zscaler-mcp-server is a Model Context Protocol (MCP) server that connects AI agents with the Zscaler Zero Trust Exchange platform. By default, the server operates in read-only mode for security, requiring explicit opt-in to enable write operations.
-> Disclaimer: Please refer to our General Support Statement before proceeding with the use of this provider. You can also refer to our troubleshooting guide for guidance on typical problems.
Important
π§ Public Preview: This project is currently in public preview and under active development. Features and functionality may change before the stable 1.0 release. While we encourage exploration and testing, please avoid production deployments. We welcome your feedback through GitHub Issues to help shape the final release.
- πΊ Overview
- π Security & Permissions
- Supported Tools
- Installation & Setup
- Usage
- Zscaler API Credentials & Authentication
- As a Library
- Container Usage
- Editor/Assistant Integration
- Additional Deployment Options
- Using the MCP Server with Agents
- Troubleshooting
- License
The Zscaler Integrations MCP Server brings context to your agents. Try prompts like:
- "List my ZPA Application segments"
- "List my ZPA Segment Groups"
- "List my ZIA Rule Labels"
Warning
π READ-ONLY BY DEFAULT: For security, this MCP server operates in read-only mode by default. Only list_* and get_* operations are available. To enable tools that can CREATE, UPDATE, or DELETE Zscaler resources, you must explicitly enable write mode using the --enable-write-tools flag or by setting ZSCALER_MCP_WRITE_ENABLED=true. See the Security & Permissions section for details.
The Zscaler MCP Server implements a security-first design with granular permission controls and safe defaults:
By default, the server operates in read-only mode, exposing only tools that list or retrieve information:
- β ALWAYS AVAILABLE - Read-only tools are registered by the server
- β Safe to use with AI agents autonomously
- β No risk of accidental resource modification or deletion
- β
All
list_*andget_*operations are available (110+ read-only tools) - β All
create_*,update_*, anddelete_*operations are disabled by default - π‘ Note: You may need to enable read-only tools in your AI agent's UI settings
# Read-only mode (default - safe)
zscaler-mcpWhen the server starts in read-only mode, you'll see:
π Server running in READ-ONLY mode (safe default)
Only list and get operations are available
To enable write operations, use --enable-write-tools AND --write-tools flags
π‘ Read-only tools are ALWAYS registered by the server regardless of any flags. You never need to enable them server-side. Note: Your AI agent UI (like Claude Desktop) may require you to enable individual tools before use.
To enable tools that can create, modify, or delete Zscaler resources, you must provide BOTH flags:
- β
--enable-write-tools- Global unlock for write operations - β
--write-tools "pattern"- MANDATORY explicit allowlist
π SECURITY: Allowlist is MANDATORY - If you set
--enable-write-toolswithout--write-tools, 0 write tools will be registered. This ensures you consciously choose which write operations to enable.
# β WRONG: This will NOT enable any write tools (allowlist missing)
zscaler-mcp --enable-write-tools
# β
CORRECT: Explicit allowlist required
zscaler-mcp --enable-write-tools --write-tools "zpa_create_*,zpa_delete_*"When you try to enable write mode without an allowlist:
β οΈ WRITE TOOLS MODE ENABLED
β οΈ NO allowlist provided - 0 write tools will be registered
β οΈ Read-only tools will still be available
β οΈ To enable write operations, add: --write-tools 'pattern'
The allowlist provides two-tier security:
- β
First Gate:
--enable-write-toolsmust be set (global unlock) - β Second Gate: Explicit allowlist determines which write tools are registered (MANDATORY)
Allowlist Examples:
# Enable ONLY specific write tools with wildcards
zscaler-mcp --enable-write-tools --write-tools "zpa_create_*,zpa_delete_*"
# Enable specific tools without wildcards
zscaler-mcp --enable-write-tools --write-tools "zpa_create_application_segment,zia_create_rule_label"
# Enable all ZPA write operations (but no ZIA/ZDX/ZTW)
zscaler-mcp --enable-write-tools --write-tools "zpa_*"Or via environment variable:
export ZSCALER_MCP_WRITE_ENABLED=true
export ZSCALER_MCP_WRITE_TOOLS="zpa_create_*,zpa_delete_*"
zscaler-mcpWildcard patterns supported:
zpa_create_*- Allow all ZPA creation toolszpa_delete_*- Allow all ZPA deletion toolszpa_*- Allow all ZPA write tools*_application_segment- Allow all operations on application segmentszpa_create_application_segment- Exact match (no wildcard)
When using a valid allowlist, you'll see:
β οΈ WRITE TOOLS MODE ENABLED
β οΈ Explicit allowlist provided - only listed write tools will be registered
β οΈ Allowed patterns: zpa_create_*, zpa_delete_*
β οΈ Server can CREATE, MODIFY, and DELETE Zscaler resources
π Security: 85 write tools blocked by allowlist, 8 allowed
Each operation is a separate, single-purpose tool with explicit naming that makes its intent clear:
zpa_list_application_segments β Read-only, safe to allow-list
zpa_get_application_segment β Read-only, safe to allow-list
zpa_create_application_segment β Write operation, requires --enable-write-tools
zpa_update_application_segment β Write operation, requires --enable-write-tools
zpa_delete_application_segment β Destructive, requires --enable-write-tools
This design allows AI assistants (Claude, Cursor, GitHub Copilot) to:
- Allow-list read-only tools for autonomous exploration
- Require explicit user confirmation for write operations
- Clearly understand the intent of each tool from its name
The server implements multiple layers of security (defense-in-depth):
- Read-Only Tools Always Enabled: Safe
list_*andget_*operations are always available (110+ tools) - Default Write Mode Disabled: Write tools are disabled unless explicitly enabled via
--enable-write-tools - Mandatory Allowlist: Write operations require explicit
--write-toolsallowlist (wildcard support) - Verb-Based Tool Naming: Each tool clearly indicates its purpose (
list,get,create,update,delete) - Tool Metadata Annotations: All tools are annotated with
readOnlyHintordestructiveHintfor AI agent frameworks - AI Agent Confirmation: All write tools marked with
destructiveHint=Truetrigger permission dialogs in AI assistants - Double Confirmation for DELETE: Delete operations require both permission dialog AND server-side confirmation (extra protection for irreversible actions)
- Environment Variable Control:
ZSCALER_MCP_WRITE_ENABLEDandZSCALER_MCP_WRITE_TOOLScan be managed centrally - Audit Logging: All operations are logged for tracking and compliance
This multi-layered approach ensures that even if one security control is bypassed, others remain in place to prevent unauthorized operations.
Key Security Principles:
- No "enable all write tools" backdoor exists - allowlist is mandatory
- AI agents must request permission before executing any write operation (
destructiveHint) - Every destructive action requires explicit user approval through the AI agent's permission framework
- Read-Only by Default: No configuration needed for safe operations - read-only tools are always available
- Mandatory Allowlist: Always provide explicit
--write-toolsallowlist when enabling write mode - Development/Testing: Use narrow allowlists (e.g.,
--write-tools "zpa_create_application_segment") - Production/Agents: Keep server in read-only mode (default) for AI agents performing autonomous operations
- CI/CD: Never set
ZSCALER_MCP_WRITE_ENABLED=truewithout a correspondingZSCALER_MCP_WRITE_TOOLSallowlist - Least Privilege: Use narrowest possible allowlist patterns for your use case
- Wildcard Usage: Use wildcards for service-level control (e.g.,
zpa_create_*) or operation-level control (e.g.,*_create_*) - Audit Review: Regularly review which write tools are allowlisted and remove unnecessary ones
The Zscaler Integrations MCP Server provides 150+ tools for all major Zscaler services:
| Service | Description | Tools |
|---|---|---|
| ZCC | Zscaler Client Connector - Device management | 4 read-only |
| ZDX | Zscaler Digital Experience - Monitoring & analytics | 18 read-only |
| ZIdentity | Identity & access management | 3 read-only |
| ZIA | Zscaler Internet Access - Security policies | 60+ read/write |
| ZPA | Zscaler Private Access - Application access | 60+ read/write |
| ZTW | Zscaler Workload Segmentation | 20+ read/write |
| EASM | External Attack Surface Management | 7 read-only |
π View Complete Tools Reference β
Note: All write operations require the
--enable-write-toolsflag and an explicit--write-toolsallowlist. See the Security & Permissions section for details.
