If you’ve ever watched a new hire spend their first week clicking “allow” through an endless parade of OAuth screens — Slack, Notion, Jira, Figma, Linear, the list goes on — you know the particular flavor of frustration that comes with enterprise software onboarding. Multiply that by every AI tool the company adopts, and you’ve got a productivity tax that nobody talks about in the sales deck.

Anthropic just quietly eliminated that tax for Claude.

On June 18, the company rolled out what it calls Enterprise-Managed Authorization for MCP connectors. The name is a mouthful. The concept is simpler: IT admins configure access once in their identity provider — Okta, for now — and employees get every approved connector automatically the moment they log into Claude. No consent screens. No per-app authorization dances. No “which account am I using again?” confusion.

The problem nobody wanted to admit

MCP — the Model Context Protocol — has been gaining serious traction as the open standard for connecting AI assistants to external tools and data. Anthropic introduced it in late 2024, and since then, it’s become the connective tissue between Claude and the apps where work actually happens: Asana, Atlassian, Figma, Linear, Supabase, Canva, Granola, with Slack on the way.

But there was a catch. The original MCP authorization model was built around individual users. Every person had to authorize every server individually. In a 2,000-person organization, that’s not a workflow — it’s a bottleneck.

“Before enterprise-managed auth, onboarding a new hire to their full toolkit meant a queue of per-connector OAuth approvals,” says Cameron Leavenworth, a staff IT engineer working on AI at one of the early adopters. “Now they log in to Claude on day one already connected — 2,000 employees, provisioned through Okta, zero extra steps“.

Security teams had it worse. With no central control, access was whatever each user happened to authorize. Audit trails were fragmented. And there was no good way to prevent someone from accidentally linking their personal GitHub account to a work repository — a data leakage scenario that keeps CISOs awake at night.

How it actually works

The magic isn’t magic at all. It’s an extension to the MCP specification called Enterprise-Managed Authorization (EMA), built on top of something called the Identity Assertion JWT Authorization Grant — ID-JAG for short — which itself extends OAuth 2.1.

Here’s the flow in plain English: an employee signs into Claude through their corporate SSO (Okta, currently). During that login, Okta evaluates policy — group membership, role, conditional access rules — and issues a short-lived token. Claude exchanges that token for access tokens from each MCP server the admin has approved. The user never sees a consent screen. They just open Claude and their tools are there.

Three things fall out of this design:

• Authorize once, inherit everywhere. Admins enable a connector for the organization. Users get it automatically, scoped to the groups and roles they already have in the IdP.
• Centralized policy and audit. Access decisions live in one place — the IdP admin console — with a single auditable trail across every connector.
• Work and personal stay separated. By removing the interactive account selection step, it becomes much harder to accidentally connect a personal account to a work tool.

An ecosystem play, not a solo act

What makes this notable isn’t just that Anthropic built it. It’s that they built it as an open extension to MCP, meaning any client, any server, any identity provider can implement it. The spec is stable as of June 18, 2026.

At launch, the ecosystem looks like this:

• Identity providers: Okta first, via their Cross App Access (XAA) protocol. Microsoft Entra ID and Google Workspace are on the roadmap.
• Clients: Claude (Team and Enterprise plans, in beta), and notably VS Code 1.123+ — meaning developers get this in their IDE too.
• MCP servers: Asana, Atlassian, Canva, Figma, Granola, Linear, Supabase. Slack is coming soon.

The quotes from partners read like a who’s-who of enterprise software leadership. Arnab Bose, Asana’s CPO, calls it “a foundational milestone in realizing Asana’s vision as the operating system for human-agent teams.” Figma’s VP of Engineering, Devdatta Akhawe, notes it “makes it easier for enterprises to scale their MCP deployments securely without slowing teams down.” Linear’s Head of Engineering, Tom Moor, puts it more bluntly: “Logging in once and automatically having all your MCP connectors automatically setup is pretty magical“.

Aaron Parecki, Okta’s Director of Identity Standards, frames it in broader terms: “As we move toward an interconnected AI workforce, security can’t be an afterthought. By embedding the Cross App Access protocol into MCP as the Enterprise-Managed Authorization extension, we turn identity into a centralized governance plane“.

Why this matters beyond claude

The honest answer: MCP was hitting a wall in enterprise deployments. The per-user authorization model worked fine for individual developers and small teams. It does not work for organizations with compliance requirements, audit needs, and thousands of employees who shouldn’t be managing their own OAuth tokens.

EMA changes the adoption curve. IT teams can now roll out AI tool access the same way they roll out Slack or Office 365 — through groups and roles in the identity provider they already manage. Revocation is instant: remove someone from an Okta group, and their access to every connected MCP server disappears immediately. No need to revoke tokens server by server.

For MCP server builders, the message is clear: implement EMA support now. Enterprise IT teams will require it. The spec is documented at modelcontextprotocol.io, with source and draft specification in the ext-auth GitHub repository.

The bigger picture

We’re watching the infrastructure layer for enterprise AI solidify in real time. First came the protocol (MCP). Then came authentication standards (OAuth 2.1 for MCP). Now comes authorization that actually works for organizations — centralized, auditable, and frictionless for users.

Anthropic’s blog post announcing the feature is characteristically understated: “Admins can now provision MCP connectors for their whole organization through their identity provider, starting with Okta. Users get connector access automatically on first login, with authorization configured centrally by their organization“.

That’s it. That’s the whole revolution. One login. Zero extra steps. The tools just work.

For anyone who’s ever watched a new employee stare at a screen full of “Authorize this application?” prompts — or worse, watched a security team try to audit who has access to what across a dozen AI-connected tools — this is the moment the industry grew up.

The beta is available today for Claude Team and Enterprise customers. Anthropic has a waitlist form for access, and the MCP community is actively recruiting more identity providers, clients, and servers to implement the extension.

The OAuth queue is finally dead. Long live the single sign-on.