Okta Unveils Cross App Access: A New Protocol to Secure AI Agents in the Enterprise
In an era where artificial intelligence (AI) is transforming how enterprises operate, securing the interactions of AI agents across systems has become a critical challenge. Okta, Inc. (NASDAQ: OKTA), a leading independent identity partner, has announced the launch of Cross App Access, a groundbreaking protocol designed to bring visibility, control, and security to AI agent interactions within enterprises. This new protocol extends the capabilities of OAuth, enabling IT teams to manage what apps are connecting and what data AI agents can access.
The Growing Challenge of Securing AI Agents
As AI tools proliferate, protocols like Model Context Protocol (MCP) and Agent2Agent (A2A) are increasingly used to connect AI models to enterprise data and applications. However, these connections often rely on manual processes that create significant security gaps. For example, when an AI agent needs to integrate with apps like Google Drive or Slack, users must manually log in and grant consent for each integration. These app-to-app connections occur without centralized oversight, leaving IT and security teams blind to potential risks.
The rapid growth of AI agents exacerbates this issue. These agents introduce non-deterministic access patterns, crossing system boundaries, triggering actions autonomously, and interacting with sensitive data. Traditional identity standards and security controls are ill-equipped to handle their autonomy, scale, and unpredictability. While MCP enhances transparency and communication between agents, it does not address the fundamental issue of managing access securely.
“While we’re actively working with the MCP and A2A communities to improve AI agents’ functionality, their increased access to data and the explosion of app-to-app connections will create new identity security challenges,” said Arnab Bose, Chief Product Officer of Okta Platform at Okta. “With Cross App Access, Okta is excited to bring oversight and control to how agents interact across the enterprise. Since protocols are only as powerful as the ecosystem that supports them, we’re also committed to collaborating across the software industry to help provide agents with secure, standardized access to all apps.”
Introducing Cross App Access
Okta, in collaboration with industry-leading Independent Software Vendors (ISVs), has developed Cross App Access to address these challenges. Anticipated to be available for select Okta Platform customers as a feature in Q3 of this year, this protocol enables ISVs to deliver secure, enterprise-ready integrations in an AI-powered world. It streamlines the process for enterprise customers to connect their AI tools to other apps and data, while enhancing both security and user experience.
How It Works
Consider an AI tool that needs to access an internal communication app to retrieve information or perform actions on behalf of a user. Without Cross App Access, the user must log into the AI tool via their company’s Single Sign-On (SSO) and then manually approve each integration by logging into and consenting to the internal communication app separately. This cumbersome process must be repeated for every required application, such as file storage services or project management tools. Moreover, each consent and access point remains invisible to the enterprise.
With Cross App Access, the AI tool can request access to the internal communication app through Okta. Okta evaluates the request against enterprise policies to determine if the tool is authorized to access the specific user’s data. If approved, Okta issues a token to the AI tool, which it presents to the internal communication app for validation. Once validated, the app grants access—all without additional user interaction and under enterprise-defined security controls. This ensures that the enterprise retains full visibility into when and how the AI tool accesses the app on behalf of the user.
Benefits for ISVs
ISVs face mounting pressure to deliver secure, seamless cross-app experiences for their enterprise customers. However, existing identity and access flows are often inconsistent, fragmented, and difficult to scale. These integrations typically rely on risky token exchanges and user-granted access, leading to token sprawl and visibility gaps. As AI agents begin to autonomously connect across systems, the complexity and associated risks only increase.
Cross App Access addresses these challenges by enabling ISVs to deliver secure, enterprise-grade integrations for AI agents and other autonomous systems, such as workflow automation tools. By shifting access control to the identity provider—like Okta—ISVs can reduce security risks, simplify integration complexity, and better support their customers’ compliance and governance needs.
Benefits for Enterprises
For enterprises, integrating AI tools with existing data and systems presents significant hurdles. Many organizations currently rely on ad hoc methods like long-lived tokens and fragmented access controls, making these integrations inherently risky. The lack of visibility and control over how AI agents access data across apps has slowed AI adoption.
Beyond security concerns, the user experience is also impacted. When AI agents cannot act seamlessly on behalf of users due to repetitive and outdated authorization flows, productivity suffers.
Cross App Access solves these problems by empowering IT teams to manage agent access while enabling low-friction experiences for users. It supports secure interoperability between apps and AI systems, making it easier for enterprises to adopt innovative ISV solutions without compromising oversight or performance.
A Step Toward a Secure AI-Powered Future
By introducing Cross App Access, Okta is addressing a critical gap in enterprise security and paving the way for safer, more efficient AI-driven workflows. This protocol not only enhances visibility and control but also fosters collaboration across the software industry to establish standardized, secure access for AI agents.
As AI continues to reshape the enterprise landscape, protocols like Cross App Access will play a vital role in ensuring that innovation does not come at the expense of security. With Okta leading the charge, businesses can confidently embrace AI tools, knowing that their data and systems remain protected.
About Okta
Okta, Inc. is The World’s Identity Company™. We secure Identity, so everyone is free to safely use any technology. Our customer and workforce solutions empower businesses and developers to use the power of Identity to drive security, efficiencies, and success – all while protecting their users, employees, and partners. Learn why the world’s leading brands trust Okta for authentication, authorization, and more at okta.com.
