Updated July 2026News + setup guide13 min read

Cursor Team MCP Marketplace: Setup & Governance (2026)

Cursor 3.10’s changelog entry, “MCPs and Organizations in Team Marketplaces,” turns MCP rollout from a per-developer chore into a one-time admin task: configure a Team MCP server once and it shows up in cloud agents, the agents window, IDE, and CLI for every approved teammate. This guide covers exactly what changed, the admin setup steps as documented, how the new organization-group scoping works, and where this product feature stops and protocol-level governance like MCP’s Enterprise-Managed Authorization begins.

Editorial illustration: a single luminous storefront-shaped hub glyph at the center in warm amber, radiating four thin glowing paths outward to smaller rounded surface glyphs, over a deep midnight-navy gradient with faint concentric access rings.
On this page · 16 sections
  1. TL;DR
  2. Why this exists
  3. The pieces, and how they connect
  4. Admin setup, step by step
  5. · Org Groups vs SCIM
  6. What developers see
  7. vs. Enterprise-Managed Auth
  8. What we got wrong
  9. Common mistakes
  10. Limits & who it's for
  11. Community signal
  12. The verdict
  13. The bigger picture
  14. FAQ
  15. Glossary
  16. Sources

TL;DR

Cursor v3.10 (June 30, 2026) lets admins configure a Team MCP server once and distribute it across cloud agents, the agents window, IDE, and CLI — and scope who can see it by organization group.

  • The change: per Cursor’s own changelog, “Admins can now configure Team MCP servers once and distribute them across cloud agents, the agents window, IDE, and CLI.”
  • Access control: Team Marketplaces now support Organization Groups alongside the existing SCIM directory groups, set under Dashboard → Plugins → Team Marketplaces.
  • Developer side: approved servers install from the Customize tab with one click, no hand-edited mcp.json.
  • Plan gate: Teams (one marketplace) or Enterprise (unlimited) — not on Free or individual Pro.
  • What it isn’t: an MCP protocol extension or an authorization system. It’s Cursor-side config distribution — see how that differs from EMA below.

Why this exists

Before this update, standardizing an MCP server across a team meant standardizing a copy-paste. Every developer opened their own ~/.cursor/mcp.json (or the Cursor Settings MCP panel) and hand-entered the same command, args, and environment variables — including any secrets — for every server the team wanted.

That has three predictable failure modes: a new hire re-types every server from a Slack message instead of inheriting anything; a config change means messaging the team a new JSON snippet and hoping everyone pastes it correctly; and IT has no single place to see which servers are actually configured across the org, let alone enforce which ones should be.

Cursor has been building toward closing that gap in stages, not in one release:

VersionDateWhat shipped
2.6Mar 3, 2026Team Marketplaces launch — Teams and Enterprise admins can create private marketplaces to share plugins internally with central governance and access controls.
3.9Jun 22, 2026“Customize Cursor” — the unified tab where developers install what their team has shared with them.
3.10Jun 30, 2026Team MCPs + Organization Groups — Team MCP servers can now be added to Team Marketplaces, and access can be scoped by org group.

Team MCP servers built for cloud agents lived in their own silo — Dashboard → Integrations & MCP — separate from the general plugin marketplace. 3.10 is the release that actually wires the two together, which is why the changelog names both pieces in its title: MCPs, and Organizations, in Team Marketplaces.

The pieces, and how they connect

Five named pieces, and the order they interact in:

  • Team MCP server — the server definition (a command to launch, or a hosted URL) an admin sets up once, under Dashboard → Integrations & MCP.
  • Team Marketplace — the private, per-organization catalog (Dashboard → Plugins) where approved servers and plugins get listed for the team to browse.
  • Marketplace Access — the visibility gate on a marketplace: which Organization Group or SCIM directory group can see it at all.
  • Installation mode — a per-plugin setting: Default Off, Default On, or Required.
  • Customize — the tab, shipped in 3.9, where a developer actually sees and installs what’s been shared with them.
┌───────────────────────────────────────────────────────────────┐
│   Cursor Team MCP Marketplace — one config, four surfaces        │
├───────────────────────────────────────────────────────────────┤
│ Admin                                                             │
│  Dashboard -> Integrations & MCP                                  │
│    configure Team MCP server (once)                               │
│             |                                                     │
│             v   "Add to Team Marketplace"                         │
│  Dashboard -> Plugins   (Default marketplace, auto-created)       │
│    set Installation Mode:  Off / On / Required                    │
│    set Marketplace Access: Organization Group / SCIM group        │
│             |                                                     │
│             v   (only members of the scoped group see it)         │
│ Developer                                                          │
│  Customize tab -> install with one click                          │
│             |                                                     │
│             v   same config now live in:                          │
│  Cloud Agents · Agents Window · IDE · CLI                         │
└───────────────────────────────────────────────────────────────┘

Nothing in that chain is a new MCP primitive. A Team MCP server is an ordinary MCP server; “team” describes how Cursor’s dashboard distributes the config, not anything the protocol or the server itself knows about.

