Enterprise-Managed MCP Connector Authorization Arrives, Starting With Okta
Anthropic flipped on enterprise-managed authorization for MCP connectors — the feature IT has been asking for since connectors shipped. Admins authorize a connector once through their identity provider, users inherit access through the IdP groups and roles they already have, and the connector is simply there the first time someone opens Claude. No per-user OAuth dance, no account-picker step. Okta is the launch identity provider, with more coming soon.
The payoff is governance plus less foot-gun risk. Access decisions live in the IdP admin console with one auditable trail across every connector, and removing the interactive account-selection step makes it far harder for data to leak between personal and enterprise accounts. Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase support it at launch, with Slack on deck. Early customer Ramp says 2,000 employees are now provisioned through Okta with zero extra steps.
The Regulated-Industries Push Deepens: DXC and TCS Build Out Claude Delivery
Anthropic kept stacking systems-integrator muscle behind Claude this week. DXC Technology will train tens of thousands of Claude-certified forward-deployed engineers to bring Claude into the systems it runs for the world’s largest banks, airlines, insurers, manufacturers, and government agencies. TCS, meanwhile, is rolling Claude to 50,000 of its own employees across 56 countries and standing up a Claude-led business unit to build products for clients in financial services, healthcare, and the public sector.
It’s the same playbook as the KPMG alliance: get Claude embedded where the highly regulated, slow-to-adopt enterprises actually live, through partners those enterprises already trust. The connective tissue is the Claude Partner Network’s new Services Track and Partner Hub, which formalize how integrators get certified and matched to customers.
Workload Identity Federation Is GA — The Static API Key Is on Notice
Workload Identity Federation (WIF) is now generally available on the Claude Platform, and it’s a real shift in how machines talk to the API. Instead of long-lived sk-ant- keys, your workloads — CI/CD jobs, Kubernetes pods, agents — authenticate with short-lived OIDC tokens from an identity provider you already run: AWS IAM, Google Cloud, Microsoft Entra ID, GitHub Actions, SPIFFE, or any OIDC-compliant issuer. There are no static Anthropic credentials to create, rotate, or leak.
Anthropic is pairing WIF with service accounts, so each workload gets its own identity, roles, and audit trail rather than sharing one master key. When a workload requests access, the platform verifies its signed token, matches the claims against your federation rules, and issues a short-lived, role-bounded access token — every exchange logged against that service account. Security folks note it doesn’t solve everything, but it pulls the single most common leak vector off the board.
Claude Code Ships a Bun Upgrade, macOS Sandbox Options, and Prompt-Based Config
The latest Claude Code release is a grab-bag of quality-of-life wins. New flexible prompt-based config commands let you change settings in natural language, and there are fresh macOS sandbox and presence options for tighter control over what the agent can touch. Under the hood, a Bun runtime upgrade should mean faster startup and execution.
Anthropic also improved streaming, retries, subagents, and auth flows, and shipped a wide batch of fixes across startup, file handling, clipboard, model switching, and the UI. None of it is headline-grabbing on its own, but it’s the steady hardening that makes the terminal agent dependable for daily work — and it pairs neatly with the day’s identity theme via the auth-flow improvements.
Claude for Legal: 20+ MCP Connectors and 12 Practice-Area Plugins, Open-Sourced
Anthropic went all-in on the legal vertical, releasing more than 20 MCP connectors and 12 practice-area plugins for Claude — and open-sourcing the plugins under Apache 2.0 on GitHub. The connectors wire Claude into the working parts of the legal stack: contract lifecycle management, document repositories like iManage, e-discovery platforms like Everlaw, and deal rooms, alongside Thomson Reuters, Westlaw, Practical Law, Harvey, DocuSign, Box, and Microsoft 365.
The framing is “bring the matter to Claude.” Connectors pull the documents, communications, and records tied to a specific case into context, while the practice-area plugins package the tasks lawyers run most often into pre-built workflows. Thomson Reuters and the Free Law Project also launched their own MCP integrations, opening both paywalled and public legal data to AI. For in-house teams and smaller firms, an open, hackable starting point lowers the barrier considerably.
Identity Is the New Battleground — and Anthropic Just Claimed Ground
Two of today’s releases rhyme on purpose. Enterprise-managed MCP auth solves identity for humans using Claude; Workload Identity Federation solves it for machines calling the API. Both replace ad-hoc, per-user credential sprawl with centralized, auditable control routed through the IdP a company already runs. That is not a coincidence of the release calendar — it’s a deliberate answer to the single biggest objection security teams raise about agentic AI: who is allowed to touch what, and can you prove it after the fact?
The strategic read: Anthropic is competing on trust, not just capability. Connectors and agents are only useful in regulated enterprises if the access model survives an audit. By making zero-touch provisioning and keyless auth the default story this week, Anthropic is telling CISOs the boring-but-decisive part — governance — is handled. That’s how you turn a pilot into a company-wide rollout.
The Enterprise Hardening Is an IPO Story Too
It’s worth remembering the backdrop: Anthropic confidentially filed a draft S-1 with the SEC on June 1, less than a week after a $65B round reportedly valued it near $965B, with a revenue run rate said to have reached $47B. A company about to face public-market scrutiny wants revenue that looks durable and defensible — not usage that evaporates the moment a security review gets serious.
Seen through that lens, this week’s identity and partner moves are of a piece. Keyless auth, IdP-managed connectors, certified integrators at DXC and TCS, an open-sourced legal suite — these are the things that convert skeptical, regulated buyers into multi-year contracts. The model headlines get the attention, but the enterprise plumbing is what a prospectus is built on.