Netskope NPA MCP Server

A comprehensive Model Context Protocol (MCP) server for managing Netskope Private Access (NPA) infrastructure through AI-powered automation.

This project includes extensive documentation organized for easy navigation:

👉 Start with the Complete Documentation - Overview and navigation guide

The MCP server provides 84 specialized tools across 10 categories:

AI Response: Executes comprehensive deployment workflow

• ✅ Creates publisher with auto-upgrade profile
• ✅ Configures local broker for internal routing
• ✅ Sets up core business applications (CRM, ERP, File Server)
• ✅ Creates access policies with SCIM group validation
• ✅ Enables monitoring and discovery for office network
• ✅ Generates registration token for field deployment

AI Response: Emergency security response workflow

• ✅ Identifies all HR/Finance applications automatically
• ✅ Creates emergency policy group with highest priority
• ✅ Blocks access for all users except incident response team
• ✅ Enhances monitoring for security events
• ✅ Tags applications for incident tracking

AI Response: Automated compliance assessment

• ✅ Audits all publishers for version compliance
• ✅ Identifies applications without access policies
• ✅ Validates SCIM group references in policies
• ✅ Generates compliance score and remediation plan
• ✅ Creates detailed findings report with priorities

1. Environment Setup

   export NETSKOPE_BASE_URL="https://your-tenant.goskope.com"
   export NETSKOPE_TOKEN="your-api-token"

2. Install and Run

   npm install
   npm run build
   npm start

3. Connect via MCP Client

   {
     "mcpServers": {
       "netskope-npa": {
         "command": "node",
         "args": ["/path/to/ns-private-access-mcp/build/index.js"],
         "env": {
           "NETSKOPE_BASE_URL": "https://your-tenant.goskope.com",
           "NETSKOPE_TOKEN": "your-api-token"
         }
       }
     }
   }

• Tools designed for LLM interaction with clear descriptions
• Automatic parameter validation and transformation
• Rich error context for troubleshooting

• Tools automatically coordinate with each other
• Built-in retry logic and error recovery
• Transactional operations where possible

• Comprehensive input validation using Zod schemas
• Rate limiting and API quota management
• Detailed logging and monitoring

• SCIM integration for identity resolution
• Search tools for resource discovery
• Validation tools for compliance checking

npm install @johnneerdael/ns-private-access-mcp

git clone https://github.com/johnneerdael/ns-private-access-mcp.git
cd ns-private-access-mcp
npm install
npm run build

Tools are designed to work together through well-defined interfaces:

// Example: Creating a private app with validation and tagging
1. validateName() -> Check app name compliance
2. searchPublishers() -> Find target publisher
3. createPrivateApp() -> Create the application  
4. createPrivateAppTags() -> Add organizational tags
5. updatePublisherAssociation() -> Associate with publishers

Every tool uses Zod schemas for type safety and validation:

const createAppSchema = z.object({
  app_name: z.string().min(1).max(64),
  host: z.string().url(),
  protocols: z.array(protocolSchema),
  clientless_access: z.boolean()
});

Built-in patterns for handling common issues:

• Automatic parameter extraction from MCP objects
• Retry logic with exponential backoff
• Graceful degradation for partial failures

• John Neerdael (Netskope Private Access Product Manager)
• Mitchell Pompe (Chief Netskope Solutions Engineer for NL)

• Documentation Issues: Open an issue on GitHub
• Feature Requests: Create a feature request issue
• Bug Reports: Use the bug report template
• Security Issues: See SECURITY.md

This MCP server transforms complex Netskope NPA management into simple, AI-driven conversations.