MCP.directory
Netskope

Netskope

johnneerdael

Manages Netskope Private Access infrastructure through automated publisher deployment, app configuration, policy creation, and network diagnostics.

Integrates with Netskope API to manage private access infrastructure, enabling automated publisher lifecycle, app configuration, policy creation, and traffic diagnostics.

6374 views13Local (stdio)
auth security
GitHub

What it does

  • Deploy and manage NPA publishers
  • Configure private applications and access policies
  • Manage local brokers and network routing
  • Monitor alerts and validate configurations
  • Automate SCIM user provisioning
  • Schedule system upgrades and maintenance

Best for

Network administrators managing zero-trust accessDevOps teams automating office infrastructure setupSecurity teams implementing access policiesOrganizations with distributed private applications
84 specialized tools across 10 categoriesComplete infrastructure automationReal-time traffic diagnostics

About Netskope

Netskope is a community-built MCP server published by johnneerdael that provides AI assistants with tools and capabilities via the Model Context Protocol. Integrate with Netskope to automate private access, app config, policy creation, and diagnostics via API for secure, eff It is categorized under auth security.

How to install

You can install Netskope in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.

License

Netskope is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.

Netskope NPA MCP Server

A comprehensive Model Context Protocol (MCP) server for managing Netskope Private Access (NPA) infrastructure through AI-powered automation.

📚 Complete Documentation

This project includes extensive documentation organized for easy navigation:

👉 Start with the Complete Documentation - Overview and navigation guide

Quick Access Links

CategoryDescriptionLink
🏗️ ArchitectureServer design and patternsServer Architecture
🛠️ Tools ReferenceComplete tool documentationPublisher Tools, Private App Tools, Policy Tools
🔄 WorkflowsCommon automation patternsCommon Workflows
💼 Real ExamplesComplete use casesReal-World Examples

Tool Overview

The MCP server provides 84 specialized tools across 10 categories:

CategoryToolsPrimary Use Cases
Publishers9 toolsInfrastructure deployment and management
Private Apps15 toolsApplication lifecycle and configuration
Local Brokers7 toolsNetwork connectivity and routing
Policy Management6 toolsAccess control and security rules
SCIM Integration5 toolsIdentity and user management
Upgrade Profiles7 toolsAutomated maintenance scheduling
Steering3 toolsTraffic routing and associations
Alerts2 toolsEvent monitoring and notifications
Search2 toolsResource discovery and querying
Validation2 toolsConfiguration compliance

Real-World Usage Examples

🏢 "Set up complete NPA infrastructure for our new London office"

AI Response: Executes comprehensive deployment workflow

  • ✅ Creates publisher with auto-upgrade profile
  • ✅ Configures local broker for internal routing
  • ✅ Sets up core business applications (CRM, ERP, File Server)
  • ✅ Creates access policies with SCIM group validation
  • ✅ Enables monitoring and discovery for office network
  • ✅ Generates registration token for field deployment

🚨 "URGENT: Security incident - lock down HR/Finance apps immediately"

AI Response: Emergency security response workflow

  • ✅ Identifies all HR/Finance applications automatically
  • ✅ Creates emergency policy group with highest priority
  • ✅ Blocks access for all users except incident response team
  • ✅ Enhances monitoring for security events
  • ✅ Tags applications for incident tracking

📊 "Perform comprehensive compliance audit of our NPA environment"

AI Response: Automated compliance assessment

  • ✅ Audits all publishers for version compliance
  • ✅ Identifies applications without access policies
  • ✅ Validates SCIM group references in policies
  • ✅ Generates compliance score and remediation plan
  • ✅ Creates detailed findings report with priorities

Quick Start

  1. Environment Setup

    export NETSKOPE_BASE_URL="https://your-tenant.goskope.com"
export NETSKOPE_TOKEN="your-api-token"

  2. Install and Run

    npm install
npm run build
npm start

  3. Connect via MCP Client

    {
  "mcpServers": {
    "netskope-npa": {
      "command": "node",
      "args": ["/path/to/ns-private-access-mcp/build/index.js"],
      "env": {
        "NETSKOPE_BASE_URL": "https://your-tenant.goskope.com",
        "NETSKOPE_TOKEN": "your-api-token"
      }
    }
  }
}