- Python 3.11 or higher
uvor pip- Zscaler API credentials (see below)
Copy the example environment file and configure your credentials:
cp .env.example .envThen edit .env with your Zscaler API credentials:
Required Configuration (OneAPI):
ZSCALER_CLIENT_ID: Your Zscaler OAuth client IDZSCALER_CLIENT_SECRET: Your Zscaler OAuth client secretZSCALER_CUSTOMER_ID: Your Zscaler customer IDZSCALER_VANITY_DOMAIN: Your Zscaler vanity domain
Optional Configuration:
ZSCALER_CLOUD: (Optional) Zscaler cloud environment (e.g.,beta) - Required when interacting with Beta Tenant ONLY.ZSCALER_USE_LEGACY: Enable legacy API mode (true/false, default:false)ZSCALER_MCP_SERVICES: Comma-separated list of services to enable (default: all services)ZSCALER_MCP_TRANSPORT: Transport method -stdio,sse, orstreamable-http(default:stdio)ZSCALER_MCP_DEBUG: Enable debug logging -trueorfalse(default:false)ZSCALER_MCP_HOST: Host for HTTP transports (default:127.0.0.1)ZSCALER_MCP_PORT: Port for HTTP transports (default:8000)
Alternatively, you can set these as environment variables instead of using a .env file.
Important: Ensure your API client has the necessary permissions for the services you plan to use. You can always update permissions later in the Zscaler console.
Note: This will open VS Code and prompt you to configure the MCP server. You'll need to replace the placeholder values (
<YOUR_CLIENT_ID>, etc.) with your actual Zscaler credentials.
uv tool install zscaler-mcpuv pip install -e .pip install -e .make install-devTip
If zscaler-mcp-server isn't found, update your shell PATH.
For installation via code editors/assistants, see the Using the MCP Server with Agents section below.
Note
Default Security Mode: All examples below run in read-only mode by default (only list_* and get_* operations). To enable write operations (create_*, update_*, delete_*), add the --enable-write-tools flag to any command, or set ZSCALER_MCP_WRITE_ENABLED=true in your environment.
Run the server with default settings (stdio transport, read-only mode):
zscaler-mcpRun the server with write operations enabled:
zscaler-mcp --enable-write-toolsRun with SSE transport:
zscaler-mcp --transport sseRun with streamable-http transport:
zscaler-mcp --transport streamable-httpRun with streamable-http transport on custom port:
zscaler-mcp --transport streamable-http --host 0.0.0.0 --port 8080The Zscaler Integrations MCP Server supports multiple ways to specify which services to enable:
Specify services using comma-separated lists:
# Enable specific services
zscaler-mcp --services zia,zpa,zdx
# Enable only one service
zscaler-mcp --services ziaSet the ZSCALER_MCP_SERVICES environment variable:
# Export environment variable
export ZSCALER_MCP_SERVICES=zia,zpa,zdx
zscaler-mcp
# Or set inline
ZSCALER_MCP_SERVICES=zia,zpa,zdx zscaler-mcpIf no services are specified via command line or environment variable, all available services are enabled by default.
