Anthropic Integrates Okta for Enterprise-Managed MCP Authorization
Anthropic has launched Enterprise-Managed Authorization to standardize AI agent access through identity providers, enabling zero-touch provisioning for enterprise deployments.
Anthropic has launched Enterprise-Managed Authorization to standardize AI agent access through identity providers, enabling zero-touch provisioning for enterprise deployments.

Anthropic deployed Enterprise-Managed Authorization (EMA) on June 18, 2026, establishing a centralized governance framework for Model Context Protocol (MCP) connectors within enterprise environments. This integration allows IT administrators to provision third-party AI tools through Okta, eliminating the requirement for individual OAuth consent flows during employee onboarding.
The architecture utilizes the Identity Assertion JWT Authorization Grant (ID-JAG), a technical extension to OAuth 2.0 currently under development within the IETF. By routing authentication through an organization’s identity provider, the system ensures that MCP connector access remains synchronized with existing lifecycle management workflows. Tokens are issued silently during the standard single sign-on session, removing the friction of per-user interactive consent screens that previously hindered large-scale deployments.
Seven major MCP providers currently support the EMA standard, including Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase. Organizations such as Ramp have already transitioned to this model, managing access for 2,000 employees without requiring manual intervention for individual connector configuration. The implementation extends across the Claude ecosystem, covering the web interface, Claude Code, and the Cowork agentic platform.
The underlying ID-JAG protocol, known as Cross App Access within Okta, achieved stable status on June 18, 2026, following its adoption by the IETF OAuth working group in September 2025. Because the specification is open, it allows for interoperability beyond Anthropic’s proprietary software. Microsoft has actively participated in the development of this authorization standard, ensuring that tools like Visual Studio Code version 1.123 and later can leverage the same zero-touch provisioning logic.
Security teams can now enforce consistent access policies, as connector permissions are visible within the identity provider’s administrative console. This shift addresses the primary governance gap identified by the MCP community: the inability to centrally audit or revoke access for nondeterministic AI agents. By tying token lifetimes to the IdP session, administrators can ensure that access remains valid only as long as the user’s corporate identity is active.
The current implementation remains limited to Okta, leaving organizations reliant on Microsoft Entra ID or Google Workspace without immediate support. Anthropic has indicated that these identity providers are on the development roadmap, though specific release timelines remain undisclosed. The reliance on an open IETF draft suggests that once these additional providers are integrated, the technical barrier for cross-platform adoption will be minimal.
The transition to EMA signals a maturation in how enterprise AI agents interact with internal data silos. By moving away from consumer-grade OAuth flows, organizations can treat AI connectors as standard enterprise applications subject to rigorous identity governance. This standardization reduces the risk of credential sprawl and unauthorized data access that typically accompanies decentralized authentication models.
While EMA effectively resolves the challenges of provisioning and revocation, it does not mitigate runtime threats such as prompt injection or malicious data exfiltration. Security researchers note that while the authorization layer is now robust, the integrity of the agentic interaction itself remains a distinct vector for potential exploitation. Future developments in the MCP ecosystem will likely focus on these runtime security layers to complement the progress made in identity management.
The technical shift toward ID-JAG represents a broader trend in AI infrastructure where agentic autonomy is constrained by established identity protocols. By embedding authorization into the identity provider, Anthropic and its partners are effectively treating AI agents as managed service identities rather than ephemeral user-level scripts. This architectural alignment is essential for scaling agentic workflows in highly regulated environments where auditability and least-privilege access are non-negotiable requirements.
The industry is now watching for the expansion of identity provider support to include broader enterprise environments. As adoption of the ID-JAG standard increases, the ability to maintain a unified security posture across heterogeneous AI toolsets will become a primary benchmark for enterprise AI readiness. Organizations that successfully implement these standards will likely see a significant reduction in the operational overhead associated with managing AI-driven productivity tools at scale.