Key Features

🤖 AI-Native Design

  • Tools designed for LLM interaction with clear descriptions
  • Automatic parameter validation and transformation
  • Rich error context for troubleshooting

🔄 Workflow Orchestration

  • Tools automatically coordinate with each other
  • Built-in retry logic and error recovery
  • Transactional operations where possible

🛡️ Production Ready

  • Comprehensive input validation using Zod schemas
  • Rate limiting and API quota management
  • Detailed logging and monitoring

🔗 Integration Patterns

  • SCIM integration for identity resolution
  • Search tools for resource discovery
  • Validation tools for compliance checking

Installation Options

NPM Package

npm install @johnneerdael/ns-private-access-mcp

Local Development

git clone https://github.com/johnneerdael/ns-private-access-mcp.git
cd ns-private-access-mcp
npm install
npm run build

Architecture Highlights

Tool Composition

Tools are designed to work together through well-defined interfaces:

// Example: Creating a private app with validation and tagging
1. validateName() -> Check app name compliance
2. searchPublishers() -> Find target publisher
3. createPrivateApp() -> Create the application  
4. createPrivateAppTags() -> Add organizational tags
5. updatePublisherAssociation() -> Associate with publishers

Schema-Driven Validation

Every tool uses Zod schemas for type safety and validation:

const createAppSchema = z.object({
  app_name: z.string().min(1).max(64),
  host: z.string().url(),
  protocols: z.array(protocolSchema),
  clientless_access: z.boolean()
});

Error Resilience

Built-in patterns for handling common issues:

  • Automatic parameter extraction from MCP objects
  • Retry logic with exponential backoff
  • Graceful degradation for partial failures

Credits

  • John Neerdael (Netskope Private Access Product Manager)
  • Mitchell Pompe (Chief Netskope Solutions Engineer for NL)

Getting Help

  • Documentation Issues: Open an issue on GitHub
  • Feature Requests: Create a feature request issue
  • Bug Reports: Use the bug report template
  • Security Issues: See SECURITY.md

This MCP server transforms complex Netskope NPA management into simple, AI-driven conversations.

Alternatives

GhidraMCP

GhidraMCP

LaurieWired
7.8k

MCP server for Ghidra reverse engineering. Enables AI assistants to decompile binaries, analyze functions, rename variab

CommunityPopular
362
HexStrike AI

HexStrike AI

0x4m4
7.3k

Advanced MCP server enabling AI agents to autonomously run 150+ security and penetration testing tools. Covers reconnais

CommunityPopular
282
Snyk Agent Scan

Snyk Agent Scan

Snyk
1.8k

Security scanner for AI agents, MCP servers, and agent skills. Automatically scan code for vulnerabilities, license issu

Official
224
Semgrep

Semgrep

semgrep
638

Semgrep is a leading code analysis tool that scans code for vulnerabilities, helping developers fix issues swiftly withi

OfficialRemote
1.3k9

Related Skills

Browse all skills
backend-security-coder

Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.

17
firebase

Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I

16
senior-backend

Comprehensive backend development skill for building scalable backend systems using NodeJS, Express, Go, Python, Postgres, GraphQL, REST APIs. Includes API scaffolding, database optimization, security implementation, and performance tuning. Use when designing APIs, optimizing database queries, implementing business logic, handling authentication/authorization, or reviewing backend code.

11
supabase-rls-policy-generator

This skill should be used when the user requests to generate, create, or add Row-Level Security (RLS) policies for Supabase databases in multi-tenant or role-based applications. It generates comprehensive RLS policies using auth.uid(), auth.jwt() claims, and role-based access patterns. Trigger terms include RLS, row level security, supabase security, generate policies, auth policies, multi-tenant security, role-based access, database security policies, supabase permissions, tenant isolation.

10
api-security-best-practices

Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities

9
email

Send and draft professional emails with seasonal HTML formatting, authentic writing style, contact lookup via Google Contacts, security-first approach, and Google Gmail API via Ruby CLI. This skill should be used for ALL email operations (mandatory per RULES.md).

6