MCP Takes a Major Step Forward with Enterprise-Managed Authorization
On June 18, 2026, the Model Context Protocol team announced that the Enterprise-Managed Authorization (EMA) extension is now stable. This is a significant milestone for the MCP ecosystem. And frankly, for enterprise security at large. As someone who has been vocal about the authorization challenges baked into the MCP standard, I want to take a moment to explain what this announcement means - and why it matters so much.
A Quick Overview
EMA is a new extension to the MCP standard that fundamentally changes how enterprises manage access to MCP servers. Instead of requiring every user to individually authenticate to every MCP server (a cumbersome, manual process), EMA allows organizations to centrally provision access through their existing identity provider (IdP). An administrator defines the access policy once. Users log in once through their corporate identity. The servers they are authorized to use are automatically connected, scoped to their roles and groups, with no per-app OAuth prompts and nothing to configure.
Under the hood, EMA uses an Identity Assertion JWT Authorization Grant (ID-JAG) obtained during SSO and exchanges it for access tokens at each MCP server - all without redirecting the user through individual consent screens. Numerous companies such as Anthropic, Microsoft, Asana, Atlassian, Figma, Okta, and others have already implemented it. NewCore also supports this.

I am very excited about this new capability and announcement. Let me explain why.
EMA Closes a Critical Security Exposure
I've raised this concern before, and I'll say it plainly: the original per-user MCP authorization model had a serious security problem. When individual users are responsible for authorizing their own connections to MCP servers, you get a fragmented, ungoverned access landscape. Security teams have no consistent policy, no central audit trail, and no reliable way to distinguish between a sanctioned corporate identity and a personal account that somebody quietly connected to a work tool.
That isn't a theoretical risk. It's the kind of exposure that leads to data leakage, compliance failures, and access that persists long after it should have been revoked. When authorization is distributed across hundreds or thousands of individual users, it becomes effectively invisible to the enterprise.
EMA addresses this by placing the identity provider at the center of every access decision. Centralized policy. One auditable trail across every connector. Enforced corporate identity. This is the right architectural move. Moving authorization to the identity platform is not just more convenient - it is fundamentally more secure.
EMA Enables Enterprise Scalability
My second concern with the prior model was simpler to articulate, but equally important: it did not scale. Asking every employee to manually authorize every MCP server is not an onboarding workflow - it is a tax. A tax on productivity, on adoption, and on the IT and security teams trying to support it.
EMA eliminates that tax. With zero-touch setup, users arrive on day one already connected to the tools and data their role requires. Administrators can update access policy in one place and it propagates everywhere. This is the kind of scalability that enterprise MCP deployments need to move from pilot to production.
And scalability is not a nice-to-have. It is a prerequisite. Because the authorization problem we are solving today is only going to get dramatically larger.
Treating Humans and AI Agents as First-Class Citizens
Here is the reality that the EMA announcement points toward, even if it doesn't state it explicitly: we are entering an era in which human identities will be the minority.
At NewCore, we've spent a great deal of time studying this trajectory. When AI agents reach maturity inside the enterprise, the number of non-human identities will grow by roughly 100x relative to the number of humans. And those agents don't just exist, they act. They authenticate, authorize, access resources, and call tools at machine speed, generating roughly 100x the volume of identity events that a human workforce produces. Less than 1% of total identity activity will be human-generated.
That is the scale we are building for. A legacy identity platform that was designed only for humans - even a very good one - was never going to survive contact with that reality. The identity infrastructure of the agentic era must be built at the core to govern both human and AI agent identities within the same identity plane, from the start.
EMA is an important step in the right direction for MCP. It moves authorization where it belongs: into a governed, centralized, policy-driven identity layer. But as the agentic workforce scales, that identity layer must itself be purpose-built to handle non-human identities as first-class citizens, with Agentic SSO, task-scoped tokens, real-time inventory, and machine-speed security controls.
That is the problem NewCore was built to solve. And moments like this week's EMA announcement are a reminder of why it matters.