Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View all use cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

JumpCloud MCP Server
for AI Agents

Production-ready JumpCloud MCP server with 53 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
JumpCloud logo
JumpCloud MCP Server
Built by StackOne StackOne

Coverage

53 Agent Actions

Create, read, update, and delete across JumpCloud — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your JumpCloud MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every JumpCloud tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every JumpCloud call.

Tools Discovery →

What is the JumpCloud MCP Server?

A JumpCloud MCP server lets AI agents read and write JumpCloud data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's JumpCloud MCP server ships with 53 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All JumpCloud MCP Tools and Actions

Every action from JumpCloud's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

System Users

  • Create System User

    Create a new system user with profile details and access settings via POST /systemusers

  • List System Users

    Retrieve a paginated list of all system users (end users) in the organization via GET /systemusers

  • Get System User

    Retrieve full profile details for a specific system user by their unique ID via GET /systemusers/{id}

  • Update System User

    Update an existing system user's profile and access settings via PUT /systemusers/{id}

  • Delete System User

    Permanently delete a system user and revoke all their access via DELETE /systemusers/{id}

User Groups

  • Create User Group

    Create a new user group for organizing users and managing bulk access via POST /v2/usergroups

  • List User Groups

    Retrieve a paginated list of all user groups in the organization via GET /v2/usergroups

  • Get User Group

    Retrieve full details for a specific user group by its unique ID via GET /v2/usergroups/{id}

  • Update User Group

    Partially update an existing user group's attributes via PATCH /v2/usergroups/{id}

  • Delete User Group

    Permanently delete a user group and remove all its memberships and associations via DELETE /v2/usergroups/{id}

Policies

  • List Policies

    Retrieve a paginated list of all device policies configured in the organization via GET /v2/policies

Policys

  • Create Policy

    Create a new device policy from a template with configuration values via POST /v2/policies

  • Get Policy

    Retrieve full details for a specific device policy by its ObjectID via GET /v2/policies/{id}

  • Update Policy

    Fully replace an existing device policy's name, notes, and configuration values via PUT /v2/policies/{id}

  • Delete Policy

    Permanently delete a device policy and unbind it from all associated systems via DELETE /v2/policies/{id}

LDAP Servers

  • List LDAP Servers

    Retrieve a paginated list of all Cloud LDAP server configurations in the organization via GET /v2/ldapservers

  • Get LDAP Server

    Retrieve full details for a specific Cloud LDAP server by its unique ID via GET /v2/ldapservers/{id}

  • Update LDAP Server

    Partially update a Cloud LDAP server's name and user action settings via PATCH /v2/ldapservers/{id}

IP Lists

  • Create IP List

    Create a new IP address list for use in conditional access policies via POST /v2/iplists

  • List IP Lists

    Retrieve a paginated list of all IP address lists configured for conditional access via GET /v2/iplists

  • Get IP List

    Retrieve full details for a specific IP address list by its unique ID via GET /v2/iplists/{id}

  • Update IP List

    Partially update an existing IP address list's name, description, or IP entries via PATCH /v2/iplists/{id}

  • Delete IP List

    Permanently delete an IP address list and affect any referencing conditional access policies via DELETE /v2/iplists/{id}

Software Apps

  • Create Software App

    Create a new managed software application configuration for deployment via POST /v2/softwareapps

  • List Software Apps

    Retrieve a paginated list of all managed software applications in the organization via GET /v2/softwareapps

  • Get Software App

    Retrieve full details for a specific managed software application by its unique ID via GET /v2/softwareapps/{id}

  • Update Software App

    Fully replace a software application's display name and settings via PUT /v2/softwareapps/{id}

  • Delete Software App

    Permanently delete a software application configuration and unmanage it on all systems via DELETE /v2/softwareapps/{id}

Systems

  • List Systems

    Retrieve a paginated list of all managed systems (devices) in the organization via GET /systems

