JupiterOne AI Integration (MCP Server)
The JupiterOne Model Context Protocol (MCP) Server enables AI assistants like Claude Desktop and Cursor IDE to interact directly with your JupiterOne account using natural language.
Prerequisites
- Active JupiterOne account with API access
- JupiterOne API key and account ID
- Node.js version 18 or higher (for local server only)
- AI assistant with MCP support (Claude Desktop, Cursor IDE, GitHub Copilot, Continue.dev, Cline, Windsurf, etc.)
Installation Methods
The JupiterOne MCP Server can be configured in two ways:
Option 1: Local Server (stdio)
Install and run the MCP server locally using npx:
npx @jupiterone/jupiterone-mcp
Or install globally for repeated use:
npm install -g @jupiterone/jupiterone-mcp
Option 2: Remote HTTP Server
Use JupiterOne's hosted MCP server without local installation:
- URL Format:
https://mcp.<REGION>.jupiterone.io/mcp?accountId=<ACCOUNT_ID> - Example:
https://mcp.us.jupiterone.io/mcp?accountId=j1dev - Authentication: OAuth-based authentication with JupiterOne login
The remote HTTP server option:
- Requires no local installation
- Handles authentication through JupiterOne's OAuth flow
- Automatically stays up-to-date with the latest features
- Works across different machines without setup
Configuration
Get Your Credentials
For Local Server (Option 1)
- API Key: Navigate to Settings → User API Tokens in JupiterOne and create a new API key
- Account ID: Found in Account Management or by running:
find jupiterone_account as x return x.accountId
For Remote Server (Option 2)
- Account ID: Found in Account Management
- Region: Your JupiterOne instance region (e.g.,
us,eu)
- Local Server: Uses API key authentication and runs within the context of the user, respecting RBAC configuration
- Remote Server: Uses OAuth authentication through JupiterOne login, automatically applying your user permissions
AI Platform Setup
Claude Desktop
-
Locate your Claude Desktop configuration file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
-
Add configuration based on your chosen method:
Local Server Configuration:
{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}
Remote Server Configuration: In the Claude Desktop App:
-
Navigate to Settings > Connectors.
-
Locate the "Connectors" section.
-
Click "Add custom connector" at the bottom of the section.
-
Add a title of JupiterOne and url of
https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here -
Finish configuring your connector by clicking "Add."
-
Restart Claude Desktop
Cursor IDE
- Open Cursor Settings (⌘+, on Mac, Ctrl+, on Windows)
- Navigate to Features → Model Context Protocol
- Add configuration based on your chosen method:
Local Server Configuration:
{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}
Remote Server Configuration:
{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
- Restart Cursor
GitHub Copilot
GitHub Copilot MCP support is currently in public preview. Available in Visual Studio Code, JetBrains, Eclipse, and Xcode.
To configure the JupiterOne MCP server with GitHub Copilot:
- Create MCP configuration file in your project root at
.vscode/mcp.json - Add configuration based on your chosen method:
Local Server Configuration:
{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}
Remote Server Configuration:
{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
- Start the MCP server by clicking the "Start" button that appears in the configuration file
- Open Copilot Chat and select "Agent" from the popup menu
- Access MCP tools by clicking the tools icon to view available MCP servers
- Test connection by asking Copilot to query your JupiterOne data
For detailed instructions, see the GitHub Copilot MCP documentation.
Continue.dev
- Open Continue.dev settings
- Navigate to MCP configuration
- Add configuration based on your chosen method:
Local Server Configuration:
{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}
Remote Server Configuration:
{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
Cline (VS Code Extension)
- Install the Cline extension from VS Code marketplace
- Open VS Code settings (⌘+, on Mac, Ctrl+, on Windows)
- Search for "Cline MCP"
- Add configuration based on your chosen method:
Local Server Configuration:
{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}
Remote Server Configuration:
{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
Windsurf IDE
- Open Windsurf Settings
- Navigate to AI → Model Context Protocol
- Add configuration based on your chosen method:
Local Server Configuration:
{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}
Remote Server Configuration:
{
"mcpServers": {
"jupiterone": {
"url": "https://mcp.us.jupiterone.io/mcp?accountId=your-account-id-here"
}
}
}
- Restart Windsurf
What You Can Do
Ask your AI assistant natural language questions like:
- "Show me all critical vulnerabilities from the last 7 days"
- "Which EC2 instances have public IP addresses?"
