Okta Unveils Protocol to Secure AI Agent Access Across Enterprise Apps

Identity and access management leader Okta Inc. has launched Cross App Access, a new protocol designed to secure and govern interactions between AI agents and enterprise applications.

The move comes as AI tools increasingly operate autonomously, accessing data across platforms in ways that challenge traditional identity standards.

Cross App Access offers centralised, policy-based governance for app-to-app and agent-driven interactions. It shifts access control to the identity provider—Okta—eliminating the need for repeated user logins and consent prompts.

This enables real-time visibility, reduces token sprawl, and ensures AI tools operate under strict enterprise-defined rules.

Okta says the protocol addresses the rising complexity and risk of non-deterministic AI behavior, where tools act independently across systems. For example, an AI assistant might need to interact with messaging apps, file storage, or project management tools.

Traditionally, each connection would require separate user approvals—processes that are invisible to IT teams and difficult to audit.

"While we're actively working with the MCP and A2A communities to improve AI agents’ functionality, their increased access to data and the explosion of app-to-app connections will create new identity security challenges.

"With Cross App Access, Okta is excited to bring oversight and control to how agents interact across the enterprise. Since protocols are only as powerful as the ecosystem that supports them, we're also committed to collaborating across the software industry to help provide agents with secure, standardized access to all apps,” Arnab Bose, Chief Product Officer, Okta Platform at Okta, said.

With Cross App Access, Okta evaluates agent requests against enterprise policies and issues tokens only when permitted, providing a seamless user experience and full enterprise oversight.