Zscaler MCP Server: Bringing Unified Security Automation to Your AI AgentsIt feels like everywhere you look, people are talking about the Model Context Protocol (MCP)—the new standard for connecting AI agents and applications to real-world tools and APIs. MCP is quickly becoming the bridge that lets large language models (LLMs) and coding assistants do more than just answer questions: it lets them take action, automate workflows, and interact with your environment in powerful new ways. MCP servers are ushering in a new era of intelligent security automation — where enterprise security platforms like Zscaler become the authoritative source of truth, seamlessly integrated with AI capabilities. This transformation empowers security teams to shift from manual, reactive processes to dynamic, AI-enhanced workflows that can anticipate and respond to security challenges as they emerge. Introducing the Zscaler MCP ServerToday, we're excited to announce the preview version of Zscaler MCP Server, an open-source solution that brings comprehensive Zscaler management capabilities directly to your AI agents and automation workflows. This comprehensive MCP server provides secure, programmatic access to Zscaler's core security services — Zscaler Client Connector (ZCC), Digital Experience (ZDX), Internet Access (ZIA), Private Access (ZPA) and Zidentity — through a unified interface that works seamlessly with any MCP-compatible client.Until now, most MCP servers have been limited to local, developer-focused setups. What if you could bring comprehensive Zscaler management capabilities right to your favourite AI agent, with a single, unified, open-source server? That's exactly what we've built.Whether you're using Claude Desktop, Cursor, VS Code with Copilot, or any other MCP-compatible client, you can now manage your entire Zscaler environment through natural language conversations and automated workflows. The server acts as a secure bridge between your AI agents and Zscaler's APIs, enabling everything from simple policy queries to complex, multi-service security orchestration workflows.Zscaler's vision for MCP serversAt Zscaler, we view the Zscaler MCP Server as an essential bridge connecting our enterprise security platform with the rapidly evolving AI landscape. By leveraging the standardized MCP protocol, we can create secure, traceable interactions between AI agents and Zscaler's security systems, ensuring that security automation relies on trustworthy, up-to-date data from our platform.As AI capabilities continue to advance, enterprises will increasingly expect these intelligent agents to perform critical security operations such as threat mitigation, policy management, or automated incident response. These operations, however, must be executed within a framework that enterprises can rely on and that upholds the zero-trust security principles essential to modern organizations. This is precisely where the Zscaler MCP Server plays its role: It empowers security professionals, developers, and platform teams to engage with Zscaler's integrated security platform through natural language and AI-driven interactions, enabling them to complete security tasks efficiently while maintaining security, compliance, and full auditability.The Zscaler MCP Server maintains LLM neutrality, giving organizations the flexibility to leverage their existing AI investments and preferred LLMs, while security practitioners can choose the tools that best suit their workflow. Whether integrating with Claude, GPT, or any other MCP-compatible AI solution, the server delivers a uniform, secure gateway to your Zscaler environment.Looking ahead, we envision MCP servers becoming the foundation for a new generation of security operations where AI agents work alongside human security teams, continuously monitoring, analyzing, and responding to threats across the entire security landscape. This collaborative approach will enable organizations to achieve unprecedented levels of security automation while maintaining the human oversight and decision-making capabilities that remain essential in critical security scenarios. What is the Zscaler MCP Server?The Zscaler MCP Server is a Python-based, open-source application that exposes Zscaler's core services through a unified, MCP-compliant API. It's designed to be the missing link between your AI-powered agents and the full suite of Zscaler APIs, enabling seamless integration between your security infrastructure and modern AI workflows.Why is this a big deal?The Zscaler MCP Server provides a natural language interface to your Zscaler configuration management: Simplify configuration tasks: Query and manage Zscaler settings using natural languageAccess multiple Zscaler services: Retrieve information from ZIA, ZPA, ZDX, ZCC, and ZIdentityChoose your API framework: The MCP server can be configured to use either the new Zscaler OneAPI framework or the legacy API framework, depending on your organization's requirementsKey highlightsUnified API: Access Zscaler Client Connector (ZCC), Digital Experience (ZDX), Internet Access (ZIA), Private Access (ZPA), ZIdentity from one placeDual API Framework Support: Full compatibility with both the new Zscaler OneAPI framework and the legacy API frameworkOpen Source & Extensible: Released on GitHub for the community to use, extend, and contribute toPowered by the Official Zscaler Python SDK: All functionality is built on top of the official Zscaler Python SDK, ensuring reliability, security, and full compatibility with Zscaler's APIsZscaler OneAPI Support The Zscaler MCP Server is fully compatible with the new Zscaler OneAPI Framework, Zscaler's unified programming interface for the entire platform. This represents a significant evolution in how organizations can interact with Zscaler's security services. Why OneAPI Matters for Your Automation OneAPI introduces three key architectural pillars that transform how you automate Zscaler operations: