Anthropic launched Enterprise-Managed Authorization (EMA) for Claude's MCP connectors on June 18, 2026, giving enterprise IT administrators a way to provision third-party AI integrations once through their identity provider and push access automatically to every employee on first login — with no individual OAuth consent screens required. The feature, now in beta for Claude Team and Enterprise plan customers, resolves what the Model Context Protocol community had identified as the single largest obstacle to enterprise-scale MCP adoption: the per-user authentication step that no security team could centrally govern.

The practical consequence is significant for organizations running Claude at scale. A new hire walking in on day one inherits every approved MCP connector — Figma, Atlassian, Asana, Linear, Canva, Granola, Supabase — without opening a ticket to IT. When that person leaves or changes roles, connector access is revoked through the same IdP lifecycle process that already governs the rest of their software stack, with no stale credentials left behind.

The Governance Gap EMA Closes

The problem EMA addresses is structural, not just inconvenient. Standard MCP authorization was designed for consumer-style scenarios where an individual decides what touches their data and completes an interactive consent flow to confirm it. That model cannot scale to enterprises where a security team needs to know — and control — exactly what each AI agent can reach and under what conditions.

Before EMA, deploying Claude connectors across a workforce required two separate steps: an admin enabling a connector at the organization level, and then every individual user manually authorizing it on their own. Multiply that second step across hundreds of employees and a dozen tools and the friction becomes a deployment blocker. Okta engineers working on Cross App Access have described the pre-EMA situation in similar terms: giving an AI agent access via per-user OAuth effectively meant handing a nondeterministic entity the keys to the kingdom, with no central visibility into what it could reach or what it had already touched. The alternative — credential sprawl across personal OAuth grants — left security teams with no audit trail and no reliable revocation path.

EMA changes the authorization model at the architectural level. By routing MCP connector access through the organization's identity provider, it brings AI agent connections under the same governance layer that already controls every other enterprise application. Access is visible in the IdP admin console, revocation is tied to the same offboarding workflow as every other tool, and token lifetimes can be shortened without degrading the user experience because the IdP reissues tokens silently during normal login.

How Enterprise-Managed Authorization Works

Under the hood, EMA is built on a specific extension to OAuth 2.0 called the Identity Assertion JWT Authorization Grant, known as ID-JAG, which is an IETF draft co-developed by Okta and others.

When an employee logs in, the MCP client — Claude, Claude Code, or Cowork — obtains a signed ID-JAG JWT from the identity provider during the standard single sign-on session. That JWT is then exchanged for an access token from the MCP server's authorization server. The user is never redirected through a per-server consent screen. The identity provider's existing private key — the same one it uses to sign identity tokens — signs the ID-JAG, establishing trust across the chain. The result is that the authentication that already happened at login propagates forward to every approved MCP connector automatically.

Okta's implementation of ID-JAG is called Cross App Access, or XAA. The protocol was adopted by the IETF OAuth working group in September 2025, incorporated into the MCP specification in November 2025, and declared stable as a formal MCP authorization extension on June 18, 2026. Anthropic's EMA is the first live production implementation of that stable extension.

Because the specification is open, any MCP connector — including custom-built internal tools — can adopt EMA support without going through Anthropic. Okta's TypeScript and Java SDKs already include XAA support, which means developers working in those languages can implement the authentication standard with minimal additional integration work.

Seven Connectors at Launch, Slack Next

Seven MCP providers support EMA at launch: Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase. Slack support is in progress. HubSpot, Ramp, and Webflow are among the enterprises already rolling it out.

Ramp, the fintech company, reports that 2,000 employees are now provisioned through Okta with zero additional steps required of any of them. Tom Moor, head of engineering at Linear, described the user experience shift: "Logging in once and automatically having all your MCP connectors automatically set up is pretty magical."

The feature works across Claude chat, Claude Code, and Cowork. Administrators can also require that a connector only ever authenticates through the IdP, which prevents an employee from accidentally connecting a personal account to a work tool and keeps work and personal data cleanly separated.