Service Priority Order:
- Command line
--servicesargument (overrides all) ZSCALER_MCP_SERVICESenvironment variable (fallback)- All services (default when none specified)
# Enable write operations (create, update, delete)
zscaler-mcp --enable-write-tools
# Enable debug logging
zscaler-mcp --debug
# Combine multiple options
zscaler-mcp --services zia,zpa --enable-write-tools --debugFor all available options:
zscaler-mcp --helpAvailable command-line flags:
--transport: Transport protocol (stdio,sse,streamable-http)--services: Comma-separated list of services to enable--tools: Comma-separated list of specific tools to enable--enable-write-tools: Enable write operations (disabled by default for safety)--debug: Enable debug logging--host: Host for HTTP transports (default:127.0.0.1)--port: Port for HTTP transports (default:8000)
The Zscaler Integrations MCP Server supports two authentication methods: OneAPI (recommended) and Legacy API. You must choose ONE method - do not mix them.
Important
- OneAPI: Single credential set for ALL services (ZIA, ZPA, ZCC, ZDX)
- Legacy: Separate credentials required for EACH service
- DO NOT set both OneAPI and Legacy credentials simultaneously
- DO NOT set
ZSCALER_USE_LEGACY=trueif using OneAPI
- β One set of credentials works for ALL services (ZIA, ZPA, ZCC, ZDX, ZTW)
- β Modern OAuth2.0 authentication via Zidentity
- β Easier to manage and maintain
- β Default authentication method (no flag needed)
- Use this if: You have access to Zidentity console and want simplicity
β οΈ Separate credentials required for each service you want to useβ οΈ Different authentication methods per service (OAuth for ZPA, API key for ZIA, etc.)β οΈ Must setZSCALER_USE_LEGACY=trueenvironment variable- Use this if: You don't have OneAPI access or need per-service credential management
Do you have access to Zidentity console?
ββ YES β Use OneAPI (Option A)
ββ NO β Use Legacy Mode (Option B)
OneAPI provides a single set of credentials that authenticate to all Zscaler services. This is the default and recommended method.
Before using OneAPI, you need to:
- Create an API Client in the Zidentity platform
- Obtain your credentials:
clientId,clientSecret,customerId, andvanityDomain - Learn more: Understanding OneAPI
Create a .env file in your project root (or where you'll run the MCP server):
# OneAPI Credentials (Required)
ZSCALER_CLIENT_ID=your_client_id
ZSCALER_CLIENT_SECRET=your_client_secret
ZSCALER_CUSTOMER_ID=your_customer_id
ZSCALER_VANITY_DOMAIN=your_vanity_domain
# Optional: Only required for Beta tenants
ZSCALER_CLOUD=beta.env to source control. Add it to your .gitignore.
| Environment Variable | Required | Description |
|---|---|---|
ZSCALER_CLIENT_ID |
Yes | Zscaler OAuth client ID from Zidentity console |
ZSCALER_CLIENT_SECRET |
Yes | Zscaler OAuth client secret from Zidentity console |
ZSCALER_CUSTOMER_ID |
Yes | Zscaler customer ID |
ZSCALER_VANITY_DOMAIN |
Yes | Your organization's vanity domain (e.g., acme) |
ZSCALER_CLOUD |
No | Zscaler cloud environment (e.g., beta, zscalertwo). Only required for Beta tenants |
ZSCALER_PRIVATE_KEY |
No | OAuth private key for JWT-based authentication (alternative to client secret) |
After setting up your .env file, test the connection:
# Test with a simple command
zscaler-mcpIf authentication is successful, the server will start without errors. If you see authentication errors, verify:
- All required environment variables are set correctly
- Your API client has the necessary permissions in Zidentity
- Your credentials are valid and not expired
Legacy mode requires separate credentials for each Zscaler service. This method is only needed if you don't have access to OneAPI.