Single Endpoint Access: All Zscaler resources are accessible through a common API endpoint (api.zsapi.net), eliminating the complexity of managing multiple product-specific endpointsOAuth 2.0 Security: Modern, standards-based authentication that provides enterprise-grade security and accountability for your automation workflowsCentralized Identity Management: API clients become first-class citizens in Zscaler's identity service (ZIdentity), enabling comprehensive audit trails and behavioural controls Enhanced Automation Capabilities With OneAPI support, the Zscaler MCP Server enables you to:Streamline Cross-Product Workflows: Automate policies across ZIA, ZPA, ZCC, and ZDX from a single, unified interfaceReduce Operational Complexity: No more juggling different authentication methods or learning product-specific API patternsFuture-Proof Your Automation: OneAPI is Zscaler's strategic direction, with new functions added monthly as product features roll outImprove Security Posture: Every API call is logged against the identity of the API client, providing full auditability and traceability Transitioning to OneAPI The MCP Server supports both Legacy and OneAPI frameworks, but you must choose one approach for your deployment:New Implementations: Start with OneAPI to leverage the latest features and best practices from day oneExisting Automation: Configure the MCP Server to use your preferred API framework based on your current Zscaler setup and automation requirements. When you're ready to transition from the legacy API framework to OneAPI, you'll need to:Update your MCP Server configuration to use OneAPI authenticationTest your AI agent workflows to ensure they work correctly with the new API frameworkUpdate any MCP client configurations if you've specified API framework preferences OneAPI provides the foundation for more efficient, secure, and maintainable Zscaler automation. The MCP Server makes it easy to harness these benefits through your preferred AI agents and development tools.Built on the Official Zscaler Python SDKEvery feature in the MCP server is powered by the official Zscaler Python SDK. This ensures:Full API Coverage: Access the latest Zscaler features as soon as they're availableSecurity & Reliability: Built and maintained by Zscaler, with best practices and robust error handlingCommunity Support: Leverage the SDK's documentation, examples, and active communityWorks Seamlessly With Your Favourite AI AgentsThe Zscaler MCP Server is designed and tested to work with the most popular AI-powered agents and developer tools, including:Claude Desktop: Interact with your Zscaler environment using natural language prompts. The server appears in Claude's tools list, enabling you to run queries like "List ZPA Segment Groups" or "List ZIA Rule Labels" directly from chat.Cursor: Integrate the MCP server as a tool in Cursor's "Agent Mode" for code and security automation.Visual Studio Code: Use with GitHub Copilot's Agent Mode to automate Zscaler tasks from your code editor.Other MCP-compatible clients: The server is built to the MCP standard, so it can be integrated with any client that supports MCP.Getting started is easy—just follow the configuration steps in the README for your preferred agent.Flexible Deployment: Docker or Local InstallYou can run the Zscaler MCP Server however you like, and regardless of your deployment method, you have the flexibility to use either the new OneAPI authentication or the legacy API framework.Docker (Recommended for Most Users)Portability & Isolation: Run the server in a container for a consistent, dependency-free experienceQuick Start:Install Docker DesktopCreate a .env file with your Zscaler credentialsBuild and run the container with make docker-buildConfigure your MCP client (Claude, Cursor, VS Code, etc.) to connect to the Dockerized serverLocal Installation (For Developers & Contributors)Editable Source: Clone the repo and install dependencies locally for rapid development and customizationDev Mode:Clone the repositoryInstall dependencies with uv pip install -e . or pip install -r requirements.txtStart the server with your preferred MCP clientBoth methods are fully documented in the README, including sample configuration files for each supported agent.Real-World Use CasesThe Zscaler MCP Server provides practical capabilities for managing Zscaler environments through AI agents. Here are the key use cases and capabilities:Unified Security ManagementThe MCP server enables centralized management across all Zscaler services (ZCC, ZDX, ZIA, ZPA) through a single interface. This allows security teams to:Query and manage policies across multiple Zscaler productsRetrieve device information and enrollment statusAccess firewall rules, URL categories, and network configurationsManage user access and authentication settingsNatural Language Security OperationsConnect AI Agents like Claude Desktop to perform security tasks using conversational language. Common operations include: "List all devices enrolled in ZCC""Show me ZIA firewall rules for our development team""Retrieve ZPA application segments and access policies""Get ZDX performance metrics for our critical applications"Access and use of preview technologyThe Zscaler MCP Server is currently in preview and is intended for development, testing, and evaluation purposes. While we encourage you to try it and provide feedback, use in production settings should be carefully evaluated based on your organization's requirements.The outputs and recommendations provided by the MCP server are generated dynamically and may vary based on the query, model, and the connected Zscaler environment. Users should thoroughly review all outputs/recommendations to ensure they align with their organization's security best practices, compliance requirements, and operational procedures before implementation.Resource ReferencesGitHub RepositoryPython Library (Pypi)Zscaler Python SDK (Official)Zscaler Postman Collection
