Okta launches Cross App Access, a new OAuth-based protocol giving IT teams control and visibility over AI agent and app-to-app interactions.
Okta, Inc., the leading independent identity provider, unveiled Cross App Access, a new protocol built on OAuth aimed at securing AI agent interactions across systems. This innovation offers IT and security teams enhanced visibility and granular control over both agent-driven and app-to-app connections, enabling them to define precisely which apps AI agents can access and what data they may utilize.
Why This Matters
-
AI solutions increasingly employ protocols like Model Context Protocol (MCP) and Agent2Agent (A2A) to link learning models with enterprise apps such as Google Drive and Slack. Currently, these integrations require manual user logins and consent for each connection.
-
Lacking centralized oversight, these app-to-app connections generate blind spots in enterprise security, expanding a perimeter that is hard to monitor.
-
The rise of autonomous AI agents—acting unpredictably across systems—compounds this risk, as they may trigger actions and interact with critical data without proper governance.
-
Most existing security frameworks are ill-equipped to handle the scale and autonomy of AI agents. While MCP brings transparency, it doesn’t control access—a gap Cross App Access fills.
Leadership Insight
“While we’re actively working with the MCP and A2A communities to improve AI agents’ functionality, their increased access to data and the explosion of app-to-app connections will create new identity security challenges,” said Arnab Bose, Chief Product Officer, Okta Platform.
“With Cross App Access, Okta is excited to bring oversight and control to how agents interact across the enterprise. Since protocols are only as powerful as the ecosystem that supports them, we’re also committed to collaborating across the software industry to help provide agents with secure, standardized access to all apps.”
Also Read: Trellix Boosts Cyber Resilience via Deeper AWS Ties
What Cross App Access Brings
Partnering with top Independent Software Vendors (ISVs), Okta is launching this protocol to empower enterprises with:
-
Secure, enterprise-grade integrations — connects AI workflows and apps under well-defined guardrails.
-
Improved user experience — eliminates repetitive consent prompts while maintaining transparency.
-
Robust security and compliance — shifts access governance to Okta, reducing token sprawl and improving auditability.
Cross App Access will be available to select Okta Platform customers in Q3 2025, helping ISVs streamline AI integrations, while giving enterprises full audit logs and centralized access policies.
How It Works
-
Today, an AI tool that needs access to a messaging app forces a user to sign into both tools separately via SSO and consent manually to each integration.
-
With Cross App Access, the AI agent requests access directly from Okta.
-
Okta evaluates it against enterprise policies, issues a secure token, and the messaging app validates it—all without additional user interaction.
-
Every access event is logged for transparent governance.
Benefits for Key Stakeholders
For ISVs
Current access flows rely on user-driven tokens and fragmented controls, creating visibility issues and security risks—especially as AI agents scale.
Cross App Access centralizes access control at the identity provider, simplifying integration complexity, reducing risk, and ensuring compliance.
For Enterprises
Organizations struggle with manual token provisioning and inconsistent standards. This hampers AI adoption and exposes critical security gaps.
Cross App Access improves both security and usability, enabling seamless agent behavior under IT governance; enterprises benefit from interoperable, secure AI deployments
