The Model Context Protocol community just shipped a significant security update: Enterprise-Managed Authorization (EMA) is now stable. The official announcement landed on the MCP blog this week and is already the #1 story in developer circles, with Anthropic, Microsoft, Okta, Figma, Asana, Atlassian, Linear, and Supabase all adding support at launch.
If your team uses MCP servers to connect AI agents to content, code, or data, this changes how you think about access control. Here is what happened, why it matters, and how Cosmic's MCP Server fits into the picture.
The standard MCP authorization model was designed for individual users. Every employee who needs access to an MCP server has to authorize it manually, one server at a time. At a company with 50 employees and 10 connected MCP servers, that is 500 individual OAuth flows before anyone does any actual work.
The pain compounds as you scale:
These are not edge cases. They are the exact friction points that slow MCP adoption in enterprise environments.
Enterprise-Managed Authorization makes the organization's identity provider (IdP) the authoritative decision-maker for all MCP server access. Administrators define policy once. Users authenticate with their existing corporate identity. The right servers connect automatically on first login.
The technical flow uses an Identity Assertion JWT Authorization Grant (ID-JAG): the client obtains a JWT from the IdP during single sign-on, then exchanges it for an access token from the MCP server's authorization server. No per-server consent screen. No redirects. No configuration required from the end user.
Three properties fall out of this:
Okta is the first supported identity provider, with Cross App Access (XAA) as the mechanism. Anthropic has implemented EMA across Claude, Claude Code, and Cowork. VS Code has added support directly in the IDE.
If you are using MCP servers to connect AI agents to your content infrastructure, EMA closes a gap that most teams were papering over with workarounds.
Before EMA, the typical enterprise setup looked like this: a shared service account with a long-lived API token, passed around in a .env file, with no audit trail and no way to scope access by role. It works until someone leaves, a token leaks, or security asks how many people have write access to production content.
With EMA, access to your MCP-connected content servers can be gated by the same IdP policies that control access to everything else: group membership, role, conditional access rules, and automatic deprovisioning on offboarding.
Cosmic ships a production-ready MCP Server with 18 tools covering content reads, writes, media management, and object type operations. It connects directly to Claude, Cursor, Windsurf, VS Code, and any MCP-compatible client.
Cosmic's access model complements EMA cleanly:
As EMA adoption grows across MCP clients and servers, Cosmic's bucket-scoped key model slots directly into that trust hierarchy: your IdP controls which users can reach the MCP server, and Cosmic's scoped keys control what those users can do once they are in.
Add Cosmic's MCP Server to any compatible client with a single configuration block:
import { createBucketClient } from '@cosmicjs/sdk'
// Scope your read/write keys by environment
const cosmic = createBucketClient({
bucketSlug: process.env.COSMIC_BUCKET_SLUG!,
readKey: process.env.COSMIC_READ_KEY!,
writeKey: process.env.COSMIC_WRITE_KEY!, // omit for read-only agents
})
For Claude Desktop or Cursor, add Cosmic to your MCP config:
{
"mcpServers": {
"cosmic": {
"command": "npx",
"args": ["-y", "@cosmicjs/mcp-server"],
"env": {
"COSMIC_BUCKET_SLUG": "your-bucket-slug",
"COSMIC_READ_KEY": "your-read-key",
"COSMIC_WRITE_KEY": "your-write-key"
}
}
}
}
Agents connecting through this config get access to all 18 Cosmic tools scoped to that bucket. Pair this with EMA at the client level and you have a full enterprise auth chain: IdP controls who can connect, Cosmic keys control what they can do.
If you are running MCP servers in a team environment today, here is where to focus:
EMA is a stable extension, not a draft. The momentum behind it is real: the early adopter list (Okta, Anthropic, Microsoft, Figma, Asana, Atlassian, Linear, Supabase, Slack in progress) covers most of the tools developers already use daily. Expect EMA support to become a baseline expectation for enterprise MCP deployments within the next few quarters.
For content teams, this is the moment to get the auth foundation right. Scoped keys, environment isolation, and human review gates are the right building blocks regardless of which IdP you use or which MCP clients your team adopts.
Cosmic's MCP Server is ready today. Create a free account and connect it to your agent stack in under five minutes. Read the full post on the Cosmic blog.