# JumpCloud MCP

> JumpCloud MCP connects your AI client directly to an enterprise-grade directory service for managing users and systems. Your agent can check account details, audit group memberships, view all connected applications, or list managed hardware across your organization.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** directory-services, sso, user-management, it-administration, access-control

## Description

Need to know who has access to what? This MCP gives your AI client the full picture of your company's digital identity landscape. It lets you query user records and system groups without logging into a dozen different dashboards. Your agent can check account metadata, track which applications are connected via SSO, or list every managed device in your network. JumpCloud handles everything from directory configurations to security policies, providing all that data through one open standard connection. Whether you're running compliance checks or just onboarding a new team, this MCP lets you automate IT administration tasks right where you work. By connecting this MCP through Vinkius, you give any compatible AI client direct access to core identity services.

## Tools

### get_user
Retrieves detailed account metadata, group memberships, and security settings for a specific user.

### list_applications
Lists all configured SSO applications used to control software access.

### list_commands
Shows saved management commands that can be run for automation auditing.

### list_directories
Lists all configured identity sources, such as LDAP or Google directories.

### list_networks
Shows details about all RADIUS networks used for WiFi and VPN authentication.

### list_policies
Lists current system security policies, such as disk encryption or firewall rules.

### list_system_groups
Shows predefined organizational groupings for devices, like 'Employee Laptops'.

### list_systems
Returns hostnames and IDs of all company hardware managed by JumpCloud.

### list_user_groups
Lists the defined user groups, helping map out organizational access control structures.

### list_users
Provides a list of all users in JumpCloud, acting as the primary point for identity auditing.

## Prompt Examples

**Prompt:** 
```
List all users in my JumpCloud directory.
```

**Response:** 
```
I'll fetch the complete list of users from your JumpCloud account.
```

**Prompt:** 
```
Show me the managed systems currently active.
```

**Response:** 
```
I'll retrieve the list of systems managed by JumpCloud for you.
```

**Prompt:** 
```
Check the user groups in my organization.
```

**Response:** 
```
I'll look up the list of configured user groups in your account.
```

## Capabilities

### Check User Identity Details
Retrieve specific account metadata, group memberships, and security settings for individual users.

### Audit System Hardware Status
List all corporate systems managed by JumpCloud to audit hardware inventory and device compliance.

### Map Access Policies
View defined security policies, like disk encryption requirements or firewall rules, across the entire fleet.

### Verify Organizational Structure
List all user groups and system groups to map out your organizational access control model.

### Review Connected Services
Audit which SaaS applications are integrated into the directory via Single Sign-On (SSO).

## Use Cases

### Investigating unauthorized access post-offboarding
The HR team asks, 'Who still has access to the main network?' Your agent uses `list_users` and then calls `get_user` for specific accounts. It reports on group memberships and security settings, allowing you to confirm exactly which credentials need disabling.

### Preparing for a PCI compliance audit
A consultant needs proof that all sensitive data endpoints are encrypted. Your agent runs `list_policies` to retrieve details on mandatory disk encryption and then uses `list_systems` to confirm which managed devices adhere to the rule.

### Mapping a new department's permissions
A manager needs to know what access rights are assigned to their new team. Your agent first runs `list_user_groups` and then uses this information alongside `list_directories` to show the organizational structure and its linked identity sources.

### Auditing network entry points
The security team suspects a weakness in remote access. Your agent runs `list_networks` to see all RADIUS authentication settings, then uses `list_applications` to check which services rely on SSO for connection.

## Benefits

- Instead of clicking through multiple portals, your agent can instantly run `list_users` to get a complete roster of accounts for auditing purposes.
- You gain immediate visibility into compliance status. Running the `list_policies` tool shows every security rule defined on your fleet, making audits simple.
- The MCP helps you track hardware and device compliance by running `list_systems`, giving you an accurate inventory without manual checks.
- Mapping access is faster than ever. You can use `list_user_groups` combined with `list_system_groups` to understand exactly who belongs where.
- It streamlines auditing connected services. Using `list_applications` quickly shows which third-party SaaS tools require SSO credentials.

## How It Works

The bottom line is you get a single API endpoint that lets your AI client read and audit identity information across your entire infrastructure.

1. Your agent uses your AI client to authorize access to JumpCloud through Vinkius.
2. The agent calls a specific tool, such as `list_users` or `list_policies`, passing necessary parameters (e.g., 'all' users, 'disk encryption' policy).
3. JumpCloud executes the request and sends back structured data—like user IDs, group lists, or application names—which your agent uses to generate a final report.

## Frequently Asked Questions

**How does JumpCloud MCP help with user deactivation?**
You use `get_user` to retrieve full account metadata, confirming current group memberships and security settings before initiating any changes. This ensures you deactivate the right access points.

**Can I audit all my connected SaaS apps with JumpCloud MCP?**
Yes, calling `list_applications` provides a comprehensive inventory of every Single Sign-On (SSO) application integrated into your directory. This is crucial for security audits.

**What if I need to check device compliance? Use JumpCloud MCP.**
Run `list_systems` to get a list of all managed hardware IDs and hostnames. You can then cross-reference this with `list_policies` to confirm which systems meet required security standards.

**Does JumpCloud MCP handle directory mapping?**
The tool is built for it. By using `list_directories`, you can see all configured identity sources, whether they are LDAP, AD, or Google-based.

**Which tools list user accounts in JumpCloud MCP?**
`list_users` provides the primary roster of users. For deeper checks on a single person, use `get_user` to see their specific group memberships and security settings.