MCP adds Enterprise-Managed Auth with Okta beta and VS Code support

• Anthropic added an MCP extension for enterprise-managed authorization, so admins can authorize connectors through their identity provider instead of pushing users through per-app OAuth and consent flows, according to ClaudeDevs' launch thread.
• The beta starts with Okta and connectors for Asana, Atlassian, Canva, Figma, Granola, Linear, Slack, and Supabase, with access staying consistent across Claude chat, Claude Code, and Cowork per ClaudeDevs' connector list.
• Anthropic also framed the work as an open MCP extension that any client, server, or identity provider can adopt, according to ClaudeDevs' spec post.
• VS Code shipped support the same day, with the VS Code post saying developers can use organization-approved MCP servers with their work account and without repeated connector-by-connector setup.
• The pain point was already visible in the wider MCP ecosystem, where zeeg's reply called auth the main blocker for making plugin-style integrations work smoothly.

You can read Anthropic's announcement, jump to the extension write-up, and see that VS Code's same-day support post landed as a product integration, not just a standards discussion. ClaudeDevs' beta details also quietly make this broader than Claude chat alone, because the same connector access is meant to carry across Claude Code and Cowork.

Anthropic's pitch is simple: move MCP connector authorization up to the enterprise identity layer.

The thread says admins can centrally authorize MCP connectors for an organization, which removes per-user OAuth setup and repeated consent screens on first use. A follow-up in the same thread says the control point stays in the identity provider, which gives admins one place for policy and access management instead of connector-by-connector approvals.

The first rollout is narrow, but concrete.

The beta currently names:

• Okta as the identity provider
• Asana
• Atlassian
• Canva
• Figma
• Granola
• Linear
• Slack
• Supabase

The same post says Slack is "coming soon," even though Slack already appears in the connector list, which suggests the beta inventory and rollout timing were still being updated as the thread went live. Anthropic also says access should stay consistent across Claude chat, Claude Code, and Cowork.

VS Code turned the spec work into a day-one client integration.

The post says developers can access organization-approved MCP servers with a work account, without repeated OAuth setup or connector-by-connector consent flows. That makes the announcement more than a Claude-specific feature, because the same enterprise auth model is already being picked up by another MCP client.

Anthropic says the authorization layer is an MCP extension that any client, server, or identity provider can adopt.

That open framing matters because auth has been one of the obvious rough edges in MCP's plugin story. In zeeg's reply, a developer building in the space said "MCP+Auth is still the hang up" for making the plugin experience work well. Anthropic's extension does not solve every deployment problem on its own, but it is a direct standards-level attempt at the bottleneck other MCP builders were already describing.