Model Context Protocol adds enterprise identity control
The stable EMA extension replaces per-server consent prompts with centralized authorization through corporate identity providers.

Enterprise identity takes over MCP server access
The Model Context Protocol team has moved its Enterprise-Managed Authorization extension to stable status, introducing a centralized approach for organizations to manage which employees can access which MCP servers. The extension routes authorization decisions through corporate identity providers instead of requiring users to approve each server connection individually.
According to the launch announcement, the change addresses a persistent friction point in enterprise MCP deployments. The original model required users to grant consent for each server they connected to—a pattern that created manual onboarding overhead, made policy enforcement difficult, and blurred boundaries between personal and work accounts. The new extension replaces that flow with a single sign-in experience where users inherit access to servers their organization has already approved.
How the authorization flow works
The extension uses an Identity Assertion JWT Authorization Grant, or ID-JAG, which the MCP server's authorization server exchanges for an access token. This architecture separates identity policy from the tool call itself. The enterprise-managed layer determines whether a user can connect a client to a server and at what scope, but it does not inspect MCP traffic after the token is issued.
The MCP team explicitly notes this is not runtime authorization for individual actions. Organizations still need their own controls for what happens once an agent is inside a system. The extension handles connection-level control, not per-action policy enforcement for sensitive runtime decisions.
Adoption and ecosystem support
Anthropic, Microsoft, and Okta have adopted the extension, with Okta serving as the first identity provider to support the protocol through its Cross App Access approach. Anthropic has implemented support across its shared MCP layer for Claude, Claude Code, and Cowork. Visual Studio Code has added support in the IDE.
On the server side, Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase now support EMA, with Slack and others in progress. The breadth of early adopters suggests the project is positioning centralized enterprise auth as a default rather than a special integration.
Why it matters
This extension removes a major operational barrier to enterprise adoption of MCP. For organizations deploying AI assistants that need to connect to internal tools, the shift from per-user, per-server consent to centralized identity control reduces friction and gives security teams a unified control plane. The move also reflects how MCP is being used in practice—not as a consumer tool but as enterprise infrastructure that needs to integrate with existing identity and access management systems. The current rollout is partial, since both the identity provider and the MCP server must support the extension, but the early ecosystem alignment indicates momentum.
Details were first reported by InfoQ in the Model Context Protocol blog announcement.
This is an original analysis by the Omega editorial team. Source reporting: AI Watch.
Want systems like this working for your business?
Book a Call