Warning
- You MUST set
ZSCALER_USE_LEGACY=truein your.envfile - You MUST provide credentials for each service you want to use
- OneAPI credentials are ignored when
ZSCALER_USE_LEGACY=trueis set - Clients are created on-demand when tools are called (not at startup)
Create a .env file with the following structure:
# Enable Legacy Mode (REQUIRED - set once at the top)
ZSCALER_USE_LEGACY=true
# ZPA Legacy Credentials (if using ZPA)
ZPA_CLIENT_ID=your_zpa_client_id
ZPA_CLIENT_SECRET=your_zpa_client_secret
ZPA_CUSTOMER_ID=your_zpa_customer_id
ZPA_CLOUD=BETA
# ZIA Legacy Credentials (if using ZIA)
ZIA_USERNAME=your_zia_username
ZIA_PASSWORD=your_zia_password
ZIA_API_KEY=your_zia_api_key
ZIA_CLOUD=zscalertwo
# ZCC Legacy Credentials (if using ZCC)
ZCC_CLIENT_ID=your_zcc_client_id
ZCC_CLIENT_SECRET=your_zcc_client_secret
ZCC_CLOUD=zscalertwo
# ZDX Legacy Credentials (if using ZDX)
ZDX_CLIENT_ID=your_zdx_client_id
ZDX_CLIENT_SECRET=your_zdx_client_secret
ZDX_CLOUD=zscalertwo.env to source control. Add it to your .gitignore.
| Environment Variable | Required | Description |
|---|---|---|
ZPA_CLIENT_ID |
Yes | ZPA API client ID from ZPA console |
ZPA_CLIENT_SECRET |
Yes | ZPA API client secret from ZPA console |
ZPA_CUSTOMER_ID |
Yes | ZPA tenant ID (found in Administration > Company menu) |
ZPA_CLOUD |
Yes | Zscaler cloud for ZPA tenancy (e.g., BETA, zscalertwo) |
ZPA_MICROTENANT_ID |
No | ZPA microtenant ID (if using microtenants) |
Where to find ZPA credentials:
- API Client ID/Secret: ZPA console > Configuration & Control > Public API > API Keys
- Customer ID: ZPA console > Administration > Company
| Environment Variable | Required | Description |
|---|---|---|
ZIA_USERNAME |
Yes | ZIA API admin email address |
ZIA_PASSWORD |
Yes | ZIA API admin password |
ZIA_API_KEY |
Yes | ZIA obfuscated API key (from obfuscateApiKey() method) |
ZIA_CLOUD |
Yes | Zscaler cloud name (see supported clouds below) |
Supported ZIA Cloud Environments:
zscaler,zscalerone,zscalertwo,zscalerthreezscloud,zscalerbeta,zscalergov,zscalerten,zspreview
Where to find ZIA credentials:
- Username/Password: Your ZIA admin account
- API Key: ZIA Admin Portal > Administration > API Key Management
| Environment Variable | Required | Description |
|---|---|---|
ZCC_CLIENT_ID |
Yes | ZCC API key (Mobile Portal) |
ZCC_CLIENT_SECRET |
Yes | ZCC secret key (Mobile Portal) |
ZCC_CLOUD |
Yes | Zscaler cloud name (see supported clouds below) |
NOTE:
ZCC_CLOUDis required and identifies the correct API gateway.
Supported ZCC Cloud Environments:
zscaler,zscalerone,zscalertwo,zscalerthreezscloud,zscalerbeta,zscalergov,zscalerten,zspreview
| Environment Variable | Required | Description |
|---|---|---|
ZDX_CLIENT_ID |
Yes | ZDX key ID |
ZDX_CLIENT_SECRET |
Yes | ZDX secret key |
ZDX_CLOUD |
Yes | Zscaler cloud name prefix |
Where to find ZDX credentials:
- ZDX Portal > API Keys section
When ZSCALER_USE_LEGACY=true:
- All tools use legacy API clients by default
- You can override per-tool by setting
use_legacy: falsein tool parameters - The MCP server initializes without creating clients at startup
- Clients are created on-demand when individual tools are called
- This allows the server to work with different legacy services without requiring a specific service during initialization
Common Issues:
-
"Authentication failed" errors:
- Verify all required environment variables are set
- Check that credentials are correct and not expired
- Ensure you're using the correct cloud environment
-
"Legacy credentials ignored" warning:
- This is normal when using OneAPI mode
- Legacy credentials are only loaded when
ZSCALER_USE_LEGACY=true
-
"OneAPI credentials ignored" warning:
- This is normal when using Legacy mode
- OneAPI credentials are only used when
ZSCALER_USE_LEGACYis not set or isfalse
-
Mixed authentication errors:
