[FEATURE] Bind org MCP connectors to org-managed Claude accounts (connection-time identity binding)

Open 💬 0 comments Opened Jun 27, 2026 by dan-sotnik

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Problem
When an org gates an MCP connector with SSO + an email allowlist, those checks confirm who the user is but not which Claude account the connection runs in. A user can add the org connector to a personal Claude account, and the OAuth flow is silently satisfied by an existing Google Workspace session in the same browser — no login prompt, no account picker. All server-side checks (email_verified, hd, allowlist) pass legitimately, because the person genuinely is a real org user.

This isn't an auth bypass — the user holds valid org credentials either way. It's a governance gap: org data and tools end up reachable from an unmanaged personal account, outside org admin controls.

Why it matters

  • Org MCP access lands in a personal account not covered by org offboarding, DLP, or admin policy.
  • When the personal account loses org access (offboarding, allowlist change), the connection's posture is unclear.
  • Audit attribution is muddy — actions attribute to the org user but originate from a personal-account container.

Steps to reproduce (today's behavior)

  • Sign into a personal Claude account in a browser.
  • Keep an active Google Workspace session for the org account open in the same browser.
  • Add the org's MCP connector to the personal account.
  • OAuth redirects to Google; the existing Workspace session silently satisfies it — no picker, no login.
  • Token minted. The personal account now operates the MCP as the org identity.

Requested
A connection-time control so org identity can only bind to org-managed Claude accounts.

Notes
Can't be solved on the MCP app server alone — every verified signal is correct by design. The binding has to happen at connection time on the client/org side.

Proposed Solution

  • have a way to register org-level connections that will be available only for specific enterprise.

Alternative Solutions

_No response_

Priority

Medium - Would be very helpful

Feature Category

MCP server integration

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