According to the Model Context Protocol blog, the Enterprise-Managed Authorization extension for MCP has reached stable status. The extension eliminates the friction of repeated OAuth logins in enterprise environments by letting organizations centrally manage MCP server access through their existing identity provider. When employees log in once with their corporate account, all the MCP servers their organization has authorized for them connect automatically, based on their groups and roles—no per-app consent screens, no manual setup. The old model required employees to individually authorize each MCP server, with no way for security teams to enforce consistent policy or prevent accidental blending of personal and work accounts. EMA solves this: admins control access centrally, users get a seamless zero-touch experience, and security teams get a single audit trail. The protocol uses OAuth's Identity Assertion JWT Authorization Grant, channeled through trusted identity providers like Okta. Early adoption is strong—Anthropic has integrated it into Claude and Claude Code; Visual Studio Code has added native support; and servers including Figma, Linear, Asana, Atlassian, Canva, and Supabase now support it, with Slack and others in progress.

Listen to this story

Hear this and more stories in a personalized audio briefing.

Open The Chonkerton