Zscaler Digital Experience MCP server
Zscaler Digital Experience (ZDX) provides end-to-end visibility into user experience across devices, networks, and applications. An MCP server for ZDX allows AI agents to monitor performance, detect issues before they impact productivity, and generate insights about user experience and network health without needing direct portal access.
Setting up an MCP server
This article covers the standard steps for creating an MCP server in AI Gateway and connecting it to an AI client. The steps are the same for every integration — application-specific details (API credentials, OAuth endpoints, and scopes) are covered in the individual application pages.
Before you begin
You'll need:
- Access to AI Gateway with permission to create MCP servers
- API credentials for the application you're connecting (see the relevant application page for what to collect)
Create an MCP server
Find the API in the catalog
- Sign in to AI Gateway and select MCP Servers from the left navigation.
- Select New MCP Server.
- Search for the application you want to connect, then select it from the catalog.
Configure the server
- Enter a Name for your server — something descriptive that identifies both the application and its purpose (for example, "Zendesk Support — Prod").
- Enter a Description so your team knows what the server is for.
- Set the Timeout value. 30 seconds works for most APIs; increase to 60 seconds for APIs that return large payloads.
- Toggle Production mode on if this server will be used in a live workflow.
- Select Next.
Configure authentication
Enter the authentication details for the application. This varies by service — see the Authentication section of the relevant application page for the specific credentials, OAuth URLs, and scopes to use.
Configure security
- Set any Rate limits appropriate for your use case and the API's own limits.
- Enable Logging if you want AI Gateway to record requests and responses for auditing.
- Select Next.
Deploy
Review the summary, then select Deploy. AI Gateway provisions the server and provides a server URL you'll use when configuring your AI client.
Connect to an AI client
Once your server is deployed, you'll need to add it to the AI client your team uses. Select your client for setup instructions:
Tips
- You can create multiple MCP servers for the same application — for example, a read-only server for reporting agents and a read-write server for automation workflows.
- If you're unsure which OAuth scopes to request, start with the minimum read-only set and add write scopes only when needed. Most application pages include scope recommendations.
- You can edit a server's name, description, timeout, and security settings after deployment without redeploying.
Authentication
Zscaler ZDX uses OAuth 2.0 with client credentials flow. The base URL is https://api.zdx.zscaler.com and the token endpoint is https://api.zdx.zscaler.com/v1/oauth/token. Generate API credentials from Administration > API Management in the ZDX admin portal, then note your cloud instance. The credentials are used to obtain OAuth tokens for authenticating API requests.
Available tools
The tools enable user experience monitoring, device health tracking, network path analysis, application performance monitoring, and reporting. They help you identify performance issues, track user productivity impact, optimize application delivery, and ensure SLA compliance.
| Tool | Description |
|---|---|
| Experience Scores | Show user experience scores, find users with poor experience, track trends, compare departments |
| Performance Metrics | Monitor application latency, check network performance, measure page load times, track response times |
| Issue Detection | Identify performance problems, find degraded services, detect anomalies, show critical alerts |
| System Metrics | Check CPU utilization, monitor memory usage, track disk space, measure battery health |
| Application Impact | Find resource-heavy apps, monitor crashes, track startup times, identify conflicts |
| Device Inventory | List monitored devices, show device details, track OS versions, monitor patch levels |
| Network Path Analysis | Trace paths to cloud providers, show hop-by-hop latency, identify bottlenecks, monitor packet loss |
| ISP Performance | Compare ISP performance, track outages, monitor bandwidth, analyze jitter |
| CloudPath Insights | Monitor cloud provider performance, track AWS connectivity, analyze Azure paths, compare regions |
| SaaS Monitoring | Monitor Office 365, Salesforce, Zoom, Teams and other SaaS applications |
| Web Application Monitoring | Monitor internal apps, track page load times, analyze API calls, measure transaction times |
| Alert Configuration | Set performance thresholds, create score alerts, configure escalations, define conditions |
| Alert Management | Show active alerts, acknowledge issues, track resolution, analyze patterns |
| Root Cause Analysis | Diagnose slow performance, identify root causes, correlate issues, suggest remediation |
| Impact Analysis | Show affected users, calculate business impact, track duration, measure productivity loss |
| Performance Reports | Generate SLA reports, create executive dashboards, build trend analysis, export metrics |
Tips
Set alert thresholds based on baseline performance rather than arbitrary numbers to avoid alert fatigue.
Establish performance baselines during normal operations so you can quickly detect deviations and anomalies.
Use root cause analysis correlations to identify whether performance issues originate from network, device, application, or cloud provider problems.
Speed up resolution by pinpointing whether problems stem from network, device, application, or cloud provider issues.
Cequence AI Gateway