[MCP] Add Cloudflare Access as an authorization method

src/content/docs/agents/model-context-protocol/authorization.mdx

@@ -75,7 +75,13 @@ sequenceDiagram
 
 Remember — [authentication is different from authorization](https://www.cloudflare.com/learning/access-management/authn-vs-authz/). Your MCP Server can handle authorization itself, while still relying on an external authentication service to first authenticate users. The [example](/agents/guides/remote-mcp-server) in getting started provides a mock authentication flow. You will need to implement your own authentication handler — either handling authentication yourself, or using an external authentication services.
 
-### (2) Third-party OAuth Provider
+### (2) Cloudflare Access integration
+
+You can use Cloudflare Access as a Single Sign-On (SSO) provider to authorize users to your MCP server. Users log in using a [configured identity provider](/cloudflare-one/identity/idp-integration/) or a [one-time PIN](/cloudflare-one/identity/one-time-pin/), and they are only granted access if their identity matches your [Access policies](/cloudflare-one/policies/access/).
+
+To set up the Cloudflare Access integration, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp/).
+
+### (3) Third-party OAuth Provider
 
 The [OAuth Provider Library](https://github.com/cloudflare/workers-oauth-provider) can be configured to use a third-party OAuth provider, such as GitHub or Google. You can see a complete example of this in the [GitHub example](/agents/guides/remote-mcp-server/#add-authentication).
 
@@ -122,7 +128,7 @@ sequenceDiagram
 
 Read the docs for the [Workers oAuth Provider Library](https://github.com/cloudflare/workers-oauth-provider) for more details.
 
-### (3) Bring your own OAuth Provider
+### (4) Bring your own OAuth Provider
 
 If your application already implements an OAuth Provider itself, or you use [Stytch](https://stytch.com/), [Auth0](https://auth0.com/), [WorkOS](https://workos.com/), or authorization-as-a-service provider, you can use this in the same way that you would use a third-party OAuth provider, described above in (2).
 
@@ -196,7 +202,7 @@ function requirePermission(permission, handler) {
         status: 403
       };
     }
-    
+
     // If permission check passes, execute the handler
     return handler(request, context);
   };
@@ -208,7 +214,7 @@ async init() {
   this.server.tool("basicTool", "Available to all users", {}, async () => {
     // Implementation for all users
   });
-  
+
   // Protected tool using the permission wrapper
   this.server.tool(
     "adminAction",
@@ -221,7 +227,7 @@ async init() {
       };
     })
   );
-  
+
   // Conditionally register tools based on user permissions
   if (this.props.permissions?.includes("special_feature")) {
     this.server.tool("specialTool", "Special feature", {}, async () => {
@@ -231,7 +237,7 @@ async init() {
 }
 ```
 
-Benefits: 
+Benefits:
 - Authorization check at the tool level ensures proper access control
 - Allows you to define permission checks once and reuse them across tools
 - Provides clear feedback to users when permission is denied