MCP Enterprise Authorization: the missing piece for bringing AI agents into Italian SMEs
For two years the question I heard most often from SMEs was always the same: "the AI agent is great in demos, but how do we let it touch our CRM, our email, our ERP, without handing the keys to a cloud service?". The technical answer existed — it was called MCP, Model Context Protocol — but the operational answer for businesses without a full-time IT team did not exist. On 18 June 2026 something important changed: the stable release of the Enterprise-Managed Authorization for MCP shipped, and it is exactly that missing piece. A single login activates all agents, accesses are tracked, revocation is centralised. In this article I look at what MCP is, why this update matters even for a 15-person SME, and the practical path to adopting it.
🔍 What MCP is and why it was already important (but incomplete)
MCP stands for Model Context Protocol: it is the open standard, launched by Anthropic in late 2024 and adopted in 2025 by Microsoft, AWS, OpenAI, and Google, that allows an AI model to connect to external tools in a uniform way. Without MCP, every integration between an agent and a business system was a hand-built integration. With MCP, Claude, Copilot, or Gemini speak the same language with the CRM, email, or ERP.
To put the scale in perspective: by April 2026 Anthropic counted over 10,000 active public MCP servers and 97 million monthly downloads of the Python and TypeScript SDKs. 41% of software organisations have MCP in production, to some degree (source: Stacklok 2026 software report). On the technical side the protocol was ready. On the operational side, for a business, the most important piece was still missing: how to manage identities, permissions, and revocation when an employee joins, changes role, or leaves.
Until a few weeks ago the situation was: each MCP server had its own OAuth flow, each user had to authorise it individually with their own account, and when someone left the company revoking all their accesses was a manual task. For a large enterprise that is manageable. For an SME of 15–50 people, it was the reason serious AI projects stalled at the proof-of-concept stage.
🗓️ What changes on 18 June 2026: Enterprise-Managed Authorization
The Enterprise-Managed Authorization extension for the Model Context Protocol, declared stable on 18 June 2026, moves the control point from the individual user to the corporate identity provider — Okta, Microsoft Entra ID, Google Workspace. The administrator configures once which MCP servers are approved, and on first login the user finds everything already connected. No need for a hundred OAuth flows. No need for personal accounts glued to company systems.
The maintainers at Anthropic, AWS, Microsoft, and OpenAI had identified authorization enforcement as the most critical enterprise requirement of 2026. The extension addresses three concrete needs: integrated SSO (one and only one login), centralised audit trail (every agent call to a system is logged), and gateway controls (policies are written once and apply to everyone).
Anthropic, Microsoft, and Okta have already adopted the extension, and a growing number of MCP servers are following. For the first time an SME can tell its AI agent to read a salesperson's email or update a CRM record with the same confidence that an employee opens the VPN.
MCP before — OAuth per server
- Each MCP server with its own separate OAuth flow
- User authorises every connector manually
- Personal accounts connected to company systems
- Revocation on departure: manual work for IT
- Logs scattered across each server
MCP after — Enterprise-Managed Auth
- Central provisioning from the identity provider
- One SSO login activates all approved connectors
- Company accounts with role-based permissions
- Immediate revocation from the IdP, everywhere
- Centralised and auditable audit trail
Source: modelcontextprotocol.io blog — Enterprise-Managed Authorization.
🎯 Why an SME should care about this today
Three practical reasons, not abstract ones. First: AI without business data is entertainment. An agent that can answer questions about the internet but does not know that invoice 2026-0142 is overdue, or that customer Rossi has opened three tickets, does not move the needle. Only integration saves real hours.
Second: so far, SMEs that have seriously tried AI have settled on an uncomfortable compromise — copy-pasting from their systems into the chatbot. It is inefficient, risky (see the shadow AI problem), and impossible to govern. With enterprise-managed MCP that compromise is no longer needed: the agent accesses data in a controlled and traceable way.
Third: the adoption cost drops dramatically. Previously each integration had to be built individually, each with its own authentication, each with its own maintenance. Today, if the ERP or CRM vendor exposes an MCP server — and increasingly they do — the SME connects it in minutes from their own Okta or Entra ID, just once.
Sources: Anthropic stats April 2026, Stacklok 2026 software report, MCP roadmap 2026.