- "Create a dashboard tracking my biggest security risks"
- "Find all users with admin privileges"
- "Get active alerts related to unauthorized access"
The MCP server provides 26 tools for querying data, managing alerts and rules, creating dashboards, and monitoring integrations.
Known Limitations
- Limited write operations: Modify and delete actions are restricted for safety
- ChatGPT incompatibility: Does not work with ChatGPT's current MCP specification
The MCP server consumes your JupiterOne API rate limit quota. Each operation counts against your API rate limits. Monitor your usage to avoid hitting limits during critical operations.
FAQ
Data Residency & Processing
The JupiterOne MCP Server runs locally on your machine and acts as a secure bridge between your AI assistant and your JupiterOne account. When a query is made, the MCP server uses your API key to fetch data from JupiterOne’s cloud infrastructure, then passes it back to your assistant. While the server itself does not store or transmit data beyond your machine, retrieved data may be sent to the AI assistant’s LLM provider (e.g., Anthropic or OpenAI) depending on your tool’s configuration. Data never passes through a centralized JupiterOne MCP host, and your usage follows the same data residency principles as standard API access.
LLM Compatibility & Data Handling
The MCP Server integrates with any AI assistant that supports the Model Context Protocol (MCP), including Claude Desktop, Cursor IDE, GitHub Copilot, Continue.dev, and Cline. Once the server is running and configured, your assistant can use natural language to request security data, which is fetched from JupiterOne and passed to the LLM for interpretation. This means data such as asset inventories, vulnerability reports, or alert summaries can be included in AI prompts, depending on what you query. It’s important to treat this as a form of third-party data sharing—ensure your selected assistant has appropriate enterprise security practices in place.
Privacy, Logging & Data Sharing
JupiterOne does not store or inspect MCP interactions beyond standard API behavior. Your API key governs all access, and data is only transmitted in response to your assistant’s specific queries. The MCP server runs on your machine and does not retain data. However, your AI assistant may log conversations or prompts on its own platform, just as it would during typical usage. To manage exposure, review your LLM provider’s data retention and privacy terms, and consider using enterprise or self-hosted models for sensitive environments.
Access Control & Security Enforcement
Data access through the MCP Server is governed entirely by the JupiterOne API key and RBAC configuration you provide. The server inherits all access controls from the user role attached to the key—so AI assistants can only retrieve what your account has permission to access. You can further restrict access by scoping the API key, adjusting user roles, or disabling individual MCP tools. Since the server is installed and run locally, you retain full control over when it runs and what it can access. Turning off the server or removing its configuration from your assistant completely disables AI access.
Rate Limits & Quotas
Every request made through the MCP Server counts against your JupiterOne API rate limit. This includes queries for asset data, alerts, dashboards, or integrations. Frequent use through an AI assistant could impact your rate quota if not monitored. We recommend reviewing your API usage regularly—especially when enabling assistants for broad or high-frequency queries—to avoid service slowdowns.
Deployment, Support & Customer Control
The JupiterOne MCP Server can be deployed either locally on your machine or accessed through JupiterOne's hosted remote server. For local deployment, it runs entirely on your environment with no persistent connections. For remote deployment, it connects securely through OAuth authentication. You can disable it at any time by stopping the local process or removing your AI assistant's MCP configuration. For assistance or onboarding, reach out to your CSM or email support@jupiterone.com.
Getting Started
To start using the JupiterOne MCP Server:
- Choose between local or remote server deployment
- Configure your preferred AI assistant using the instructions above
- Start asking natural language questions about your security data
Support
For technical support or questions, contact your Customer Success Manager or reach out through your standard JupiterOne support channels.