Enterprise Managed Authorization (EMA) for MCP only validates who can connect to agent tools, leaving per-action runtime decisions unaddressed. This post explains how to build or buy a runtime authorization gateway that enforces policy for every agent tool call and delivers required audit trails for enterprise compliance.
Enterprises adopting MCP quickly discover that Enterprise‑Managed Authorization stops at the connection layer, leaving every tool call unchecked. The spec, stable since June 18 2026, moves the “who may connect” decision into the corporate IdP but explicitly states the IdP never sees MCP traffic, so per‑action decisions are left entirely to the implementer (EMA spec). Under the hood EMA relies on three standard pieces — an OIDC/SAML login, an RFC 8693 token exchange for an ID‑JAG, and an RFC 7523 JWT bearer grant for the access token (EMA components). That architectural boundary is the reason you need a second gateway that sits in the data path and evaluates every agent action at runtime.
The governance gap is not theoretical. Only one in five enterprises has a mature governance model for autonomous agents, while 75 % of large‑enterprise leaders cite security, compliance, and auditability as their top concerns, yet just 12 % run centralized AI governance (governance maturity). The market reflects the urgency: the enterprise AI governance market is projected to hit $3.4 billion in 2026, 40 % of enterprise applications will embed agents by 2026, over 40 % of agentic projects are expected to be cancelled by 2027 for lack of controls, and 25 % of breaches could be traced to agent abuse by 2028 (market projection).
If you’re running Claude or any MCP‑enabled agent fleet, you already have the connection layer solved by EMA. The next step is a runtime authorization gateway that can intersect agent permissions with the calling user’s permissions, enforce policy before a tool executes, and emit an immutable audit trail. The rest of this post walks through the design, the build‑vs‑buy calculus, and the operational realities of running such a gateway in production.
What a Runtime Authorization Gateway Must Do
A gateway that plugs the EMA gap needs three non‑negotiable capabilities. First, it must consume the ID‑JAG and access token issued by the IdP, then derive the effective permission set for the specific agent‑user pair at call time.
If you enjoyed this, read the full post at SaaS with Alex
Top comments (0)