JumpCloud MCP. Audit access control and manage user identities.
JumpCloud MCP connects your AI client directly to an enterprise-grade directory service for managing users and systems. Your agent can check account details, audit group memberships, view all connected applications, or list managed hardware across your organization.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
Retrieve specific account metadata, group memberships, and security settings for individual users.
List all corporate systems managed by JumpCloud to audit hardware inventory and device compliance.
View defined security policies, like disk encryption requirements or firewall rules, across the entire fleet.
List all user groups and system groups to map out your organizational access control model.
Audit which SaaS applications are integrated into the directory via Single Sign-On (SSO).
Ask an AI about this
Waiting for input…
What AI agents can do with JumpCloud: 10 Tools for Directory Management
These tools let your agent check everything from individual user details and group structures to overall security policies across your connected network.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using JumpCloud MCPGet User
Retrieves detailed account metadata, group memberships, and security settings for a specific user.
List Applications
Lists all configured SSO applications used to control software access.
List Commands
Shows saved management commands that can be run for automation auditing.
List Directories
Lists all configured identity sources, such as LDAP or Google directories.
List Networks
Shows details about all RADIUS networks used for WiFi and VPN authentication.
List Policies
Lists current system security policies, such as disk encryption or firewall rules.
List System Groups
Shows predefined organizational groupings for devices, like 'Employee Laptops'.
List Systems
Returns hostnames and IDs of all company hardware managed by JumpCloud.
List User Groups
Lists the defined user groups, helping map out organizational access control...
List Users
Provides a list of all users in JumpCloud, acting as the primary point for identity...
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The JumpCloud integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with JumpCloud, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by JumpCloud. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Tracking down who has access to what used to take half a day.
Right now, checking user permissions means logging into the directory console, pulling reports of users, then switching over to the device management portal. You have to cross-reference group names against policy lists and manually check if every system is reporting its compliance status—it's a mess of clicks and copy-pasting.
With this MCP, your agent handles the complexity. It pulls data from identity sources like LDAP or AD directly into one feed. You just ask: 'Who can access the financial server?' And you get an instant report combining user IDs, group membership, and system compliance status.
JumpCloud MCP Gives You Real-Time Access Visibility
The manual steps that vanish are the need to switch between identity consoles, cross-reference `list_user_groups` with `list_system_groups`, and then validate against security policies found in `list_policies`. All of this is consolidated into a single data flow.
Now, instead of spending hours correlating data points across multiple dashboards, you ask your agent one question and get the definitive answer. It's that simple.
What JumpCloud MCP does for your AI
Need to know who has access to what? This MCP gives your AI client the full picture of your company's digital identity landscape. It lets you query user records and system groups without logging into a dozen different dashboards. Your agent can check account metadata, track which applications are connected via SSO, or list every managed device in your network.
JumpCloud handles everything from directory configurations to security policies, providing all that data through one open standard connection. Whether you're running compliance checks or just onboarding a new team, this MCP lets you automate IT administration tasks right where you work. By connecting this MCP through Vinkius, you give any compatible AI client direct access to core identity services.
019d75be-62ed-73bb-999e-ce3798b669d5 
How to set up JumpCloud MCP
The bottom line is you get a single API endpoint that lets your AI client read and audit identity information across your entire infrastructure.
Your agent uses your AI client to authorize access to JumpCloud through Vinkius.
The agent calls a specific tool, such as list_users or list_policies, passing necessary parameters (e.g., 'all' users, 'disk encryption' policy).
JumpCloud executes the request and sends back structured data—like user IDs, group lists, or application names—which your agent uses to generate a final report.
Who uses JumpCloud MCP
This MCP is for the SecOps engineer who needs to prove compliance quickly, or the IT administrator tired of manually checking user permissions. If your job involves auditing access control or managing large fleets of devices, this tool saves hours of clicking through disparate consoles.
They use it to audit system security policies and check group memberships to ensure that only authorized personnel have access to sensitive resources.