Admin setup, step by step

Every step below is stated directly in Cursor’s MCP docs and plugins docs. None of it requires a developer to touch a config file.

  1. Configure the server. Under Dashboard → Integrations & MCP, add your Team MCP server the way you’d define any MCP server — a command to launch, or a hosted URL. This already makes it available to cloud agents; that part of the flow predates 3.10.
  2. Link it to a marketplace. Still under Integrations & MCP, find the server listed under Team MCP Servers and select Add to Team Marketplace. If the org has no marketplace yet, Cursor creates a “Default” one and links the server to it automatically.
  3. Set who can see it. Open Dashboard → Plugins, open that marketplace, and under Marketplace Settings → Marketplace Access choose specific Organization Groups or leave it on the SCIM directory groups it already used.
  4. Choose the installation mode. Default Off, Default On, or Required — set per plugin, covered in full below.
  5. Optional: build a marketplace from scratch. Dashboard → Plugins → Add Marketplace, either empty or via Import from Repo against a GitHub repository of plugins.
  6. Keep it current. Enable Auto Refresh (requires the Cursor GitHub App) so edits pushed to the tracked branch flow through automatically — Cursor re-indexes at most every 10 minutes — or click Refresh by hand.

Org Groups vs SCIM

Two group types can scope a marketplace, and they overlap on purpose rather than by accident. SCIM directory groups are the original, team-level mechanism: membership syncs automatically from your identity provider, scoped to one team. Organization Groups, new in 3.10, are broader — Enterprise admins define them across the whole Cursor organization, not one team, and each group can either sync from SCIM or be managed manually inside Cursor.

Cursor’s docs are explicit that nothing breaks if you ignore this: existing marketplaces keep using their directory groups, and only new assignments need Organization Groups. Team admins always retain access regardless of grouping — and worth repeating because it surprises people, a marketplace with no groups selected is visible to the whole team, not to nobody.

What developers actually see

Everything above is admin-side. From a developer’s seat, the entire feature is one screen: Customize. Approved servers set to Default Off show up there to install with a click; Default On servers are already installed, removable if unwanted; Required servers are there and stay there. No command, no args array, no env block, no restarting the client and hoping the JSON parsed.

One thing the docs don’t spell out: how a Team MCP server’s own secrets — an API key a specific server needs — are handled per developer once it’s installed. Whether each teammate supplies their own credential or inherits the admin’s isn’t documented either way in the pages this guide draws from. Confirm that behavior before you push out any server that’s meant to act as the individual developer rather than a shared service account — more on this in common mistakes.

Team Marketplaces vs. Enterprise-Managed Authorization

Both ship in 2026, both target admins, and it’s easy to conflate them. They govern different layers. MCP Enterprise-Managed Authorization (EMA) is a formal MCP protocol extension: an identity provider decides, at request time, whether a client’s token exchange for a given server succeeds. Team Marketplaces are a Cursor product feature: an admin decides which config a developer sees and can install.

Cursor Team MarketplaceMCP Enterprise-Managed Auth
LayerCursor product featureMCP protocol extension
GovernsWhich config a developer sees and can installWhether a live token request succeeds
Works across clientsNo — Cursor onlyYes — any client implementing the extension
Identity sourceOrganization Group / SCIM (Cursor’s own grouping)Enterprise IdP (Okta today), checked per request

They stack rather than compete. Team Marketplaces solve “does this developer have the right config on their machine”; EMA solves “can this identity actually get a token from this server, right now.” A Cursor shop rolling out a remote MCP server org-wide plausibly wants both: the marketplace so nobody hand-types a URL wrong, and an identity-backed authorization step so the access decision isn’t just “the JSON showed up on your laptop.”

