JumpCloud MCP. Audit every user account and access policy in your directory.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
JumpCloud MCP Server handles user identity, system inventory, and access control for complex IT environments. Use it to list every user, group, system, and configured policy within your directory.
Your agent can audit who has access to what, view managed devices, and check all SSO apps—all from a single conversation.
It’s the central point for automating IT compliance checks.
What your AI agents can do
Get user
Retrieves detailed account metadata, group memberships, and security settings for a single specified user.
List applications
Lists every configured SSO application integrated with the directory.
List commands
Shows all saved management commands that can be run for repeatable tasks.
Retrieves a complete list of user accounts and the detailed metadata for any specific user.
Lists all user groups and system groups, allowing you to understand organizational structure and device cohorts.
Lists all systems managed by JumpCloud, providing hostnames, IDs, and OS versions for hardware compliance checks.
Lists security policies and tracks all integrated SSO applications to check for potential access gaps.
Lists all configured identity sources and network settings (LDAP, RADIUS) for infrastructure health checks.
Allows the agent to review saved management commands for repeatable automation tasks.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
JumpCloud MCP Server: 10 Tools for IT Audit
Run detailed audits on user accounts, security policies, system inventory, and directory settings using these 10 tools.
019d75beget user
Retrieves detailed account metadata, group memberships, and security settings for a single specified user.
019d75belist applications
Lists every configured SSO application integrated with the directory.
019d75belist commands
Shows all saved management commands that can be run for repeatable tasks.
019d75belist directories
Lists all configured identity sources like LDAP, AD, or Google.
019d75belist networks
Lists all RADIUS networks, which controls WiFi and VPN authentication settings.
019d75belist policies
Lists all system security policies defined, such as Disk Encryption or Firewall rules.
019d75belist system groups
Lists all device cohorts (e.g., 'Employee Laptops') used for policy application.
019d75belist systems
Lists all managed endpoints, providing hostnames, IDs, and OS versions for hardware audits.
019d75belist user groups
Lists all defined user groups (e.g., 'Marketing', 'Developers') used for access control.
019d75belist users
Lists all user accounts in JumpCloud, showing usernames, IDs, and current account status.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with JumpCloud, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
JumpCloud MCP Server - Audit Users and Access
Your agent handles user identity, system inventory, and access control for your whole IT setup. You can list every user, group, system, and configured policy in your directory. Your agent audits who has access to what, views managed devices, and checks every SSO app—all from one conversation. It's the central spot for automating IT compliance checks.
Audit User Identity
Your agent uses list_users to pull a full roster of every user account. It uses get_user to grab detailed account metadata, group memberships, and security settings for any specific user.
Map Group Relationships
It uses list_user_groups to show all defined user groups, like 'Marketing' or 'Developers.' You can see all device cohorts with list_system_groups.
Inventory Managed Assets
list_systems lists every managed endpoint, giving you hostnames, IDs, and OS versions for hardware audits. You can check your directory infrastructure with list_directories to see all configured identity sources, like LDAP, AD, or Google.
Review Access Control
list_policies shows all system security policies defined, such as Disk Encryption or Firewall rules. You can track integrated SSO apps using list_applications to check for potential access gaps. You also check all RADIUS and VPN authentication settings with list_networks.
Execute Directory Commands
Your agent can review saved management commands with list_commands, letting you run repeatable automation tasks.
How JumpCloud MCP Works
- 1 Tell your agent the specific audit goal (e.g., 'Find all users in the 'Developers' group').
- 2 The agent calls
list_usersandlist_user_groupsto gather the necessary identity data. - 3 The agent synthesizes the combined data to give you a report showing which users belong to which groups.
The bottom line is that your agent gets a unified view of who can access what, across your entire directory.
Who Is JumpCloud MCP For?
Security Admins, IT Operations Engineers, and Compliance Officers need this. These are the people who wake up at 2 AM because an auditor asked for a report on user access or who hasn't updated their laptop since 2018. They need to audit vast, complex environments quickly without clicking through a dozen dashboards. They need a single source of truth.
Uses list_policies and list_applications to verify that all required security controls are active and that no unauthorized SaaS apps are integrated.
Uses list_systems and list_networks to build an inventory of all managed endpoints and verify that VPN/WiFi access settings are correct.
Uses list_users and list_user_groups to generate audit logs proving that only authorized personnel hold specific access rights.
What Changes When You Connect
- See every user account with
list_users. You get usernames, IDs, and status—a full identity roster instantly. - Audit device compliance by running
list_systems. You get a list of all managed devices, including their OS versions, making hardware audits simple. - Understand access control by listing policies with
list_policies. You see every rule (like encryption or firewall settings) applied across the fleet. - Check your network perimeter using
list_networks. You instantly see all configured RADIUS networks for WiFi and VPN authentication. - Map organizational structure using
list_user_groupsandlist_system_groups. This tells you exactly how users and devices are segmented for policies. - Verify identity sources with
list_directories. This tool shows you every configured directory (LDAP, AD, etc.), keeping your identity infrastructure visible.
Real-World Use Cases
User Offboarding Audit
An employee leaves. You need to prove their access was revoked. Your agent calls get_user to check the individual's status, then runs list_user_groups to confirm group membership removal, and finally uses list_policies to verify no residual access rules remain.
Compliance Check for Encryption
The auditor requires proof that all corporate laptops are encrypted. Your agent runs list_systems to get the device list, then calls list_policies to confirm that the 'Disk Encryption' policy is active and applied to the correct system groups.
SaaS Access Review
The security team suspects unauthorized app integration. Your agent calls list_applications to list every SSO app and then uses list_users to verify which accounts are tied to which applications, flagging potential risks.
Network Topology Audit
The network team suspects a rogue WiFi network. Your agent calls list_networks to list all authorized RADIUS networks and then uses list_directories to confirm which identity source controls that network.
The Tradeoffs
Trying to find all user access rights.
Manually checking the user portal, then running reports on the AD console, and then checking the SSO dashboard. This takes hours and misses edge cases.
→
Let your agent run list_users and list_user_groups first. Then, call get_user on key accounts. Finally, check list_policies and list_applications to get one view of all access points.
Assuming a group membership is enough.
Seeing that a user is in the 'Developers' group and assuming they have access to the code repository. This ignores actual policy enforcement.
→
You must run get_user to check the specific user's security settings. Then, cross-reference that data with list_policies to confirm the policy actually grants the needed access.
Missing the scope of managed hardware.
Only checking the list of users, and forgetting to check the endpoint compliance. You miss unmanaged, non-compliant machines.
→
Always start by calling list_systems to get the full inventory. Then, use list_system_groups to see which policies apply to those machines.
When It Fits, When It Doesn't
Use this MCP Server if your primary task is auditing, reporting, or gathering a comprehensive state snapshot of your IT identity infrastructure. You need to answer questions like: 'Who has access to X?' or 'Is Y policy applied everywhere?' Since all tools are read-only, this is an excellent compliance plane. Don't use it if you need to make changes—like resetting a password or revoking a group membership. For active remediation (write operations), you'll need a different toolset. However, if you just need to gather data to inform a manual change, this tool is unmatched.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by JumpCloud. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Auditing directory access used to mean clicking through five different consoles.
Today, figuring out who can access a resource means jumping between the AD console, the SSO dashboard, and the endpoint management portal. You check user group memberships in one place, then verify the corresponding policy in another, and finally cross-reference that against the list of managed devices. It's slow, and you always doubt if you missed a tab.
With this MCP Server, you ask your agent to audit access. It coordinates calls like `list_users`, `list_user_groups`, and `list_policies` automatically. You get a single, structured output that tells you exactly what's configured—no context switching required.
JumpCloud MCP Server: Get a full view of your managed assets.
Manually checking compliance involves running reports on the system management dashboard, then exporting that list, and finally comparing the hostname against the master inventory spreadsheet. It's a lot of copy-pasting and manual reconciliation.
Now, running `list_systems` gets you the full inventory—hostnames, IDs, and OS versions—in a clean data structure. You know the state of every machine the second the agent finishes.
Common Questions About JumpCloud MCP
How do I find out if a specific user has the right permissions using the `get_user` tool? +
The get_user tool pulls all metadata, group memberships, and security settings for that user. This output lets you see their current permissions without needing to check multiple consoles.
Can I check all the apps connected to my domain using `list_applications`? +
Yes. list_applications lists every configured SSO application, giving you a complete audit of which third-party services are integrated with your directory.
What does `list_policies` show me? +
list_policies shows all system-wide security rules, like disk encryption or firewall rules. This is essential for verifying compliance across your entire fleet.
How do I list all managed computers with `list_systems`? +
list_systems returns a list of every managed endpoint, including its hostname, ID, and OS version. It’s the core tool for hardware inventory.
Is `list_user_groups` the same as `list_system_groups`? +
No. list_user_groups lists groups for people (like Marketing). list_system_groups lists groups for devices (like Production Servers). They track different things.
How can I use `list_directories` to audit all identity sources I've connected? +
It lists every configured identity source. You'll see if you've connected LDAP, AD, Google, or other directories that manage user identities.
What information does `get_user` provide about a user's group memberships? +
It details a user's current group memberships. This lets you verify if a user belongs to the correct organizational groups before running other changes.
If I want to see all the active RADIUS networks, should I use `list_networks`? +
Yes, list_networks retrieves all configured RADIUS networks. This is essential for auditing which WiFi or VPN authentication settings are in place.
How do I get JumpCloud API credentials? +
Log in to your JumpCloud Admin Console, navigate to Settings > API Settings, and copy your API Key.
Which API versions are used? +
This MCP utilizes both JumpCloud API v1 and v2 endpoints to provide comprehensive coverage of users, groups, and systems.
Can I see managed systems? +
Yes, the list_systems tool allows you to retrieve a list of all devices currently managed by your JumpCloud account.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Datadog Cloud SIEM
Manage cloud security via Datadog — search security signals, triage alerts, and audit detection rules directly from any AI agent.
Persona
Manage identity verification workflows via Persona — handle inquiries, manage accounts, and inspect verifications directly from your AI agent.
Permit.io
Orchestrate full-stack authorization, manage RBAC/ReBAC policies, and evaluate permissions in real-time via Permit.io.
You might also like
Evvnt Marketing & Distribution
Equip your AI agent to manage events, track syndication reports, and monitor distribution via the Evvnt API.
Clash Royale Tactical Intelligence
The definitive server for Clash Royale — track chest rotations, analyze battle decks, and monitor clan wars via AI.
KlickTipp
Grow your German-speaking audience with tag-based email marketing that segments subscribers by behavior and interest.