They rely on this MCP to track managed systems, list user accounts, and confirm the status of directory configurations across all departments.
They use it to generate reports listing configured directories and applications, proving that access control policies are uniformly applied company-wide.
Benefits of connecting JumpCloud MCP
Instead of clicking through multiple portals, your agent can instantly run list_users to get a complete roster of accounts for auditing purposes.
You gain immediate visibility into compliance status. Running the list_policies tool shows every security rule defined on your fleet, making audits simple.
The MCP helps you track hardware and device compliance by running list_systems, giving you an accurate inventory without manual checks.
Mapping access is faster than ever. You can use list_user_groups combined with list_system_groups to understand exactly who belongs where.
It streamlines auditing connected services. Using list_applications quickly shows which third-party SaaS tools require SSO credentials.
JumpCloud MCP use cases
Investigating unauthorized access post-offboarding
The HR team asks, 'Who still has access to the main network?' Your agent uses list_users and then calls get_user for specific accounts. It reports on group memberships and security settings, allowing you to confirm exactly which credentials need disabling.
Preparing for a PCI compliance audit
A consultant needs proof that all sensitive data endpoints are encrypted. Your agent runs list_policies to retrieve details on mandatory disk encryption and then uses list_systems to confirm which managed devices adhere to the rule.
Mapping a new department's permissions
A manager needs to know what access rights are assigned to their new team. Your agent first runs list_user_groups and then uses this information alongside list_directories to show the organizational structure and its linked identity sources.
Auditing network entry points
The security team suspects a weakness in remote access. Your agent runs list_networks to see all RADIUS authentication settings, then uses list_applications to check which services rely on SSO for connection.
JumpCloud MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Trying to manage users via ticketing system
An agent finds a user account needs deactivation and drafts a ticket. The process stalls because the service desk agent has to manually log into JumpCloud, find the ID, and click 'Deactivate'.
Instead of creating tickets, use your MCP. Your agent can call get_user to confirm credentials and then execute the necessary action directly against the directory via the AI client.
Only auditing one type of access
The team only checks user groups but misses that a policy change requires updating device-specific settings. They assume group membership is enough.
Don't stop at list_user_groups. Always check compliance by calling list_policies and cross-reference the results with list_system_groups to ensure policies apply correctly.
Ignoring device inventory gaps
The security team runs an access audit but doesn't know which physical devices haven't been provisioned or are running old OS versions.
Before auditing access, run list_systems first. This gives you the full list of managed hardware and their current OS status, letting you focus your policy checks.
When to use JumpCloud MCP
Use this MCP if your primary job is directory management, identity auditing, or compliance reporting across a large technical environment. You need to know who has access to what, and whether that setup follows defined security policies. This tool excels when you must correlate user identities with system health (e.g., 'Does User X on Device Y have Policy Z applied?').
Don't use this if your pain point is purely ticketing or incident response; you need a dedicated ITSM platform for that. Also, if your problem involves complex data transformation or business logic outside of identity management, you might be better off using a general-purpose workflow automation tool instead of relying solely on list_users and group lookups.
Frequently asked questions about JumpCloud MCP
How does JumpCloud MCP help with user deactivation? +
You use get_user to retrieve full account metadata, confirming current group memberships and security settings before initiating any changes. This ensures you deactivate the right access points.
Can I audit all my connected SaaS apps with JumpCloud MCP? +
Yes, calling list_applications provides a comprehensive inventory of every Single Sign-On (SSO) application integrated into your directory. This is crucial for security audits.
What if I need to check device compliance? Use JumpCloud MCP. +
Run list_systems to get a list of all managed hardware IDs and hostnames. You can then cross-reference this with list_policies to confirm which systems meet required security standards.
Does JumpCloud MCP handle directory mapping? +
The tool is built for it. By using list_directories, you can see all configured identity sources, whether they are LDAP, AD, or Google-based.
Which tools list user accounts in JumpCloud MCP? +
list_users provides the primary roster of users. For deeper checks on a single person, use get_user to see their specific group memberships and security settings.