AI Model Context Protocol Adds Centralised Auth for Enterprise

TL;DR · AI 摘要
MCP企业级授权扩展稳定发布,通过集中身份验证简化AI模型服务器访问管理,被Anthropic、Microsoft等企业采用。
核心要点
- EMA扩展采用ID-JAG授权流程,实现单点登录跨服务器访问
- Anthropic、Microsoft等企业已部署该方案减少80%手动配置
- 企业身份提供商接管授权决策,但不监控MCP流量
结构提纲
按章节快速跳转。
思维导图
用一张图看清主题之间的关系。
查看大纲文本(无障碍 / 无 JS 友好)
- MCP企业授权扩展
- 核心机制
- ID-JAG授权流程
- 单点登录
- 企业采用
- Anthropic
- Microsoft
- Okta
- 安全架构
- 身份策略分离
- 不监控流量
金句 / Highlights
值得收藏与分享的关键句。
Organisations can centrally manage authorisation for MCP servers, and end-users can access all connected MCP servers through a single login.
The extension is now stable and has been adopted by Anthropic, Microsoft, Okta, and a growing number of MCP servers.
The architecture separates identity policy from the tool call itself, with enterprise layer deciding connection permissions.
AI Model Context Protocol Adds Centralised Auth for Enterprise - InfoQ
InfoQ Homepage News AI Model Context Protocol Adds Centralised Auth for Enterprise
AI, ML & Data Engineering
Building AI Agent Evals for High-Stakes Incident Response (Webinar Aug 6th)
AI Model Context Protocol Adds Centralised Auth for Enterprise
Jul 06, 2026 3 min read
by
- Matt Saunders
#### Follow us on
Youtube
232K Followers
26K Followers
New
RSS
19K Readers
X
57.1k Followers
21K Likes
Bluesky
Listen to this article -
0:00
Audio ready to play
Your browser does not support the audio element.
Normal
1.25x
1.5x
Like
new dropdown rading list
- Reading list
The Model Context Protocol team has promoted its Enterprise-Managed Authorisation extension to stable status, adding a centralised way for organisations to control access to MCP servers through their identity provider. The project states the aim is to replace per-server consent prompts with a zero-touch flow in which users sign in once and then access approved servers without further setup.
In the launch announcement , the MCP team says the extension is now stable and has been adopted by Anthropic, Microsoft, Okta, and a growing number of MCP servers. The post says the community has been clear that repeated authorisation prompts are a major pain point in enterprise MCP deployments, as the standard model is user-scoped and tied to interactive auth conventions that do not scale well in larger organisations.
The practical effect is to move the authorisation decision into the enterprise identity provider, rather than leaving it to each employee and each server. The enterprise posts say the result is a "single log in" experience for connected servers and a setup where users inherit access to the servers their organisation has approved. The flow is described as using an Identity Assertion JWT Authorisation Grant , or ID-JAG, which is exchanged for an access token by the MCP server’s authorisation server.
The post highlights the importance of that architecture; it separates identity policy from the tool call itself. The enterprise-managed layer decides whether a user can connect a client to a server, and at what scope, but it does not inspect the MCP traffic after the token is issued. The guide explicitly warns that this is not runtime authorisation for individual actions, which means organisations still need their own controls for what happens once an agent is inside a system.
"Organisations can centrally manage authorisation for MCP servers, and end-users can access all connected MCP servers through a single login." -- Model Context Protocol blog
The announcement frames this as a response to the way MCP has been adopted in practice. It says the old per-user model creates manual onboarding work, makes it harder for security teams to enforce policy, and blurs the line between personal and work accounts. By contrast, the new extension lets admins define policy once and apply it through their existing identity controls.
Several external write-ups have reached the same conclusion. Ehsan Hosseini describes EMA as the answer to a "mess" created by per-user, per-server OAuth and argues that enterprise identity providers become the authority that determines which clients can reach which servers. That article also makes a useful distinction between connection-level control and per-action control, arguing that EMA does not replace separate policy enforcement for sensitive runtime decisions. Okta is the first identity provider named in the launch, using its Cross App Access approach as the first supported path for enterprises. That makes the current rollout a meaningful but still partial step, since the model depends on both the identity provider and the MCP server supporting the extension. Hosseini notes that the protocol remains additive, so organisations that do not use a supporting identity provider will still need a fallback path.
Community reaction has been broadly positive, especially around the promise of less friction. Jiquan Ngiam wrote on LinkedIn that the extension helps address one of the messiest parts of using agents with data and can improve both security and observability by avoiding awkward auth flows. Other posts called EMA a structural fix for MCP server access, pointing to the move from per-user prompts to a shared enterprise control plane.
"We've heard from the community that authorisation and repeated consent prompts from connected MCP servers is one of the biggest pain points when it comes to managing connectivity in enterprise environments." -- Model Context Protocol blog
The launch also highlights the ecosystem around the new extension. The announcement says Anthropic has implemented support in its shared MCP layer for Claude, Claude Code and Cowork, while Visual Studio Code has also added support in the IDE. On the server side, Asana, Atlassian, Canva, Figma, Granola, Linear and Supabase are listed as supporting EMA, with Slack and others in progress. That breadth suggests the project is trying to make centralised enterprise auth feel like a default rather than a special integration. This release removes one of the most obvious operational frictions in enterprise adoption of MCP which might be significant for teams trying to connect assistants to internal tools at scale.
main wrapper for authors section
About the Author
section title
main wrapper for each author
#### Matt Saunders
Show more
Show less
#### This content is in the AI, ML & Data Engineering topic
##### Related Topics:
- AI, ML & Data Engineering
- Model Context Protocol (MCP)
- Enterprise
- Authentication
- Related Editorial
- Related Sponsors
- Related Sponsor August 6, 2026, 1 PM EDT Building AI Agent Evals for High-Stakes Incident Response Presented by: Brianne Bujnowski - Senior Product Marketing Manager, AI at Datadog, and Benjamin Barton - Senior Software Engineer at Datadog
The InfoQ Newsletter
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example
We protect your privacy.