Enterprise-Managed Authorization Replaces Per-User MCP OAuth

Anthropic has stabilized the Enterprise-Managed Authorization (EMA) extension for the Model Context Protocol, allowing organizations to centrally provision AI agent access to third-party applications. Previously, connecting a given model to external tools required each employee to complete an individual OAuth consent flow for every service. EMA bypasses this friction by shifting authorization to the enterprise identity provider layer.

Protocol Foundation

The EMA standard builds on two open identity specifications to enable zero-touch provisioning. It utilizes Cross App Access (XAA), a protocol spearheaded by Okta, and the Identity Assertion JWT Authorization Grant (ID-JAG), which is currently an IETF draft. By routing access grants through an existing identity system, administrators can scope agent capabilities based on established corporate roles and groups.

At launch, Okta operates as the primary supported identity provider. Support for Microsoft Entra ID, Google Workspace, and Ping Identity remains in beta with waitlists available.

Client and Server Ecosystem

The shared authorization layer integrates natively across Anthropic’s agent interfaces, including Claude chat, Claude Code, and Claude Cowork. Visual Studio Code has also added native client support for the standard. Seven enterprise platforms are participating as initial server launch partners, with Slack integration scheduled for a later release.

Category	Supported Platforms
Clients	Claude chat, Claude Code, Claude Cowork, Visual Studio Code
Identity Providers	Okta (Live), Entra ID (Beta), Google Workspace (Beta), Ping Identity (Beta)
MCP Servers	Asana, Atlassian, Canva, Figma, Granola, Linear, Supabase

Governance and Lifecycle Management

Moving authorization to the identity layer inherently changes how security teams manage agent access. Employees inherit connection privileges automatically upon their first login to an AI client. Ramp, an early adopter alongside Webflow and Hubspot, reported provisioning 2,000 employees through Okta with zero manual user steps.

Deprovisioning an employee in the central IdP immediately revokes their AI agent’s access to all downstream tools. Because access is verified at the identity layer continuously, administrators can enforce shorter token lifetimes without triggering redundant user consent prompts.

This architecture directly addresses the fragmented security risks associated with scaling AI tool use. Following the donation of the Model Context Protocol to the Agentic AI Foundation under the Linux Foundation in December 2025, EMA is positioned as a vendor-neutral governance plane available for broader adoption by other model providers.

If you manage enterprise AI deployments, evaluate your current tool integration pipelines for compatibility with XAA and ID-JAG. Transitioning custom internal integrations to support the new EMA standard allows your agents to authenticate silently and securely under centralized access policies.