  • Get System

    Retrieve full details for a specific managed system by its unique ID via GET /systems/{id}

  • Update System

    Update a system's display name, SSH settings, MFA configuration, and tags via PUT /systems/{id}

  • Delete System

    Remove a system from JumpCloud management and trigger agent uninstall via DELETE /systems/{id}

System Groups

  • Create System Group

    Create a new system group for organizing devices and managing bulk configurations via POST /v2/systemgroups

  • List System Groups

    Retrieve a paginated list of all system (device) groups in the organization via GET /v2/systemgroups

  • Get System Group

    Retrieve full details for a specific system group by its unique ID via GET /v2/systemgroups/{id}

  • Update System Group

    Fully replace a system group's configuration via PUT /v2/systemgroups/{id}

  • Delete System Group

    Permanently delete a system group and remove all its memberships and associations via DELETE /v2/systemgroups/{id}

Applications

  • Create Application

    Create a new SSO/SAML application with SAML configuration via POST /applications

  • List Applications

    Retrieve a paginated list of all SSO/SAML applications configured in the organization via GET /applications

  • Get Application

    Retrieve full details for a specific SSO/SAML application by its unique ID via GET /applications/{id}

  • Update Application

    Fully replace an existing SSO/SAML application's configuration via PUT /applications/{id}

  • Delete Application

    Permanently delete an SSO/SAML application and remove all user access via DELETE /applications/{id}

Commands

  • Create Command

    Create a new command with script content and execution settings via POST /commands

  • List Commands

    Retrieve a paginated list of all commands configured in the organization via GET /commands

  • Get Command

    Retrieve full details for a specific command by its unique ID via GET /commands/{id}

  • Update Command

    Fully replace an existing command's configuration via PUT /commands/{id}

  • Delete Command

    Permanently delete a command and cancel all its scheduled executions via DELETE /commands/{id}

Command Results

  • Get Command Results

    Retrieve paginated execution results for a specific command via GET /commands/{id}/results

Command Files

  • Get Command Files

    Retrieve uploaded files attached to a command via GET /files/command/{id}

Run Commands

  • Run Command

    Trigger immediate execution of a command on specified or all bound systems via POST /runCommand

Organizations

  • List Organizations

    Retrieve a paginated list of all organizations accessible to the current API key via GET /organizations

  • Get Organization

    Retrieve full details for a specific organization by its unique ID via GET /organizations/{id}

  • Update Organization

    Update an organization's settings, policies, and feature configuration via PUT /organizations/{id}

Set Up Your JumpCloud MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to JumpCloud in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

More Security MCP Servers

Cloudflare

137+ actions

OneLogin

109+ actions

Sentinel XS

69+ actions

Microsoft Entra ID

67+ actions

Drata

57+ actions

Rippling

37+ actions

Okta

32+ actions

All Security MCP Servers →

JumpCloud MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

JumpCloud MCP Server FAQ

JumpCloud MCP server vs direct API integration — what's the difference?
A JumpCloud MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling JumpCloud. A JumpCloud MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling JumpCloud at runtime. StackOne provides both.
How does JumpCloud authentication work for AI agents?
JumpCloud authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own JumpCloud account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are JumpCloud MCP tools vulnerable to prompt injection?
Yes — JumpCloud MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a JumpCloud agent and how do I avoid it?
Context bloat happens when JumpCloud tool schemas and API responses eat your JumpCloud agent's memory, preventing it from reasoning effectively. A single JumpCloud query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my JumpCloud agent can access?
Yes — you can limit which actions your JumpCloud agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my JumpCloud MCP server?
Yes — you can create custom agent actions for your JumpCloud MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research JumpCloud's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a JumpCloud MCP server?
Skip a JumpCloud MCP server if your integration is purely software-to-software — direct JumpCloud API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call JumpCloud actions at runtime.
What AI frameworks and AI clients does the StackOne JumpCloud MCP server support?
The StackOne JumpCloud MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo