Zero-Touch OAuth for MCP
4 hours ago
- #Enterprise Authorization
- #Identity Management
- #MCP Extension
- Enterprise-Managed Authorization (EMA) extension is now stable, addressing enterprise pain points with repeated consent prompts.
- EMA allows centralized access control via identity providers, enabling zero-touch setup for users without per-app OAuth.
- It solves issues of per-user authorization friction, lack of centralized policy, and mixing of personal/work accounts.
- The flow uses Identity Assertion JWT Authorization Grant (ID-JAG) for single sign-on, eliminating per-server consent screens.
- Early adopters include Okta (identity provider), Anthropic and Visual Studio Code (clients), and Asana, Atlassian, Canva, Figma, Granola, Linear, Supabase (servers).
- The extension improves security, observability, and compliance, facilitating MCP adoption in enterprises.
- Community involvement is encouraged through specification review and joining the EMA Interest Group.