AI & MCP
MCP authorization: Roll out AI to every team, safely
Tiago Zien-Mendes
April 17, 2026 - 4 min read
For most companies, MCP is currently beyond the control of IT. Developers install servers on their own laptops. Teams wire up connections in whichever client they happen to use. Security has no visibility into what is being accessed, and IT has no mechanism to enforce policy on any of it. The result is the AI equivalent of shadow IT, rolled out at the pace of every new agent someone decides to try.
Today Speakeasy ships the layer that puts IT back in charge. MCP authorization lets you define roles, assign them to people, and scope access to specific MCP servers. Paired with the Speakeasy MCP registry, it lets IT stand up a single, sanctioned directory of MCP servers for the whole company and trust that it is correctly configured for every person who connects to it.
How it works
Three concepts to know.
System roles. Speakeasy ships with two default roles that cover the common cases out of the box: admin & member. Admins can do everything. Members can utilize the organization MCP servers that are permitted for their account. Most orgs start here, and for most teams the defaults are enough on day one.
Custom roles. As rollouts mature, the defaults can be adjusted and extended. An admin can define a new role, pick the exact permissions it grants, and assign it to specific people. Permissions are expressed as scopes like mcp:read, mcp:connect, mcp:write, build:read, build:write, and org:admin, so roles can be composed precisely. An “E-commerce MCP user” role, for example, can be limited to connecting to a single server and nothing else.
Per-server scoping. When you grant a permission like mcp:connect, you do not have to grant it across every MCP server in the organization. You pick the servers. That is what makes it safe to run an HR assistant and a production database MCP side by side in the same registry. The people with access to one are not automatically on the other.
The effect is a directory that fits how real organizations work. Engineering gets broad access. Product gets the analytics and customer research servers. Sales gets the CRM. Security gets visibility into all of it through the audit log. Nobody sees what they should not.
Identity provider sync
Roles and permissions are only useful if they stay in sync with the rest of your identity infrastructure. Speakeasy plugs in directly.
Single sign-on and SCIM-based provisioning from your identity provider are both supported. Group membership in Okta, Entra, or whichever IdP you use flows through to Speakeasy roles automatically. Employee joins a team, the right access shows up. Employee leaves, it disappears. No wiki. No manual cleanup.
What’s next: tool-level authorization
Today authorization lives at the MCP server level. That is the right granularity for most use cases. Most teams want sets of servers, not micromanaged tool lists that break every time a tool is renamed.
The next layer down is on the roadmap. For the cases that need it, we will be adding tool-level scoping inside a server, so you can grant read-only tool access on a server where others have write. The underlying model already supports it. We are being deliberate about when to expose it so that it helps more than it gets in the way.
Get started
MCP authorization is rolling out to all organizations this week. Existing members are migrated into the default system roles, so nothing breaks. From there, admins can define custom roles, scope them to specific servers in the registry, and assign them to the right people.
The fastest path is to sign in, head to the Roles & permissions page in your org settings, and create your first custom role.
Planning an org-wide AI rollout? Book time with our team and we’ll walk through it with you.