The Per-User Auth Tax
The standard MCP authorization model was designed for individual developers. When you're the only person using your AI tools, clicking through a consent screen once per server is fine. But in enterprise environments, this breaks down fast.
Every employee has to authorize every server individually. Onboarding a new teammate means walking them through connecting service after service. Security teams can't enforce consistent policy — access is whatever each user authorized, with no central control or audit trail. Work and personal accounts blur together: there's no way to require a corporate identity, so a developer can connect a personal MCP account to a work tool.
With MCP servers proliferating, this per-user authorization tax compounds. The result is teams that disable MCP integrations entirely rather than deal with the onboarding overhead.
Enterprise-Managed Authorization (EMA)
The Model Context Protocol's new Enterprise-Managed Authorization (EMA) extension changes this by making the organization's Identity Provider (IdP) the authoritative decision-maker for MCP server access.
Under the hood, the client obtains an Identity Assertion JWT Authorization Grant (ID-JAG) from the IdP during single sign-on and exchanges it for an access token from the MCP server's authorization server. The user is never redirected through a per-server consent screen.
Three properties fall out of that flow:
- Authorize once, inherit everywhere: admins enable a server for the org. Users get it automatically, scoped to the groups and roles they already have.
- Centralized policy and audit: access decisions live in the IdP admin console, with one auditable trail across every connector.
- No enterprise/personal mixups: by removing the interactive account selection step, it's much easier to enforce corporate identity requirements.
Adoption
The extension is already being adopted by major players: Anthropic, Microsoft, and Okta are among the first to implement EMA support. The MCP server ecosystem is expected to follow.
For developers building MCP servers, supporting EMA means your tool becomes enterprise-ready out of the box — no custom SSO integration, no per-customer auth logic to maintain. For enterprises, it means MCP can finally move from experimental to production without the auth overhead that made IT teams hesitant.
The EMA extension is available now in the MCP spec.