Expanded MCP and AI IAM event coverage

May 19, 2026

Aembit has expanded the event coverage and reporting surfaces for troubleshooting MCP and AI IAM failures:

New access.discovery event type: Access Authorization Events now include an access.discovery event that lists the Client Workloads and Server Workloads Aembit Cloud considered during evaluation. Use it to diagnose requests that match no workload or policy, or that match multiple. See Access Discovery events.
User identity on MCP Workload Events: MCP Workload Events now include a userId field at application.mcp.userId for flows that involve a human identity, such as MCP Authorization Server flows. The Workload Events view exposes a matching User (MCP App Protocol only) filter for per-user investigations and SIEM scoping.
Trust Provider failures emit at Error severity: Trust Provider attestation failures in MCP flows now emit at Error severity rather than warning, so SIEM alerts that watch for Error events catch real authorization failures reliably.
Clearer expired-credential explanations: The access.credential event’s reason now identifies which token expired and at which step, making it easier to decide between re-authentication, credential refresh, or Credential Provider reconfiguration.
MCP Authorization Tracing view: A new live diagnostic view in the Reporting dashboard surfaces inbound authorization requests at the MCP Identity Gateway in real time, with the redirect URI, resource, matched Client Workload, and policy outcome for each request. See MCP Authorization Tracing.

For an end-to-end investigation flow that uses these reporting surfaces together, see Troubleshoot MCP and AI IAM access.

Tags: