Anthropic Introduces Admin-Managed MCP Auth for Claude Enterprise

Every enterprise AI rollout eventually hits the same wall: the security team wants centralized control, but the actual product requires every user to complete their own OAuth flow before they can touch anything useful. Anthropic's new Enterprise-Managed Authorization for MCP connectors, announced on its blog, is a direct attempt to dissolve that friction. Admins authorize a connector once through their identity provider, and employees inherit access automatically the first time they open Claude, with no individual grant prompts.

The mechanism folds MCP access into the same workflow that already governs the rest of an organization's software stack. Access is scoped by the IdP groups and roles employees already have, so a new hire inherits connector access on first login. Ramp, one of the early customer rollouts, reports that 2,000 employees are now provisioned through Okta with zero extra steps. Because access is verified through the IdP at each use, admins can also shorten token lifetimes without degrading the user experience, which means deprovisioned accounts lose connector access quickly instead of carrying a stale credential window.

Seven MCP providers support the standard at launch: Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase, with Slack coming next. The feature is built on an open extension to the MCP authorization spec, which Anthropic says means any connector, including ones built in-house, can implement the same behavior. That open standard detail matters: it keeps this from being a proprietary lock-in and lets the pattern spread across the broader agentic tooling ecosystem.

The honest caveats are two. First, Okta is the only supported identity provider at beta launch, and the announcement offers no timeline for when others arrive. Organizations whose IT stack runs on a different identity platform are in a waiting room for now. Second, the announcement lists "Cowork" alongside Claude chat and Claude Code as a supported surface, but does not describe what that product is. And centralizing all MCP access through a single IdP, while operationally cleaner, does widen the blast radius if that identity provider is ever compromised.

For compliance-conscious organizations that have been watching MCP with interest but hesitating on procurement, this removes a genuine objection. The feature is available in beta to Claude Team and Enterprise customers now.