💡 Three concrete scenarios for SMEs of 10–50 people
Scenario one — professional services firm (accountants, lawyers, consultants). The AI agent reads incoming email, classifies by matter, drafts a reply, and updates the timesheet. Without Enterprise-Managed Auth: three separate OAuth flows, the owner's personal account connected to the system. With it: a single Workspace login, the agent has access only to the folders of the assigned matter, and the log shows exactly what it read and what it wrote.
Scenario two — manufacturing company with separate CRM and ERP. The salesperson asks "draft the proposal for client Bianchi based on the latest orders and the three open quotes". The agent, via two MCP servers — one for the CRM, one for the ERP — retrieves the data and produces the draft. Operations can see in the audit which account generated what, without having to ask.
Scenario three — digital services / software house. The support team handles tickets. The agent reads the support inbox, searches the internal knowledge base (an MCP server pointing to the wiki), and opens a task on Linear (another MCP server). Three integrations, a single authentication gesture — logging into the identity provider. When a team member changes role, permissions update just once.
- 01Week 1 — system inventoryWhich systems (CRM, email, ERP, drive) an agent should read or update. Start with 1–2 use cases, not everything at once.
- 02Week 2 — identity providerVerify/activate the identity provider (Okta, Microsoft Entra, Google Workspace). Without an IdP, no Enterprise-Managed Auth.
- 03Week 3 — MCP serversConnect the vendors' MCP servers (CRM, ERP): a few minutes per server, a single central configuration.
- 04Week 4 — first agent in productionLaunch a first agent — for example email classification — with permissions scoped to that use case only and logs active.
🏢 What to do if the company already has AI in use
Many SMEs are not starting from scratch: they already use Claude, ChatGPT, or Copilot and have been for a few months, perhaps on Team or Enterprise plans. For them the arrival of Enterprise-Managed Authorization is a precise opportunity: shifting the trust layer. Until now individual employees connected to connectors with their own accounts; from today that connection can become company-owned, governed by the IdP.
The first step is not technical, it is organisational: identify an AI lead and carry out an inventory of connectors already active. Almost always the list is longer than expected. From there, decide what to promote to an enterprise-managed connection and what to simply shut down. The AI policy that many SMEs drafted in the first months of 2026 finds its operational implementation here.
- Run the inventory of OAuth connectors currently active on Claude, ChatGPT, Copilot — quick to do from the admin panels.
- Check the identity provider: is SSO already in use? If yes, adoption is a configuration task. If not, activating the IdP is the prerequisite.
- Pick 1–2 use cases with high value and low risk for the first enterprise-managed agent (e.g. email classification, quote summarisation).
- Define the audit trail: who reviews it, how often, with what alert thresholds — 30 minutes a month of review is better than zero logs.
Frequently asked questions about MCP enterprise authorization SMEs
Is MCP Enterprise-Managed Authorization only for large enterprises, or also for SMEs?
It was designed for large enterprises, but the real benefit is felt more by SMEs. The reason is that in an SME there is no dedicated IT team to manage dozens of OAuth flows and revoke accesses manually. Having a single identity provider orchestrate all MCP connectors eliminates work that, for an SME, was simply not sustainable. If the company already uses Google Workspace or Microsoft 365, the prerequisite is already met.
What do you actually need, in practice, to get started with enterprise-managed MCP in an SME?
Three things. One. An identity provider already active — almost always Google Workspace or Microsoft Entra ID. Two. At least one MCP server from your systems: CRM, ERP, and cloud suite vendors are all publishing their own. Three. A precise, small use case — not "AI everywhere", but for example "the agent drafts the proposal from CRM data, a person reviews it". From there you expand.
What is the difference between MCP and a hand-built API integration?
MCP is a standard; a custom API is a one-off integration. With MCP your CRM, once exposed, is usable by Claude, Copilot, or Gemini without writing any additional code. Furthermore, with the Enterprise-Managed Authorization extension, you no longer have to manage tokens and refresh flows yourself: the identity provider does it. Hand-built integrations remain useful for very specific cases, but for the majority of SME workflows MCP is faster, more secure, and more maintainable over time.
Let's talk
If this topic is relevant to you, write to me: comparing notes on code and AI is always time well spent.