Enterprise-Managed Authorization: Adopting AI Tools Without Opening Security Holes

Enterprise-managed authorization (EMA) lets an organization provision AI tool connectors through its identity provider, so employees get access automatically on first login—with no individual OAuth approvals. It matters because it brings AI tooling under the same access governance, scoping, and deprovisioning controls that already protect the rest of your stack.

The real shift: identity governance is coming to AI tooling

For two years, "AI adoption" inside most organizations meant individuals wiring up their own connectors. Someone in finance links an AI assistant to the billing system. Someone in legal connects it to the document store. Each link is a separate OAuth grant, approved one user at a time, invisible to IT until something goes wrong.

That model doesn't survive contact with a regulated environment. If you can't answer "who has AI access to what, and how fast can we cut it off," you don't have a security posture—you have a list of hopes.

The fix is the same one that solved this for SaaS a decade ago: route access through the identity provider. Enterprise-managed authorization applies centralized identity governance to AI connectors. It's an extension to the open Model Context Protocol (MCP) standard—the protocol that lets AI tools talk to the systems you already run—which means this is an industry direction, not a single vendor's feature. Anthropic shipped the first concrete implementation with enterprise-managed authorization for MCP connectors, starting with Okta. Expect every serious platform to follow.

What is enterprise-managed authorization?

Enterprise-managed authorization is a way to grant AI tool connectors through your identity provider (IdP) rather than per user. An administrator selects which MCP connectors the organization should have, and employees receive that access automatically the first time they log in through the IdP. Access scoping follows the IdP groups and roles you've already defined, and admins can require IdP-only connections—blocking personal-account linking entirely.

In plain terms: the same Okta login that gates your email and your CRM now gates your AI tools, with the same rules.

How does enterprise-managed authorization work?

1. Connect the identity provider. An admin links the organization's IdP—Okta at launch, with more coming.
2. Select the connectors. The admin chooses which MCP connectors to enable org-wide (the launch set includes Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase, with Slack noted as coming).
3. Employees log in once. Staff sign in through the IdP—no separate per-connector authorization dance.
4. Connectors auto-provision. Approved tools become available across the AI surfaces people actually use—chat, coding tools, and the agentic workspace.
5. Scope follows existing roles. Access maps to the IdP groups and roles already in place, so a contractor and a director don't get the same reach.
6. Lock it down where needed. Admins can require IdP-only connections, so personal accounts can't quietly bridge into work data.

The result early adopters describe is mundane in the best way. Reed Shackelford, Webflow's senior manager for enterprise AI operations, said enterprise-managed auth "turned AI into something people use instead of request." Linear's head of engineering, Tom Moor, put it more plainly: "Logging in once and automatically having all your MCP connectors automatically set up is pretty magical."

Before EMA vs. with EMA

Before EMA | With EMA

Admin enables connectors org-wide, then every user authorizes each one individually | Admin connects the IdP and selects connectors once; users get access on first login

Access lives in scattered per-user OAuth grants | Access governed by the trusted IdP

Offboarding means hunting down individual grants | Deprovisioning is rapid—cut IdP access, cut connector access

Work and personal accounts blur together | Admins can require IdP-only connections, enforcing clean separation

Long-lived tokens to avoid re-auth friction | Shorter token lifetimes without hurting productivity

What enterprise-managed auth means for regulated and institutional organizations

If you run a hospital network, a county agency, a university, or a professional-services firm under NDA, you don't get to be cavalier about access. Three things make EMA matter more for you than for a 12-person startup:

Deprovisioning is an audit question, not a convenience. When a clinician, a caseworker, or an adjunct leaves, "we'll clean up their connectors eventually" is a finding waiting to happen. Routing AI access through the IdP means offboarding cuts AI tool access at the same moment it cuts everything else—one action, fully logged.

Scoping has to match role, not enthusiasm. A records clerk and a department head shouldn't have the same AI reach into sensitive systems. Because EMA inherits your existing IdP groups and roles, the access boundaries you already defended in your last compliance review carry straight over to AI tooling—no new parallel permission model to maintain or explain to an auditor.

Shorter token lifetimes stop being a tax. Security teams want short-lived tokens; users hate re-authenticating. EMA lets you shorten token lifetimes without the productivity hit, because re-auth rides the normal IdP login instead of a separate per-connector prompt. You get the safer default without the help-desk tickets.

The through-line: AI tooling stops being a shadow-IT exception and becomes a governed part of the stack you already trust. That's the bar institutions should be holding every AI vendor to.

How to adopt AI tooling without opening security holes

A short checklist we use when helping institutional clients turn this on responsibly:

• Inventory existing AI connectors first. You can't govern what you can't see. Find the per-user grants already in the wild before you centralize.
• Map connectors to IdP groups deliberately. Don't grant the full connector set to "all staff" by reflex—scope to the roles that actually need each system.
• Require IdP-only connections for anything touching regulated data. Block personal-account linking where the data is sensitive.
• Shorten token lifetimes once login friction is gone. EMA removes the excuse for long-lived tokens—take the safer default.
• Document the policy. Write down who approved which connectors and why. The next audit will ask.

FAQ

Is enterprise-managed authorization an Anthropic-only feature?

No. EMA is implemented as an extension to the open Model Context Protocol (MCP) standard, so it's a direction the broader AI tooling ecosystem is moving in—centralized identity governance for AI connectors. Anthropic shipped the first concrete version, in beta for Team and Enterprise plans, starting with Okta as the identity provider.

Which identity providers and connectors are supported?

At launch, the identity provider is Okta, with more providers planned. The MCP connectors available at launch include Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase, with Slack noted as coming. The supported list is expanding over time.

How is this different from just enabling connectors org-wide?

Enabling connectors org-wide was only half the job before—each user still had to authorize every connector individually. EMA removes that user-side step. Once an admin connects the IdP and selects connectors, employees get access automatically on first login, with scoping inherited from existing IdP roles.

Does enterprise-managed authorization improve security or just convenience?

Both, and they reinforce each other. Access is governed by a trusted identity provider, tokens can be shorter-lived without hurting productivity, deprovisioning is rapid when someone leaves, and admins can enforce clean work/personal separation by requiring IdP-only connections. The convenience is what makes the secure defaults stick.

What should a regulated organization do before turning it on?

Inventory the AI connectors already in use, map each connector to the right IdP groups instead of granting everything to everyone, require IdP-only connections for anything touching regulated data, and document who approved what. Treat AI access provisioning with the same rigor you apply to any other system that touches sensitive records.

Adopting AI responsibly, with help

Commonwealth Creative builds modern, secure systems for organizations that can't afford to be loose with access—healthcare, government, higher ed, and professional services. We're a 100% US-based team, we sign an NDA on every engagement, and we build with AI the same way we build everything else: governed, scoped, and documented. If your organization is weighing how to roll out AI tooling without creating new exposure, talk to us about a secure AI adoption plan—we'll help you do it right the first time.

Source: Anthropic, "Enterprise-managed authorization for MCP connectors." Last updated: 2026-06-19.