- DO NOT set both OneAPI and Legacy credentials
- DO NOT set
ZSCALER_USE_LEGACY=trueif using OneAPI - Choose ONE method and stick with it
The following environment variables control MCP server behavior (not authentication):
| Environment Variable | Default | Description |
|---|---|---|
ZSCALER_MCP_TRANSPORT |
stdio |
Transport protocol to use (stdio, sse, or streamable-http) |
ZSCALER_MCP_SERVICES |
"" |
Comma-separated list of services to enable (empty = all services). Supported values: zcc, zdx, zia, zidentity, zpa, ztw |
ZSCALER_MCP_TOOLS |
"" |
Comma-separated list of specific tools to enable (empty = all tools) |
ZSCALER_MCP_WRITE_ENABLED |
false |
Enable write operations (true/false). When false, only read-only tools are available. Set to true or use --enable-write-tools flag to unlock write mode. |
ZSCALER_MCP_WRITE_TOOLS |
"" |
MANDATORY comma-separated allowlist of write tools (supports wildcards like zpa_*). Requires ZSCALER_MCP_WRITE_ENABLED=true. If empty when write mode enabled, 0 write tools registered. |
ZSCALER_MCP_DEBUG |
false |
Enable debug logging (true/false) |
ZSCALER_MCP_HOST |
127.0.0.1 |
Host to bind to for HTTP transports |
ZSCALER_MCP_PORT |
8000 |
Port to listen on for HTTP transports |
ZSCALER_MCP_USER_AGENT_COMMENT |
"" |
Additional information to include in User-Agent comment section |
The MCP server automatically includes a custom User-Agent header in all API requests to Zscaler services. The format is:
User-Agent: zscaler-mcp-server/<version> python/<python_version> <os>/<architecture>Example:
User-Agent: zscaler-mcp-server/0.3.1 python/3.11.8 darwin/arm64With Custom Comment:
You can append additional information (such as the AI agent details) using the ZSCALER_MCP_USER_AGENT_COMMENT environment variable or the --user-agent-comment CLI flag:
# Via environment variable
export ZSCALER_MCP_USER_AGENT_COMMENT="Claude Desktop 1.2024.10.23"
# Via CLI flag
zscaler-mcp --user-agent-comment "Claude Desktop 1.2024.10.23"This results in:
User-Agent: zscaler-mcp-server/0.3.1 python/3.11.8 darwin/arm64 Claude Desktop 1.2024.10.23The User-Agent helps Zscaler identify API traffic from the MCP server and can be useful for support, analytics, and debugging purposes.
You can use the Zscaler Integrations MCP Server as a Python library in your own applications:
from zscaler_mcp.server import ZscalerMCPServer
# Create server with read-only mode (default - safe)
server = ZscalerMCPServer(
debug=True, # Optional, enable debug logging
enabled_services={"zia", "zpa", "zdx"}, # Optional, defaults to all services
enabled_tools={"zia_list_rule_labels", "zpa_list_application_segments"}, # Optional, defaults to all tools
user_agent_comment="My Custom App", # Optional, additional User-Agent info
enable_write_tools=False # Optional, defaults to False (read-only mode)
)
# Run with stdio transport (default)
server.run()
# Or run with SSE transport
server.run("sse")
# Or run with streamable-http transport
server.run("streamable-http")
# Or run with streamable-http transport on custom host/port
server.run("streamable-http", host="0.0.0.0", port=8080)Example with write operations enabled:
from zscaler_mcp.server import ZscalerMCPServer
# Create server with write operations enabled
server = ZscalerMCPServer(
debug=True,
enabled_services={"zia", "zpa"},
enable_write_tools=True # Enable create/update/delete operations
)
# Run the server
server.run("stdio")Available Services: zcc, zdx, zia, zidentity, zpa
Example with Environment Variables:
from zscaler_mcp.server import ZscalerMCPServer
import os
# Load from environment variables
server = ZscalerMCPServer(
debug=True,
enabled_services={"zia", "zpa"}
)
# Run the server
server.run("stdio")# Run with stdio transport
python examples/basic_usage.py
# Run with SSE transport
python examples/sse_usage.py
# Run with streamable-http transport
python examples/streamable_http_usage.pyThe Zscaler Integrations MCP Server is available as a pre-built container image for easy deployment:
# Pull the latest pre-built image
docker pull quay.io/zscaler/zscaler-mcp-server:latest
# Run with .env file (recommended)
docker run --rm --env-file /path/to/.env quay.io/zscaler/zscaler-mcp-server:latest
# Run with .env file and SSE transport
docker run --rm -p 8000:8000 --env-file /path/to/.env \
quay.io/zscaler/zscaler-mcp-server:latest --transport sse --host 0.0.0.0
# Run with .env file and streamable-http transport
docker run --rm -p 8000:8000 --env-file /path/to/.env \
quay.io/zscaler/zscaler-mcp-server:latest --transport streamable-http --host 0.0.0.0
# Run with .env file and custom port
docker run --rm -p 8080:8080 --env-file /path/to/.env \
quay.io/zscaler/zscaler-mcp-server:latest --transport streamable-http --host 0.0.0.0 --port 8080
# Run with .env file and specific services
docker run --rm --env-file /path/to/.env \
quay.io/zscaler/zscaler-mcp-server:latest --services zia,zpa,zdx
# Use a specific version instead of latest
docker run --rm --env-file /path/to/.env \
quay.io/zscaler/zscaler-mcp-server:1.2.3
# Alternative: Individual environment variables
docker run --rm -e ZSCALER_CLIENT_ID=your_client_id -e ZSCALER_CLIENT_SECRET=your_secret \
-e ZSCALER_CUSTOMER_ID=your_customer_id -e ZSCALER_VANITY_DOMAIN=your_vanity_domain \
quay.io/zscaler/zscaler-mcp-server:latestFor development or customization purposes, you can build the image locally:
# Build the Docker image
docker build -t zscaler-mcp-server .
# Run the locally built image
docker run --rm -e ZSCALER_CLIENT_ID=your_client_id -e ZSCALER_CLIENT_SECRET=your_secret \
-e ZSCALER_CUSTOMER_ID=your_customer_id -e ZSCALER_VANITY_DOMAIN=your_vanity_domain zscaler-mcp-serverNote: When using HTTP transports in Docker, always set --host 0.0.0.0 to allow external connections to the container.
You can integrate the Zscaler Integrations MCP server with your editor or AI assistant. Here are configuration examples for popular MCP clients:
{
"mcpServers": {
"zscaler-mcp-server": {
"command": "uvx",
"args": ["--env-file", "/path/to/.env", "zscaler-mcp-server"]
}
}
}Important
AWS Marketplace Image Available: For Amazon Bedrock AgentCore deployments, we provide a dedicated container image optimized for Bedrock's stateless HTTP environment. This image includes a custom web server wrapper that handles session management and is specifically designed for AWS Bedrock AgentCore Runtime.
π Quick Start with AWS Marketplace:
The easiest way to deploy the Zscaler Integrations MCP Server to Amazon Bedrock AgentCore is through the AWS Marketplace listing. The Marketplace image includes:
- β Pre-configured for Bedrock AgentCore Runtime
- β Custom web server wrapper for stateless HTTP environments
- β Session management handled automatically
- β Health check endpoints for ECS compatibility
- β Optimized for AWS Bedrock AgentCore's requirements
π Full Deployment Guide:
For detailed deployment instructions, IAM configuration, and troubleshooting, please refer to the comprehensive Amazon Bedrock AgentCore deployment guide.
The deployment guide covers:
- Prerequisites and AWS VPC requirements
- IAM role and trust policy configuration
- Step-by-step deployment instructions
- Environment variable configuration
- Write mode configuration (for CREATE/UPDATE/DELETE operations)
- Troubleshooting and verification steps
Note
The AWS Marketplace image uses a different architecture than the standard streamable-http transport. It includes a FastAPI-based web server wrapper (web_server.py) that bypasses the MCP protocol's session initialization requirements, making it compatible with Bedrock's stateless HTTP environment. This is why the Marketplace image is recommended for Bedrock deployments.
