A system for managing who gets access to AI and other workplace tools just reached a stable, production-ready status on June 18, 2026. It solves a problem that has been slowing down large organizations: how to keep control over which employees can use which tools, without making each worker ask for permission individually every time.

The system is called Enterprise-Managed Authorization, or EMA. Here is what it does in plain terms: instead of each tool deciding who can access it, a company's central identity system — the same system that controls who can log into email and other company software — now controls access to these new tools as well.

How This Works in Practice

Most large companies already have a central place where they manage employee access to software. It might be Okta or Microsoft Entra — systems that act like a master directory for who works there and what they are allowed to use. Until now, when an employee tried to use a new tool, that tool would ask them directly: "Do you want to give me permission to access your company systems?" The employee could say yes or no. The company's security team had no say in the matter.

EMA changes that. Now, when an employee tries to use a tool, the decision goes back to that master directory. The company's security rules apply automatically. If the rules say "this person can use this tool," they get in. If the rules say "this person cannot," they don't. No pop-up boxes. No employee deciding on their own.

This matters for big organizations because some of these tools can be powerful — they might read company databases, call internal systems, or move data around. A company with 50,000 employees needs its security team to control who can do what, not leave it up to individual judgment.

The Bigger Picture

The technology that makes this possible has been developing in stages. In March 2025, the underlying rules for how these tools authenticate were established. In November 2025, people working on the protocol published ideas for how companies could layer their own controls on top. This June release represents the official, stable version that companies can now rely on.

Over the past year or so, the ecosystem of tools available through this protocol has grown quite large — more than 10,000 tools and 2,500 different services now connect through it. That creates a practical headache: if each tool has its own way of giving access and controlling who can use it, a company's security team has to manage thousands of different systems. EMA is a way to replace all of that chaos with one set of rules applied in one central place.

The major AI assistant companies have been preparing for this. One system now includes built-in support for these authentication flows. Another is developing tools specifically to handle the process smoothly, even when older tools don't support all the newest standards.

Why This Matters Now

Large organizations have been hesitant to use these new tools in their core business because they could not answer a basic question from their security teams: "How do we control access and keep an audit trail?" EMA answers that question in a way the security teams already understand — the same language and systems they use to manage everything else.

There is something worth considering here. This system only works well if a company has already set up its identity controls properly in the first place. A company with well-organized access rules gets this capability almost automatically. A company where access control is messy still has messy access control — EMA just adds another layer to manage. The system standardizes how the controls connect, but it does not force anyone to actually have good controls to begin with.

The fact that this feature is now officially stable, rather than still experimental, sends a signal to enterprises that it is ready to build business processes around. Large organizations typically will not rely on systems that are still being changed frequently. A stable designation tells them they can trust this for the long term.

For the engineers and security professionals who work at large companies, the practical next step is straightforward. They should look at what tools they want to use, compare those against their existing access rules, and figure out whether the automatic behavior EMA provides makes sense for their situation. After that, the system handles the rest.