The exchange that powers EMA has to start somewhere: a client takes the ID token it got from SSO and trades it at the IdP for an ID-JAG. EMA-aware clients like Claude, Claude Code, Cowork, and VS Code do this themselves.
Now count the clients in your organization that aren't on that list. The internal agent your team built in Q1. The CI job that calls an MCP server to file tickets. The scripts, the notebooks, the older MCP clients, the vendor tool that won't ship EMA support until next year, if ever. Every one of them holds an API key or OIDC client credential, often on a user's desktop.
That's the first gap: **the downstream resource requires an ID-JAG, and the client can't produce one.** The MCP server did the right thing. The IdP is ready. And the request still fails at the front door.
Now flip it around. Plenty of MCP servers won't accept an ID-JAG. The one your data team stood up last quarter. The third-party server on its own EMA timeline, if it has one at all. The SaaS tool that authenticates with its own token and has no reason to care about your IdP. A compliant client produces a perfectly good ID-JAG, and the server has nowhere for it to land. That's the second gap: **the client did everything right, and the server can't meet it.** Same failure, mirror image: the IdP is ready, the client did its part, and the request still dies at the door.
Two gaps, mirror images of each other, one root cause. A standard only works when both ends speak it, and your internal fleet is behind on both.
The options look grim. Retrofit the token exchange into every internal client, and stand up a compliant authorization server in front of every internal server: security-critical OAuth code, duplicated across codebases in five languages, on both ends. Or carve out exceptions so the stragglers bypass EMA, which quietly recreates the credential sprawl you adopted EMA to kill. Or wait, and let half your fleet sit unreachable behind a standard it can't speak.
This isn't a new problem. It's where API authentication stood a decade ago, when every service and client implemented its own auth and every implementation drifted. The industry's answer then is the answer now: cross-cutting security belongs at the traffic layer, not scattered through application code. Connectivity is infrastructure. It was true for APIs. It's true for tokens.