Skip to main content

JupiterOne AI Integration (MCP Server)

The JupiterOne Model Context Protocol (MCP) Server enables AI assistants like Claude Desktop and Cursor IDE to interact directly with your JupiterOne account using natural language.

JupiterOne MCP Demo

Prerequisites

  • Active JupiterOne account with API access
  • JupiterOne API key and account ID
  • Node.js version 18 or higher (for local server only)
  • AI assistant with MCP support (Claude Desktop, Cursor IDE, GitHub Copilot, Continue.dev, Cline, Windsurf, etc.)

Installation Methods

The JupiterOne MCP Server can be configured in two ways:

Option 1: Local Server (stdio)

Install and run the MCP server locally using npx:

npx @jupiterone/jupiterone-mcp

Or install globally for repeated use:

npm install -g @jupiterone/jupiterone-mcp

Option 2: Remote HTTP Server

Use JupiterOne's hosted MCP server without local installation:

  • URL Format: https://mcp.<REGION>.jupiterone.io/mcp?accountId=<ACCOUNT_ID>
  • Example: https://mcp.us.jupiterone.io/mcp?accountId=j1dev
  • Authentication: OAuth-based authentication with JupiterOne login
Remote Server Benefits

The remote HTTP server option:

  • Requires no local installation
  • Handles authentication through JupiterOne's OAuth flow
  • Automatically stays up-to-date with the latest features
  • Works across different machines without setup

Configuration

Get Your Credentials

For Local Server (Option 1)

  1. API Key: Navigate to SettingsUser API Tokens in JupiterOne and create a new API key
  2. Account ID: Found in Account Management or by running: find jupiterone_account as x return x.accountId

For Remote Server (Option 2)

  • Account ID: Found in Account Management
  • Region: Your JupiterOne instance region (e.g., us, eu)
AI Access
  • Local Server: Uses API key authentication and runs within the context of the user, respecting RBAC configuration
  • Remote Server: Uses OAuth authentication through JupiterOne login, automatically applying your user permissions

AI Platform Setup

Claude Desktop

  1. Locate your Claude Desktop configuration file:

    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
    • Windows: %APPDATA%\Claude\claude_desktop_config.json
  2. Add configuration based on your chosen method:

Local Server Configuration:

{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}

Remote Server Configuration: In the Claude Desktop App:

  1. Navigate to Settings > Connectors.

  2. Locate the "Connectors" section.

  3. Click "Add custom connector" at the bottom of the section.

  4. Add a title of JupiterOne and url of https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here

  5. Finish configuring your connector by clicking "Add."

  6. Restart Claude Desktop

Cursor IDE

  1. Open Cursor Settings (⌘+, on Mac, Ctrl+, on Windows)
  2. Navigate to FeaturesModel Context Protocol
  3. Add configuration based on your chosen method:

Local Server Configuration:

{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}

Remote Server Configuration:

{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
  1. Restart Cursor

GitHub Copilot

Public Preview

GitHub Copilot MCP support is currently in public preview. Available in Visual Studio Code, JetBrains, Eclipse, and Xcode.

To configure the JupiterOne MCP server with GitHub Copilot:

  1. Create MCP configuration file in your project root at .vscode/mcp.json
  2. Add configuration based on your chosen method:

Local Server Configuration:

{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}

Remote Server Configuration:

{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
  1. Start the MCP server by clicking the "Start" button that appears in the configuration file
  2. Open Copilot Chat and select "Agent" from the popup menu
  3. Access MCP tools by clicking the tools icon to view available MCP servers
  4. Test connection by asking Copilot to query your JupiterOne data

For detailed instructions, see the GitHub Copilot MCP documentation.

