The Enterprise-Managed Authorization (EMA) extension for MCP has reached stable status, addressing one of the most significant barriers to enterprise adoption. Organizations can now centrally manage authorization for MCP servers through their trusted identity provider, eliminating individual OAuth flows and repeated consent prompts that have frustrated developers and IT teams.

EMA enables zero-touch setup where users connect to all necessary MCP servers automatically upon first login. The system uses Identity Assertion JWT Authorization Grant tokens exchanged for access tokens, removing per-server consent screens entirely. This approach provides centralized policy control and audit trails while preventing accidental mixing of personal and enterprise accounts.

Okta is the first supported identity provider, with Anthropic implementing EMA across Claude, Claude Code, and Cowork. Visual Studio Code also supports the extension. Servers including Asana, Atlassian, Canva, Figma, Linear, and Supabase have added EMA support, with Slack actively integrating.

The extension represents a fundamental shift toward treating identity as a centralized governance plane rather than scattered per-application decisions. Security teams gain consistent policy enforcement and compliance controls, while developers experience seamless integration without manual OAuth configuration. This standardization should accelerate MCP adoption in enterprise environments where security and usability intersect.