What we got wrong

Three assumptions this guide started with, corrected against the actual docs:

  • We assumed a Team Marketplace was the public marketplace with a team filter. It isn’t. cursor.com/marketplace is a public, open catalog anyone can browse. A Team Marketplace (Dashboard → Plugins) is private to the organization; nobody outside it ever sees it exists.
  • We assumed linking a server to the marketplace was the whole job. It isn’t — the docs say plainly that “linking an MCP server to a marketplace does not install or enable it for everyone.” Skip the installation-mode step and you’ve published a server nobody has installed anywhere.
  • We assumed “Team MCP” was a new MCP-spec concept, on the same footing as EMA. It isn’t. A Team MCP server carries nothing special at the protocol level — it’s Cursor’s own distribution plumbing wrapped around an entirely ordinary MCP server.

Common mistakes

  • Leaving Marketplace Access empty on a “soft launch.” An empty group list doesn’t mean nobody sees it — it means the whole team does. If you want a limited pilot, set the group before you publish, not after.
  • Expecting a GitHub-backed marketplace to update live without Auto Refresh. Without it (and the Cursor GitHub App installed), changes sit until someone clicks Refresh. Even with Auto Refresh on, re-indexing happens at most every 10 minutes — plan around that, don’t assume instant propagation.
  • Assuming a switch to Organization Groups migrates old marketplaces automatically. It doesn’t. Marketplaces already scoped to SCIM directory groups keep that configuration until an admin deliberately adds Organization Groups.
  • Rolling out a per-user-secret server team-wide before checking how credentials propagate. If a server needs to act as each individual developer — not a shared bot account — test with one server and one non-critical account first. The docs this guide checked don’t document per-user secret handling either way.
  • Treating installation as governance. Getting a server onto every laptop is not the same as controlling what an agent does with it once connected. See the audit gap in the next section.

Limits & who it’s for

Good fit

  • Teams standardized on Cursor, on Teams or Enterprise plans
  • Admins tired of re-sending JSON snippets by hand
  • Orgs that want one visible catalog of approved servers

Poor fit

  • Mixed-client teams — Claude Code or VS Code seats get nothing from this
  • Anyone who needs a real audit trail of tool calls
  • Free or individual Pro accounts — no Team Marketplaces at all

The audit gap is worth naming directly. Nothing in Cursor’s plugin or MCP docs describes logging which developer ran which tool call through a Team MCP server, or what changed as a result. The feature controls distribution: who can see and install a config. It has no visibility into what an agent does after that — so if you need a real audit trail of tool calls, plan to add it at the MCP-server or gateway layer yourself.

Plan gate, for completeness: Teams accounts get one team marketplace, Enterprise accounts get unlimited marketplaces, and neither Free nor individual Pro plans have the feature.

Community signal

Reaction to the specific 3.10 line item has been modest — it shipped as one entry in a fast-moving changelog, not a standalone launch. The clearest developer response came as a quote-tweet the day after release:

That take reads the feature as an infrastructure bet, not a convenience tweak — a step toward teams defaulting to fleets of cloud agents rather than one developer, one IDE session. The more skeptical read came from an independent hands-on review of Cursor’s broader plugin marketplace, which landed on a measured verdict:

But they're not a brand new breakthrough that you couldn't do before this system.

Engincan Veske · Blog

Hands-on review of Cursor's plugin marketplace, installing the Notion, Figma, and Team Kit plugins.

Source

Both critical voices point at the same underlying fact: the marketplace makes existing capability easier to discover and roll out, it doesn’t add a new governance primitive underneath it.

The verdict

Our take

Turn on Team MCP Marketplaces if your team already lives in Cursor and you’re tired of pasting the same mcp.json into every new laptop — it’s a genuine, one-time-setup fix for a common and real pain. Don’t mistake it for enterprise MCP governance: it distributes configuration, it doesn’t authorize requests or log tool calls. Pair it with your identity provider’s own controls, or EMA where your stack supports it, for the piece that actually gates access at request time — and confirm how per-user secrets behave before pushing out anything sensitive team-wide.

The bigger picture

2026’s enterprise MCP tooling is splitting into two layers, built by different parts of the ecosystem. Protocol-level authorization — EMA — is client-agnostic by design: any MCP client can implement it, and it plugs into whichever identity provider the org already trusts. Product-level distribution — Team Marketplaces — is the opposite bet: fast to ship, immediately useful, and entirely Cursor-shaped. Nothing about a Team Marketplace config travels if half the team switches to a different client next quarter.