Continue.dev

  1. Open Continue.dev settings
  2. Navigate to MCP configuration
  3. Add configuration based on your chosen method:

Local Server Configuration:

{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}

Remote Server Configuration:

{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}

Cline (VS Code Extension)

  1. Install the Cline extension from VS Code marketplace
  2. Open VS Code settings (⌘+, on Mac, Ctrl+, on Windows)
  3. Search for "Cline MCP"
  4. Add configuration based on your chosen method:

Local Server Configuration:

{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}

Remote Server Configuration:

{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}

Windsurf IDE

  1. Open Windsurf Settings
  2. Navigate to AIModel Context Protocol
  3. Add configuration based on your chosen method:

Local Server Configuration:

{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}

Remote Server Configuration:

{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
  1. Restart Windsurf

What You Can Do

Ask your AI assistant natural language questions like:

  • "Show me all critical vulnerabilities from the last 7 days"
  • "Which EC2 instances have public IP addresses?"
  • "Create a dashboard tracking my biggest security risks"
  • "Find all users with admin privileges"
  • "Get active alerts related to unauthorized access"

The MCP server provides 26 tools for querying data, managing alerts and rules, creating dashboards, and monitoring integrations.

Known Limitations

Current Limitations
  • Limited write operations: Modify and delete actions are restricted for safety
  • ChatGPT incompatibility: Does not work with ChatGPT's current MCP specification
API Rate Limits

The MCP server consumes your JupiterOne API rate limit quota. Each operation counts against your API rate limits. Monitor your usage to avoid hitting limits during critical operations.

FAQ

Data Residency & Processing

The JupiterOne MCP Server runs locally on your machine and acts as a secure bridge between your AI assistant and your JupiterOne account. When a query is made, the MCP server uses your API key to fetch data from JupiterOne’s cloud infrastructure, then passes it back to your assistant. While the server itself does not store or transmit data beyond your machine, retrieved data may be sent to the AI assistant’s LLM provider (e.g., Anthropic or OpenAI) depending on your tool’s configuration. Data never passes through a centralized JupiterOne MCP host, and your usage follows the same data residency principles as standard API access.

LLM Compatibility & Data Handling

The MCP Server integrates with any AI assistant that supports the Model Context Protocol (MCP), including Claude Desktop, Cursor IDE, GitHub Copilot, Continue.dev, and Cline. Once the server is running and configured, your assistant can use natural language to request security data, which is fetched from JupiterOne and passed to the LLM for interpretation. This means data such as asset inventories, vulnerability reports, or alert summaries can be included in AI prompts, depending on what you query. It’s important to treat this as a form of third-party data sharing—ensure your selected assistant has appropriate enterprise security practices in place.

Privacy, Logging & Data Sharing

JupiterOne does not store or inspect MCP interactions beyond standard API behavior. Your API key governs all access, and data is only transmitted in response to your assistant’s specific queries. The MCP server runs on your machine and does not retain data. However, your AI assistant may log conversations or prompts on its own platform, just as it would during typical usage. To manage exposure, review your LLM provider’s data retention and privacy terms, and consider using enterprise or self-hosted models for sensitive environments.

Access Control & Security Enforcement

Data access through the MCP Server is governed entirely by the JupiterOne API key and RBAC configuration you provide. The server inherits all access controls from the user role attached to the key—so AI assistants can only retrieve what your account has permission to access. You can further restrict access by scoping the API key, adjusting user roles, or disabling individual MCP tools. Since the server is installed and run locally, you retain full control over when it runs and what it can access. Turning off the server or removing its configuration from your assistant completely disables AI access.

Rate Limits & Quotas

Every request made through the MCP Server counts against your JupiterOne API rate limit. This includes queries for asset data, alerts, dashboards, or integrations. Frequent use through an AI assistant could impact your rate quota if not monitored. We recommend reviewing your API usage regularly—especially when enabling assistants for broad or high-frequency queries—to avoid service slowdowns.

Deployment, Support & Customer Control

The JupiterOne MCP Server can be deployed either locally on your machine or accessed through JupiterOne's hosted remote server. For local deployment, it runs entirely on your environment with no persistent connections. For remote deployment, it connects securely through OAuth authentication. You can disable it at any time by stopping the local process or removing your AI assistant's MCP configuration. For assistance or onboarding, reach out to your CSM or email support@jupiterone.com.

Getting Started

To start using the JupiterOne MCP Server:

  1. Choose between local or remote server deployment
  2. Configure your preferred AI assistant using the instructions above
  3. Start asking natural language questions about your security data

Support

For technical support or questions, contact your Customer Success Manager or reach out through your standard JupiterOne support channels.