Netskope NPA MCP Server
A comprehensive Model Context Protocol (MCP) server for managing Netskope Private Access (NPA) infrastructure through AI-powered automation.
📚 Complete Documentation
This project includes extensive documentation organized for easy navigation:
👉 Start with the Complete Documentation - Overview and navigation guide
Quick Access Links
| Category | Description | Link |
|---|---|---|
| 🏗️ Architecture | Server design and patterns | Server Architecture |
| 🛠️ Tools Reference | Complete tool documentation | Publisher Tools, Private App Tools, Policy Tools |
| 🔄 Workflows | Common automation patterns | Common Workflows |
| 💼 Real Examples | Complete use cases | Real-World Examples |
Tool Overview
The MCP server provides 84 specialized tools across 10 categories:
| Category | Tools | Primary Use Cases |
|---|---|---|
| Publishers | 9 tools | Infrastructure deployment and management |
| Private Apps | 15 tools | Application lifecycle and configuration |
| Local Brokers | 7 tools | Network connectivity and routing |
| Policy Management | 6 tools | Access control and security rules |
| SCIM Integration | 5 tools | Identity and user management |
| Upgrade Profiles | 7 tools | Automated maintenance scheduling |
| Steering | 3 tools | Traffic routing and associations |
| Alerts | 2 tools | Event monitoring and notifications |
| Search | 2 tools | Resource discovery and querying |
| Validation | 2 tools | Configuration compliance |
Real-World Usage Examples
🏢 "Set up complete NPA infrastructure for our new London office"
AI Response: Executes comprehensive deployment workflow
- ✅ Creates publisher with auto-upgrade profile
- ✅ Configures local broker for internal routing
- ✅ Sets up core business applications (CRM, ERP, File Server)
- ✅ Creates access policies with SCIM group validation
- ✅ Enables monitoring and discovery for office network
- ✅ Generates registration token for field deployment
🚨 "URGENT: Security incident - lock down HR/Finance apps immediately"
AI Response: Emergency security response workflow
- ✅ Identifies all HR/Finance applications automatically
- ✅ Creates emergency policy group with highest priority
- ✅ Blocks access for all users except incident response team
- ✅ Enhances monitoring for security events
- ✅ Tags applications for incident tracking
📊 "Perform comprehensive compliance audit of our NPA environment"
AI Response: Automated compliance assessment
- ✅ Audits all publishers for version compliance
- ✅ Identifies applications without access policies
- ✅ Validates SCIM group references in policies
- ✅ Generates compliance score and remediation plan
- ✅ Creates detailed findings report with priorities
Quick Start
-
Environment Setup
export NETSKOPE_BASE_URL="https://your-tenant.goskope.com" export NETSKOPE_TOKEN="your-api-token" -
Install and Run
npm install npm run build npm start -
Connect via MCP Client
{ "mcpServers": { "netskope-npa": { "command": "node", "args": ["/path/to/ns-private-access-mcp/build/index.js"], "env": { "NETSKOPE_BASE_URL": "https://your-tenant.goskope.com", "NETSKOPE_TOKEN": "your-api-token" } } } }
Key Features
🤖 AI-Native Design
- Tools designed for LLM interaction with clear descriptions
- Automatic parameter validation and transformation
- Rich error context for troubleshooting
🔄 Workflow Orchestration
- Tools automatically coordinate with each other
- Built-in retry logic and error recovery
- Transactional operations where possible
🛡️ Production Ready
- Comprehensive input validation using Zod schemas
- Rate limiting and API quota management
- Detailed logging and monitoring
🔗 Integration Patterns
- SCIM integration for identity resolution
- Search tools for resource discovery
- Validation tools for compliance checking
Installation Options
NPM Package
npm install @johnneerdael/ns-private-access-mcp
Local Development
git clone https://github.com/johnneerdael/ns-private-access-mcp.git
cd ns-private-access-mcp
npm install
npm run build
Architecture Highlights
Tool Composition
Tools are designed to work together through well-defined interfaces:
// Example: Creating a private app with validation and tagging
1. validateName() -> Check app name compliance
2. searchPublishers() -> Find target publisher
3. createPrivateApp() -> Create the application
4. createPrivateAppTags() -> Add organizational tags
5. updatePublisherAssociation() -> Associate with publishers
Schema-Driven Validation
Every tool uses Zod schemas for type safety and validation:
const createAppSchema = z.object({
app_name: z.string().min(1).max(64),
host: z.string().url(),
protocols: z.array(protocolSchema),
clientless_access: z.boolean()
});
Error Resilience
Built-in patterns for handling common issues:
- Automatic parameter extraction from MCP objects
- Retry logic with exponential backoff
- Graceful degradation for partial failures
Credits
- John Neerdael (Netskope Private Access Product Manager)
- Mitchell Pompe (Chief Netskope Solutions Engineer for NL)
Getting Help
- Documentation Issues: Open an issue on GitHub
- Feature Requests: Create a feature request issue
- Bug Reports: Use the bug report template
- Security Issues: See SECURITY.md
This MCP server transforms complex Netskope NPA management into simple, AI-driven conversations.
Recommend MCP Servers 💡
harness/mcp-server
The official Harness MCP server providing seamless integration with Harness APIs for advanced automation and tool interaction via the Model Context Protocol (MCP)
@auth0/auth0-mcp-server
The Auth0 MCP Server integrates with LLMs and AI agents, allowing natural language interaction to perform various Auth0 management operations such as creating applications, managing APIs, deploying actions, and listing logs.
ks-mcp-server
The KubeSphere MCP Server is a Model Context Protocol(MCP) server that provides integration with KubeSphere APIs, enabling to get resources from KubeSphere. Divided into four tools modules: Workspace Management, Cluster Management, User and Roles, Extensions Center.
@gannonh/firebase-mcp
Model Context Protocol (MCP) server for Firebase, enabling AI assistants to work with Firestore, Storage, and Authentication services.
adls2-mcp-server
A Model Context Protocol (MCP) server implementation for Azure Data Lake Storage Gen2, providing a standardized interface for file operations.