That trade is worth stating plainly rather than glossing over. Centralizing MCP configuration buys consistency and predictability for admins. It spends some of the flexibility that made MCP appealing in the first place — the idea that any developer could wire up any server in minutes without waiting on a platform team. Cursor shipped this in three visible steps over four months (2.6 → 3.9 → 3.10), which cuts both ways: the feature is improving fast, and it’s also still a moving target for anyone documenting or depending on it.

For further reading on the protocol side of this split, see our MCP primer and our breakdown of Enterprise-Managed Authorization. For how Cursor stacks up against other AI coding IDEs more broadly, see Cursor vs Windsurf vs Antigravity vs Kiro.

Frequently Asked Questions

What did Cursor's v3.10 update actually change?

Released June 30, 2026, Cursor 3.10 lets admins configure a Team MCP server once and distribute it across cloud agents, the agents window, IDE, and CLI via Team Marketplaces. It also added organization-group-based access control for marketplaces, alongside the existing SCIM directory group option.

How do I set up a Team MCP server for my team in Cursor?

Configure the server under Dashboard → Integrations & MCP, then select "Add to Team Marketplace" next to it. Cursor auto-creates a Default marketplace if you don't have one yet. Open Dashboard → Plugins to set its installation mode and who can access it.

Do developers need to write mcp.json to use a Team MCP server?

No. Once an admin approves it, developers open Customize in Cursor and install it with one click — no command, args, or env block to type by hand. Removing that manual step for every teammate is the entire point of the feature.

What's the difference between Team Marketplaces and MCP Enterprise-Managed Authorization (EMA)?

Team Marketplaces are a Cursor-only product feature that distributes server configuration to developers. EMA is a formal MCP protocol extension that governs whether a client's live token request to a server succeeds, and works across any client that implements it, not only Cursor.

Does adding a server to the Team Marketplace install it for everyone automatically?

No. Cursor's docs are explicit that linking a server to a marketplace "does not install or enable it for everyone." You still set an installation mode — Default Off, Default On, or Required — before anyone gets it.

What plan do I need for Team Marketplaces?

Teams or Enterprise. A Teams account gets one team marketplace; Enterprise accounts can create unlimited marketplaces. Free and individual Pro plans don't have this feature at all — it's an org-management surface, not a personal one.

Can I restrict a Team Marketplace to just one group of employees?

Yes, under Marketplace Settings → Marketplace Access, scoped to specific Organization Groups or SCIM directory groups. Leave that list empty and you get the opposite of restricted: the docs confirm a marketplace with no selected groups is visible to everyone on the team.

Glossary

Team MCP server

An MCP server an admin configures once under Dashboard → Integrations & MCP so it can be shared with the whole team instead of each developer configuring their own copy.

Team Marketplace

A private, per-organization catalog of approved plugins and MCP servers, created and scoped under Dashboard → Plugins. Not the same thing as Cursor's public marketplace.

Marketplace Access

The group-based visibility setting that controls who can see and install from a given Team Marketplace.

Organization Group

An Enterprise-admin-defined cohort of users spanning the whole Cursor organization, not just one team. Can sync automatically from an identity provider (SCIM) or be managed manually.

SCIM directory group

The legacy, team-level group type Team Marketplaces used for access control before Organization Groups. Existing marketplaces keep this unless an admin changes it.

Installation mode

Per-plugin rollout setting: Default Off (opt-in), Default On (installed but removable), or Required (installed and locked).

Customize

The Cursor tab, shipped in v3.9, where developers see and install the MCP servers, plugins, and skills their admin has shared with them.

Cloud agent (Cursor)

An always-on Cursor agent that runs remotely rather than inside your local IDE session.

Auto Refresh

A marketplace setting that re-indexes a GitHub-backed marketplace automatically, at most every 10 minutes, when the tracked branch changes.

MCP (Model Context Protocol)

The open protocol that lets an AI client call tools and read context from a server. Unaffected at the protocol level by Team Marketplaces — a Team MCP server is an ordinary MCP server.

EMA (Enterprise-Managed Authorization)

A separate, formal MCP extension that lets an identity provider govern whether a user's client can get a live token from an MCP server. See our dedicated guide.

Sources

Primary

Community & critical voices

Internal links

Keep reading

Found an issue?

If something in this guide is out of date — Cursor changes its dashboard UI often — email [email protected] or read more on our about page. We keep these guides current.