Authorization plane
MCP Enterprise-Managed Authorization (EMA)
The zero-touch MCP authorization extension: an identity provider mints an ID-JAG grant at sign-in and the client exchanges it for an MCP access token, with no per-user OAuth consent. Built on the Cross-App Access (ID-JAG) grant we already detect.
Tracked. We are watching this standard evolve.
What it answers
What may it do, and on whose behalf?
MCP Enterprise-Managed Authorization (EMA) sits in the authorization plane of the agent-interop stack. What may it do, and on whose behalf? AxioRank tracks it as one row in a coverage matrix that spans six planes, from discovery and identity to authorization, content permission, and commerce.
Plane
Authorization
Status
watching
Direction
outbound
How AxioRank handles it
Governed, not just listed.
Tracked. We are watching this standard evolve. Outbound: when the agents you run reach out to other agents and services.
More authorization protocols
Related protocols
Govern the whole agent stack
AxioRank verifies identities and capabilities across the agent ecosystem, from discovery to commerce. See the full coverage matrix, machine-readable.