On 18 June 2026, the Model Context Protocol — a system that lets AI assistants like Claude connect to specialized tools and databases — released a security feature called Enterprise-Managed Authorization, or EMA. It lets companies control which employees can access which tools through their existing corporate ID system, rather than asking each person to approve access individually.

What EMA Does

Think of it like this: imagine your company's AI assistant could connect to production databases, internal APIs, and specialized software. Right now, when an employee's AI needs to access one of those systems, it asks the person "do you approve this connection?" The user clicks yes, and access happens. That works fine for a small startup. But for a large organization with thousands of employees, it creates a security problem. The company's IT and security teams can't enforce consistent rules about who should be able to access what.

EMA changes that. Instead of asking each user to approve access, the system routes the approval through the company's identity provider — the central system where employee access is already managed (typically Okta, Entra ID, or a similar product). The company's IT team sets a policy once, centrally. From then on, when an employee's AI assistant tries to access a tool, the authorization is automatic and governed by that existing policy. Access can be revoked or adjusted from the same place where the company already manages other employee permissions.

Previously, the MCP protocol only handled authorization at the technical connection level — between the AI client and the remote server. There was no formal way for an enterprise to sit in the middle and enforce organizational policies. EMA adds that layer.

The Real-World Problem It Solves

The MCP ecosystem has grown. The protocol now provides access to over 10,000 tools and more than 2,500 APIs. As that number grows, each connection becomes its own separate access point that a company has to track and manage separately. That's operationally messy. When an employee leaves, or when access needs to be restricted, an IT team has to go through multiple places to revoke it.

EMA consolidates that. The identity provider becomes the single source of control. Whether an employee is using Claude Code (Anthropic's official AI client), a third-party tool, or a custom internal system, the same organization policies apply automatically.

The practical impact matters. Anthropic has already been moving in this direction — Claude Code handles OAuth 2.0 connections and ships with pre-configured credentials for servers that need them, reducing friction for developers. EMA formalizes this pattern so it scales across any client or server in the ecosystem.

Enterprises have actually been waiting for this. Security and compliance teams need to be able to answer questions like "who approved this access?" and "what happened when it was used?" until now, the MCP protocol didn't have a formal answer. It does now, in terms those teams understand — centralized policy, audit logs tied to employee identity, and revocation through existing IT systems.

The timing of the stable release also matters practically. Large organizations don't rely on experimental or draft specifications in production systems. When the MCP team marked EMA as "stable," it signaled that the technical interface won't change. That's the threshold most enterprise architecture reviews require before approving a new technology. Companies can now justify adding MCP to their AI workflows in a way their IT governance process accepts.

What Comes Next

For a company considering MCP adoption, the next step is concrete: the IT team maps out what data and tools the AI needs to access, checks that against the company's existing IdP policies, and confirms that zero-touch OAuth (automatic approval through policy) aligns with what the security team has already approved. The EMA extension handles the rest.

One thing worth noting: EMA is valuable only to the extent that a company already has mature identity management. If a company has well-configured Entra or Okta policies, EMA essentially gives them centralized MCP control at no extra cost. If a company's identity infrastructure is fragmented or inconsistent, EMA becomes one more place where that existing mess needs to be cleaned up. The extension standardizes the mechanism; it doesn't solve governance problems that weren't there to begin with.