Skip to main content
Early access. This feature is in early access, which means it’s undergoing ongoing testing and development while we gather feedback, validate functionality, and improve outputs. Contact the C1 Support team if you’d like to try it out or share feedback.
Enabling enterprise-managed authorization exposes the admin surfaces for registering MCP servers, enabling scopes, and reviewing the issuance audit. It does not grant any user access on its own — you still register each server, enable its scopes, and bundle them into access profiles before access becomes requestable.

Before you begin

  • Enterprise-managed authorization is in early access. Contact the C1 Support team to have it enabled for your tenant. The toggle below is live only once C1 has enabled the operator rollout for your tenant.
  • You need an admin role to change tenant settings.

Enable enterprise-managed authorization for your tenant

1
Go to Settings in the left navigation and select Cross-App Access under AI.
2
Click Edit in the top right of the Cross-App Access section.
3
Turn on the Enable cross-app access toggle.As the page notes, the issuer is live only when this is on and C1 has enabled the operator rollout for your tenant.
4
Set the Default signing algorithm.This is the algorithm C1 uses to sign tokens for any MCP server that doesn’t override it at the resource server level. The options are ES256 (default), EdDSA, and RS256. The MCP server you issue tokens for verifies C1’s signature at its own authorization server, so choose an algorithm that server can verify. ES256 is the default and the safest choice for broad compatibility; RS256 is also widely supported. EdDSA is available, but verification support is uneven across servers, so confirm the target server supports it before relying on it.
5
Click Save.

Where to go from here