-driven conversations.