Descriptions:
WorkOS product lead Garrett Galow — formerly of Microsoft Azure and Cloudflare, and whose platform powers authentication for Anthropic, Cursor, and OpenAI — presents a concrete solution to one of the most persistent friction points in the MCP ecosystem: the cascade of OAuth consent screens developers and employees encounter when connecting AI agents to multiple enterprise tools.
The talk explains why the current MCP authentication model breaks enterprise single sign-on: each MCP server treats every other service as untrusted, forcing repeated per-tool consent flows even when users are already authenticated through a corporate identity provider like Okta. Galow walks through the ID JAG (Identity JWT Authorization Grant) standard as the fix — a token type issued by an IDP that can be exchanged for service-specific access tokens across applications. He demonstrates the full four-step flow live using Claude Code as the MCP client, Okta as the identity provider, and Figma’s MCP server as the resource: the user authenticates once via SSO, and all subsequent cross-app token exchanges happen invisibly in the background.
Beyond developer convenience, the talk makes a strong case for the IT governance benefits: enterprise security teams currently have no visibility into which MCP servers employees connect to and cannot enforce access policies, a gap that becomes acute as agentic tools proliferate. The architecture Galow describes addresses both problems simultaneously, making it relevant to anyone building or deploying MCP-connected agents in enterprise environments.
📺 Source: AI Engineer · Published April 28, 2026
🏷️ Format: Deep Dive
