Enterprise adoption of the Model Context Protocol is accelerating — but the path from "MCP works on my laptop" to "MCP is running securely across our organization" is windy and challenging. The reality is that building MCPs isn’t particularly hard. Instead, the challenges are around OAuth, identity sprawl, and the governance requirements your security team will eventually land on your desk.
The core insight is straightforward: MCP servers should focus on tools, resources, and prompts — not rebuilding OAuth infrastructure from scratch every time. A dedicated identity and governance control plane can absorb that complexity once, rather than forcing every server to solve it independently.
In this workshop, we will:
Break down the authentication challenges blocking enterprise MCP adoption — OAuth scopes, dynamic client registration, token lifecycle management, and why static-only providers like Microsoft Entra are their own special headache
Show how consolidating identity into a control plane changes your architecture from a sprawl of redundant auth implementations into something actually manageable
Work through real governance scenarios: integrating remote MCP servers with an enterprise IdP, scoping tool access by user group, and applying controls at the individual tool level
Look at what central auditing and token revocation give your security team — and why that matters for getting MCP approved for production
Cover filtering strategies for PII exposure and prompt injection on MCP tool calls
You'll leave with a clearer picture of the architectural decisions ahead of you, and a better sense of what your security team is going to ask for before they sign off on any of this.
Pre-registration and additional fee is required. To register: add it to your
MCP Dev Summit North America registration.
