Identity access management company Okta Inc. today announced the launch of a new protocol to secure artificial intelligence agents that provides visibility, control and governance to both agent-driven and app-to-app interactions.

Called Cross App Access, the new protocol is designed to help independent software vendors deliver secure, enterprise-ready integrations in an AI-powered world.

Cross App Access seeks to assist with dealing with the growing complexity and risk posed by autonomous AI agents, which increasingly interact with enterprise apps and data through the Model Context Protocol without sufficient oversight. The new protocol eliminates the need for repetitive user consents by shifting access control to the identity provider. It provides information technology teams with real-time visibility into how AI agents access various services, while also reducing token sprawl and improving compliance.

The emergence of non-deterministic access patterns from AI agents, where tools act independently across multiple systems, has made traditional identity standards increasingly inadequate. Cross App Access addresses the gap by introducing centralized, policy-based governance across the expanding network of AI-driven integrations.

The protocol allows enterprise customers to better connect their AI tools to other apps and data. It delivers a smoother experience for the user by removing repetitive authorization consent screens and managing agent access for better security and compliance.

In an example provided by Okta, an AI tool may need to access an internal communication app to retrieve information or take action on a user’s behalf. Without Cross App Access, the user must log into the AI tool via their company’s single sign-on process and then manually approve each integration, logging into and consenting to the internal communication app separately.

The process would then need to be repeated for other necessary applications, such as a file storage service or a project management application. Each consent and access is invisible to the enterprise customer.

Using Cross App Access, the AI tool can instead request access to the internal communication app from Okta, which evaluates the request against enterprise policies and determines whether the tool is authorized to access that specific user’s internal communication app data. If permitted, Okta issues a token to the AI tool, which it presents to the internal communication app for validation.

Once validated, the internal communication app provides access without additional user interaction and always under enterprise-defined security controls. Okta has visibility into every time the AI tool accesses the internal communication app on behalf of the user.

As enterprise adoption of AI tools accelerates, Okta’s new offering positions the company as a key player in shaping how identity and access are managed in increasingly automated, interconnected environments.

Photo: Okta