An Open Standard Built With Microsoft

The architecture behind EMA matters beyond the immediate Claude use case. The extension is built on the same open MCP authorization specification that Microsoft and VS Code participated in developing. Visual Studio Code version 1.123 and later supports EMA at launch — meaning organizations using VS Code as a development environment get the same zero-touch connector provisioning without going through Anthropic.

Paul Carleton, a core maintainer of the MCP protocol, noted in the announcement that because EMA is an open specification, any MCP connector can adopt it and it works the same way for every Claude customer. That structural detail matters: when Figma, Atlassian, and Linear implement the same authentication standard simultaneously with Microsoft, Anthropic, and Okta, the pattern carries the characteristics of a de-facto enterprise standard rather than a proprietary feature. Enterprise IT teams evaluating AI deployments may increasingly ask which MCP servers support EMA before approving deployment.

Okta's Ely Kahn, the company's chief product officer, framed the launch as a milestone in the broader pattern of enterprise AI standardization: "when technology ecosystems grow quickly, open standards become critical to helping them scale securely."

What Azure AD Organizations Need to Know

There is one significant limitation at launch that affects a large portion of the enterprise market. Okta is the only supported identity provider in the current beta. Organizations running on Microsoft Azure Active Directory — now branded Microsoft Entra ID — are not yet served by EMA. Anthropic has confirmed that additional identity provider integrations are on the roadmap, with Azure AD and Google Workspace SSO among the planned additions, but no release timeline has been published.

For enterprise IT administrators evaluating EMA now, the practical implication is that Okta customers have a concrete path forward today, while Azure AD customers are in a waiting room. Given that the underlying ID-JAG standard is an open IETF specification, the Azure AD integration is technically straightforward once prioritized — but the timeline is Anthropic's to set.

Does EMA Close the Last MCP Governance Gap?

When MCP authentication has been the subject of enterprise concern, the conversation has centered on three problems: per-user friction, lack of centralized audit trails, and inability to enforce consistent access policy across a workforce. EMA addresses all three directly. What it does not address — and what remains an active area of enterprise AI security — is the broader class of runtime risks: prompt injection attacks that manipulate an agent into misusing the access it legitimately holds, and supply chain risks from malicious third-party MCP servers. EMA governs who can connect to what; it does not govern what an agent does once connected. Those concerns are the subject of separate governance frameworks, including guidance published by the Center for Internet Security in April 2026.

Anthropic's EMA documentation is available now; customers on Team and Enterprise plans can apply for beta access directly.

Frequently Asked Questions

What is Claude's Enterprise-Managed Authorization and who can use it?

Enterprise-Managed Authorization, or EMA, is a feature that lets enterprise IT administrators provision MCP connector access for an entire organization through their identity provider, starting with Okta. Employees receive connector access automatically on their first login to Claude without completing individual OAuth flows. The feature is currently in beta for Claude Team and Enterprise plan customers.

Which MCP connectors support enterprise-managed authorization?

Seven MCP providers support EMA at launch: Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase. Slack support is in progress. Because EMA is built on an open specification, any MCP connector — including internally built custom connectors — can add support without going through Anthropic.

Does Claude's zero-touch MCP provisioning work with Azure AD or Google Workspace?

Not at launch. Okta is the only supported identity provider in the current beta. Anthropic has confirmed that additional identity provider integrations, including Azure Active Directory and Google Workspace, are on the roadmap, but no release timeline has been published.

What security risks does enterprise-managed authorization not address?

EMA solves the provisioning and governance problem — who can access which MCP connectors, with centralized audit trails and fast revocation. It does not address runtime risks such as prompt injection attacks, where a malicious payload in a document or tool output manipulates an AI agent into misusing its access. Organizations deploying MCP at enterprise scale should review the Center for Internet Security's MCP security guidance alongside EMA adoption.