This section provides instructions for configuring the Zscaler Integrations MCP Server with popular AI agents. Before starting, ensure you have:
- β Completed Installation & Setup
- β Configured Authentication
- β
Created your
.envfile with credentials
You can install the Zscaler MCP Server in Claude Desktop using either method:
- Open Claude Desktop
- Go to Settings β Extensions β Browse Extensions
- In the search box, type
zscaler - Select Zscaler MCP Server from the results
- Click Install or Add
- Configure your
.envfile path when prompted (or edit the configuration after installation) - Restart Claude Desktop completely (quit and reopen)
- Verify by asking Claude: "What Zscaler tools are available?"
- Open Claude Desktop
- Go to Settings β Developer β Edit Config
- Add the following configuration:
{
"mcpServers": {
"zscaler-mcp-server": {
"command": "uvx",
"args": ["--env-file", "/absolute/path/to/your/.env", "zscaler-mcp-server"]
}
}
}Important: Replace
/absolute/path/to/your/.envwith the absolute path to your.envfile. Relative paths will not work.
- Save the configuration file
- Restart Claude Desktop completely (quit and reopen)
- Verify by asking Claude: "What Zscaler tools are available?"
Troubleshooting:
- "MCP server not found": Verify the
.envfile path is absolute and correct - "Authentication failed": Check that your
.envfile contains valid credentials - Tools not appearing: Check Claude Desktop logs (Help > View Logs) for errors
- Extension not found: Ensure you're searching in the "Desktop extensions" tab, not "Web"
- Open Cursor
- Go to Settings β Cursor Settings β Tools & MCP β New MCP Server
- The configuration will be saved to
~/.cursor/mcp.json. Add the following configuration:
{
"mcpServers": {
"zscaler-mcp-server": {
"command": "uvx",
"args": ["--env-file", "/absolute/path/to/your/.env", "zscaler-mcp-server"]
}
}
}Alternative: You can also use Docker instead of
uvx:{ "mcpServers": { "zscaler-mcp-server": { "command": "docker", "args": [ "run", "-i", "--rm", "--env-file", "/absolute/path/to/your/.env", "quay.io/zscaler/zscaler-mcp-server:latest" ] } } }
- Save the configuration file
- Restart Cursor completely (quit and reopen)
- Verify by asking: "List my ZIA rule labels"
Troubleshooting:
- Check Cursor's MCP logs (View > Output > MCP) for connection errors
- Verify the
.envfile path is absolute and credentials are correct - The configuration file is located at
~/.cursor/mcp.json(or%USERPROFILE%\.cursor\mcp.jsonon Windows)
Common Issues:
-
"Command not found: uvx"
- Install
uv:curl -LsSf https://astral.sh/uv/install.sh | sh - Or use Docker: Replace
uvxwithdocker run --rm --env-file /path/to/.env quay.io/zscaler/zscaler-mcp-server:latest
- Install
-
".env file not found"
- Use absolute paths, not relative paths
- Verify the file exists at the specified path
- Check file permissions (should be readable)
-
"Authentication failed"
- Verify all required environment variables are in
.env - Check that credentials are correct and not expired
- Ensure you're using the correct authentication method (OneAPI vs Legacy)
- Verify all required environment variables are in
-
"Tools not appearing"
- Some agents require you to enable tools in their UI
- Check agent logs for connection errors
- Verify the MCP server is running (check agent's MCP status)
-
"Server connection timeout"
- Ensure the MCP server can start successfully
- Test manually:
uvx --env-file /path/to/.env zscaler-mcp-server - Check for port conflicts if using HTTP transports
Getting Help:
- Check agent-specific logs (usually in Help/View menu)
- Test the server manually to isolate agent vs server issues
- Review the Troubleshooting section for more details
