Anthropic Makes Okta Its First Identity Provider for Managed MCP Access
On June 18, 2026, Anthropic shipped a feature that sounds mundane and is anything but: enterprise managed authorization for Model Context Protocol connectors, with Okta as the first supported identity provider. In plain terms, an administrator can now authorize an MCP connector once for an entire organization, and every eligible employee gets that connection waiting for them the first time they open Claude, with no per app OAuth dance and nothing to configure. The capability spans Claude chat, Claude Code and Cowork for Team and Enterprise plans, and it is built on a new open extension to the Model Context Protocol itself.
This is the kind of release that does not trend on social media but quietly removes one of the last real blockers to enterprise AI agent deployment. MCP has spent the last year becoming the de facto standard for how AI assistants connect to the tools where work actually happens, from Atlassian and Asana to Figma, Linear and Supabase. The problem was never the protocol. It was that wiring up dozens of connectors for thousands of employees, each through an individual OAuth consent screen, was an administrative and security nightmare. Anthropic just made that an identity provider concern, which is exactly where it belongs.
How Enterprise Managed Authorization Actually Works
The mechanics are deliberately boring, and that is the point. An administrator authorizes a connector once at the organization level. Users then inherit access automatically through their existing identity provider groups and roles, so a member of the engineering group sees the Linear and Supabase connectors appear without ever touching a settings page. Anthropic calls this zero touch connector setup, and it folds MCP access into the same provisioning and deprovisioning workflows enterprises already run for every other piece of software. When an employee leaves, revocation flows through the standard identity provider path rather than requiring a hunt for stray OAuth grants.
Mayank Malhotra of Anthropic's product team framed the significance bluntly: enterprise managed auth gives MCP "the foundation it needs to scale across an enterprise, with Okta as our first identity provider partner." That word, scale, is the whole story. A pilot with a handful of connectors and a dozen power users never needed this. A company rolling Claude out to ten thousand employees absolutely does, because at that size manual connector management is not just tedious, it is a genuine security liability where orphaned tokens and over broad grants accumulate faster than anyone can audit them.
Okta's Play and the Cross App Access Standard
Okta is not a passive integration here. The company is positioning itself as the control plane for AI agent access, using its Cross App Access protocol to govern which agents reach which tools on whose behalf. Ely Kahn, Okta's chief product officer, tied the move to a broader pattern: "The industry has seen that when technology ecosystems grow quickly, open standards become critical to helping them scale securely." Okta has watched the agent ecosystem explode and concluded, correctly in our view, that identity and authorization are the layer where it can stay indispensable as AI reshapes the enterprise software stack.
The early adopter list signals real demand rather than a lab demo. Ramp, Webflow and HubSpot are among the customers rolling the feature out, and the supported MCP servers at launch include Asana, Atlassian, Canva, Figma, Granola, Linear and Supabase, with Slack and others adding support. Crucially, Anthropic built this as an open extension to MCP, not a proprietary Anthropic and Okta handshake. Microsoft is among the parties adopting the Enterprise Managed Authorization extension, which means the same governance model is likely to span multiple assistants and multiple identity providers rather than locking enterprises into one vendor pairing.
Why This Matters for the Agent Security Problem
Enterprise security teams have spent the past eighteen months nervous about agentic AI for a specific reason: an autonomous assistant that can read your code, your project tracker and your design files is also a concentrated new attack surface and a sprawling new set of access grants to govern. Every connector an employee authorizes is a credential that lives somewhere, that someone has to remember exists, and that must be revoked when roles change. Doing that by hand across an enterprise is how you end up with the AI equivalent of forgotten admin accounts. Managed authorization collapses that risk into the identity governance program companies already have.
This is also a quiet answer to one of the loudest objections CISOs raise about Claude Code and similar tools. The fear is not that the model is malicious but that the access it accumulates is ungoverned. By routing MCP access through Okta groups, shortening token lifetimes and inheriting standard revocation, Anthropic lets security leaders apply the same least privilege and offboarding discipline to AI agents that they apply to humans. That does not eliminate agent risk, but it moves it from an unmanaged sprawl into an auditable, policy driven system, which is the difference between a pilot a CISO tolerates and a rollout a CISO approves.
The Strategic Read for CIOs
Step back and the pattern is clear: the AI agent market is maturing from capability to control. The first phase was about whether models could use tools at all. The phase we are entering is about whether enterprises can deploy those tool using agents safely at scale, and that phase is won on identity, governance and standards rather than benchmark scores. Anthropic shipping managed auth on an open MCP extension, with Okta and Microsoft in the tent, is a bet that interoperable governance, not proprietary lock in, is what unblocks enterprise spending.
For CIOs, the practical guidance is to treat MCP authorization as an identity architecture decision now, not later. If your organization is piloting Claude, Copilot or any MCP based assistant, the connectors will multiply, and the time to define group based access policies is before the sprawl, not after. The vendors that win the enterprise agent market will be the ones that make security teams comfortable, and on June 18 Anthropic and Okta made a credible move to be exactly that. The unglamorous plumbing of authorization, it turns out, is where the agentic AI rollout is actually decided.
