Zscaler MCP Server
Zscaler Integration MCP Server is a Model Context Protocol (MCP) server designed for managing Several Zscaler Products using Large Language Models (LLMs).
What is Zscaler MCP Server?
Zscaler MCP Server is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to zscaler integration mcp server is a model context protocol (mcp) server designed for managing several zscaler products using large language models (llms).
Zscaler Integration MCP Server is a Model Context Protocol (MCP) server designed for managing Several Zscaler Products using Large Language Models (LLMs).
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Zscaler Integration MCP Server is a Model Context Protocol (
Use Cases
Maintainer
Works with
Installation
PIP
pip install zscaler-mcpManual Installation
pip install zscaler-mcpConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Zscaler MCP Server
The Zscaler MCP Server connects AI agents and coding assistants to the Zscaler Zero Trust Exchange platform, exposing 300+ tools spanning ZIA (Zscaler Internet Access), ZPA (Zscaler Private Access), ZDX (Digital Experience), ZCC (Client Connector), and other Zscaler products. By default it operates in read-only mode — only list and get operations are registered — making it safe for autonomous AI use. Write operations require explicit opt-in with a mandatory allowlist pattern, and delete operations additionally require a cryptographic HMAC token to prevent prompt-injection attacks.
Prerequisites
- Python 3.10+ and uv or pip for installation
- Zscaler account with OneAPI credentials: ZSCALER_CLIENT_ID, ZSCALER_CLIENT_SECRET, ZSCALER_CUSTOMER_ID, and ZSCALER_VANITY_DOMAIN
- The Zscaler products you want to manage must be entitled in your OneAPI client
- An MCP-compatible client such as Claude Desktop, Cursor, or VS Code with GitHub Copilot
Install zscaler-mcp from PyPI
Install the server using pip or uvx. The uvx approach is recommended as it runs the server in an isolated environment without permanent installation.
pip install zscaler-mcp
# or use uvx for isolated execution
uvx zscaler-mcpCreate a .env file with your Zscaler credentials
Create a .env file with your OneAPI credentials. These are required for the server to authenticate with the Zscaler platform.
ZSCALER_CLIENT_ID=your_oauth_client_id
ZSCALER_CLIENT_SECRET=your_oauth_client_secret
ZSCALER_CUSTOMER_ID=your_customer_id
ZSCALER_VANITY_DOMAIN=yourdomain.zscloud.net
# Optional: restrict to specific services
ZSCALER_MCP_SERVICES=zia,zpaTest the server in read-only mode
Run the server from the command line to verify authentication. The server will log which toolsets are loaded based on your OneAPI entitlements.
zscaler-mcpConfigure your MCP client
Add the server to your MCP client configuration using uvx with your .env file path for credential injection.
Optionally enable write operations
To allow create, update, or delete operations, start the server with both the --enable-write-tools flag and an explicit --write-tools allowlist pattern. Both flags are required — neither alone enables writes.
zscaler-mcp --enable-write-tools --write-tools "zpa_create_*,zpa_delete_*"Zscaler MCP Server Examples
Client configuration
Claude Desktop config block using uvx with a .env file for Zscaler OneAPI credential injection. The server starts in read-only mode by default.
{
"mcpServers": {
"zscaler-mcp-server": {
"command": "uvx",
"args": ["--env-file", "/absolute/path/to/.env", "zscaler-mcp"]
}
}
}Prompts to try
Example prompts that use read-only ZIA and ZPA tools. Be specific about the service name for best results.
- "List my ZPA application segments"
- "Show ZIA firewall rules"
- "List my ZPA segment groups"
- "What ZIA rule labels exist in my tenant?"
- "Get details for ZPA application segment named 'internal-wiki'"Troubleshooting Zscaler MCP Server
Server starts but shows '0 toolsets loaded' or no tools are available
The OneAPI entitlement filter automatically drops toolsets for products not entitled in your credentials. Verify ZSCALER_CLIENT_ID and ZSCALER_CLIENT_SECRET are correct and that the associated client has the expected product entitlements in the Zscaler admin portal.
Write tools return 'not found' even after enabling --enable-write-tools
The --write-tools allowlist flag is mandatory. Running --enable-write-tools alone registers zero write tools by design. Add --write-tools with a pattern like 'zpa_create_*' to explicitly allowlist the tools you need.
Authentication fails with 401 Unauthorized on every API call
Verify ZSCALER_VANITY_DOMAIN is set to your correct tenant domain (e.g., company.zscloud.net). Also ensure the OneAPI client credentials are not expired and that the client is enabled in Zscaler admin console under Identity > API Clients.
Frequently Asked Questions about Zscaler MCP Server
What is Zscaler MCP Server?
Zscaler MCP Server is a Model Context Protocol (MCP) server that zscaler integration mcp server is a model context protocol (mcp) server designed for managing several zscaler products using large language models (llms). It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Zscaler MCP Server?
Install via pip with: pip install zscaler-mcp. Then configure your AI client to connect to this MCP server.
Which AI clients work with Zscaler MCP Server?
Zscaler MCP Server works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Zscaler MCP Server free to use?
Yes, Zscaler MCP Server is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Zscaler MCP Server Alternatives — Similar Security Servers
Looking for alternatives to Zscaler MCP Server? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Zscaler MCP Server in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Zscaler MCP Server?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.