Language: 日本語English

zscaler Plugin

Author
Zscaler
Category
Security
Topics
Security, Auth & Compliance · Cloud, Deployment & CI/CD · Monitoring & Observability
First seen
2026-07-09
Last confirmed
2026-07-13
Explanation last updated
2026-07-12

The explanation below is AI-generated. Please verify it against the sources.

zscaler-mcp-server is a Model Context Protocol (MCP) server, described on its GitHub homepage, that connects AI agents to the Zscaler Zero Trust Exchange platform. It exposes 402 tools across ten Zscaler services (ZIA, ZPA, ZDX, ZCell, ZMS, ZTW, Z-Insights, ZIdentity, EASM, ZCC) and authenticates to Zscaler using OneAPI credentials. By default the server runs in read-only mode, exposing only list_* and get_* operations; write operations require both the --enable-write-tools flag and a mandatory --write-tools allowlist. According to the README, the project is currently in public preview and under active development, and production deployments are discouraged.

Overview

According to the GitHub README, zscaler-mcp-server is an MCP server for managing Zscaler cloud security products (ZPA, ZIA, ZDX, ZCC, EASM, Z-Insights, and others) via Large Language Models. It runs as a local process (stdio) or over HTTP (sse/streamable-http), can be installed via uvx/pip/uv, run as a Docker container, used as a Python library, or deployed to Azure, Google Cloud, Kubernetes, or Amazon Bedrock AgentCore.

What you can do with zscaler

  • List and retrieve Zscaler resources by default (list_*/get_* tools, 110+ read-only tools), e.g. "List my ZPA Application segments" or "Show ZIA firewall rules"
  • Enable create/update/delete operations explicitly with --enable-write-tools plus a mandatory --write-tools allowlist (supports wildcards like zpa_create_*)
  • Select which services or toolsets are active via --services, --disabled-services, --toolsets, or corresponding environment variables
  • Authenticate to Zscaler using OneAPI credentials (ZSCALER_CLIENT_ID, ZSCALER_CLIENT_SECRET or ZSCALER_PRIVATE_KEY, ZSCALER_CUSTOMER_ID, ZSCALER_VANITY_DOMAIN)
  • Run the server via stdio, SSE, or streamable-http transport, with optional MCP client authentication (api-key, jwt, zscaler, or OAuth 2.1 via auth= parameter)
  • Deploy the server as a Docker container, Python library, or to Azure, Google Cloud, Kubernetes (Helm), or Amazon Bedrock AgentCore
  • Integrate with Claude Desktop, Cursor, VS Code, Claude Code, Gemini CLI, or Kiro IDE

Sources

Original description (English)

Manage Zscaler cloud security platform including ZPA (private access), ZIA (internet access), ZDX (digital experience), ZCC (client connector), EASM (attack surface), and Z-Insights (analytics). Create and manage policies, troubleshoot connectivity, audit security configurations, and investigate incidents across the full Zscaler ecosystem.

History of zscaler

Back to list