Getting Started with Zscaler Integrations MCP Server

This guide will help you get up and running with the Zscaler Integrations MCP Server quickly.

Prerequisites

Before you begin, ensure you have:

  • Python 3.11 or higher installed

  • uv installed (recommended) or pip

  • Access to Zscaler APIs (OneAPI credentials)

  • Basic understanding of Model Context Protocol (MCP)

Installation

Install using uv (recommended):

uv tool install zscaler-mcp

Or install using pip:

pip install zscaler-mcp

Or install from source:

git clone https://github.com/zscaler/zscaler-mcp-server.git
cd zscaler-mcp-server
pip install -e .

Configuration

The MCP server requires Zscaler API credentials to function. Create a .env file with your credentials:

OneAPI Authentication

ZSCALER_CLIENT_ID="your_client_id"
ZSCALER_CLIENT_SECRET="your_client_secret"
ZSCALER_CUSTOMER_ID="your_customer_id"  # required only for ZPA tools
ZSCALER_VANITY_DOMAIN="your_vanity_domain"

For JWT-based auth, set ZSCALER_PRIVATE_KEY (PEM-encoded) in place of ZSCALER_CLIENT_SECRET.

Warning

Do not commit .env to source control. Add it to your .gitignore.

For the full list of environment variables (including MCP Client Authentication and Network Security), see the Configuration Guide.

Running the Server

Start the MCP server using the command line:

# Default (stdio transport)
zscaler-mcp

# With SSE transport
zscaler-mcp --transport sse

# With streamable-http transport
zscaler-mcp --transport streamable-http

# With specific services
zscaler-mcp --services zia,zpa,zdx

# With a narrow toolset selection (loads only those tools, on every transport)
zscaler-mcp --toolsets zia_url_filtering,zpa_app_segments

# With write operations enabled
zscaler-mcp --enable-write-tools --write-tools "zpa_create_*,zia_update_*"

For all available options:

zscaler-mcp --help

Connecting with AI Assistants

The Zscaler MCP Server integrates with multiple AI development platforms. Native plugin/extension support is available for:

  • Claude Code — Native plugin with marketplace support (claude plugin install zscaler)

  • Claude Desktop — Manual MCP configuration or one-click extension install

  • Cursor — Native plugin with guided skills

  • Gemini CLI — Extension with contextual tool guidance

  • Kiro IDE — Power with service-specific steering files

  • VS Code + GitHub Copilot — MCP configuration via Agent Mode

For detailed setup instructions for each platform, see the Integrations page.

Quick Configuration (Any MCP Client)

Using uvx (recommended):

{
  "mcpServers": {
    "zscaler-mcp-server": {
      "command": "uvx",
      "args": ["--env-file", "/absolute/path/to/.env", "zscaler-mcp"]
    }
  }
}

Using Docker:

{
  "mcpServers": {
    "zscaler-mcp-server": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "--env-file", "/absolute/path/to/.env",
        "zscaler/zscaler-mcp-server:latest"
      ]
    }
  }
}

Testing the Connection

Once the server is running, you can test it by asking your AI assistant:

  • “What Zscaler tools are available?”

  • “List my ZPA application segments”

  • “List all ZIA rule labels”

  • “Show me ZCC device information”

  • “List my ZDX applications”

Next Steps

Troubleshooting

Common issues and solutions:

  1. “Command not found: zscaler-mcp” — Install uv: curl -LsSf https://astral.sh/uv/install.sh | sh then uv tool install zscaler-mcp

  2. Authentication errors — Verify your credentials and cloud environment in .env

  3. Connection refused — Ensure the server is running and accessible; check ZSCALER_MCP_ALLOW_HTTP if connecting over HTTP

  4. Tools not appearing — Check that the service is enabled (ZSCALER_MCP_SERVICES) and write tools are explicitly allowed (--enable-write-tools + --write-tools)

For more detailed troubleshooting, see the troubleshooting guide.