MCP's Enterprise Authorization extension goes stable, with Okta as first identity provider
The Enterprise-Managed Authorization extension to the Model Context Protocol reached stable status June 18, replacing per-user OAuth consent with an IdP-mediated silent token exchange. Anthropic, Microsoft VS Code, and seven MCP servers shipped support at launch.
The Model Context Protocol’s Enterprise-Managed Authorization extension reached stable status on June 18, 2026, with core maintainer Paul Carleton announcing the cutover from per-user OAuth consent to an identity-provider-mediated silent token exchange. Anthropic, Microsoft’s VS Code 1.123, and seven MCP servers (Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase) shipped support at launch. Slack is actively adding it.
The mechanics matter because they shift the trust boundary. Under EMA, the MCP client requests a signed identity assertion from the IdP at SSO login; the IdP applies admin-configured policy and issues the assertion; the MCP server validates it and returns a scoped access token. No consent screen appears. The underlying mechanism is the Identity Assertion JWT Authorization Grant, or ID-JAG, flow.
That flow exists because of work Okta has been pushing through standards bodies for a year. Its Cross App Access protocol was adopted by the OAuth working group in September 2025 and folded into MCP in November. Okta is the first, and currently only, supported identity provider.
“Enterprise-managed auth gives MCP the foundation it needs to scale across an enterprise, with Okta as our first identity provider partner,” said Mayank Malhotra of Anthropic’s product team. The pitch lands harder in concrete form: “Before enterprise-managed auth, onboarding a new hire to their full toolkit meant a queue of per-connector OAuth approvals. Now they log in to Claude on day one already connected — 2,000 employees, provisioned through Okta, zero extra steps.”
HubSpot, Ramp, and Webflow are among the early enterprises running it in production across Claude, Claude Code, and Cowork. Linear’s head of engineering Tom Moor called the experience “pretty magical.”
The structural read is that MCP, born in late 2024 as a developer-facing protocol for tool calling, has now grown an enterprise IT spine. The OAuth consent prompt was the protocol’s most visible friction and its most legible security model; replacing it with backchannel policy enforcement is what every prior integration wave (SAML in the 2000s, SCIM in the 2010s) eventually demanded.
The gap is who’s left out. Azure AD and Google Workspace customers can’t use EMA yet. Anthropic says more identity providers are coming but won’t name dates. For now, the protocol that’s pitched as universal has exactly one front door.
Sources
- https://claude.com/blog/enterprise-managed-auth
- https://blog.modelcontextprotocol.io/posts/enterprise-managed-auth/
- https://www.okta.com/en-ca/newsroom/press-releases/okta-becomes-a-featured-identity-provider-powering-secure-ai-agent-connections-for-claude-enterprise/
- https://www.techtimes.com/articles/318708/20260619/mcp-enterprise-authorization-goes-stable-zero-touch-sso-okta-anthropic-vs-code.htm
- https://byteiota.com/mcp-enterprise-auth-goes-stable-no-more-oauth-queues/
— END —