Okta joins Google Cloud and industry leaders to build an open, secure AI ecosystem with MCP
Okta joins Google Cloud and industry leaders to build an open, secure AI ecosystem with MCP
While AI-driven security operations promise to augment human expertise and automate complex tasks, this potential is often hindered by integration gaps between the diverse tools security teams rely on daily.
That’s why we’re excited to support Google Cloud’s plans to foster an open ecosystem for AI-driven security, centered around the Model Context Protocol (MCP). MCP is an open standard poised to simplify how AI models and agents connect to external tools and data sources. By standardizing these interactions, MCP democratizes the creation of robust, cross-tool AI workflows, making advanced capabilities accessible beyond specialized developers.
Okta is proud to join Google Cloud, Cloudflare, CrowdStrike, and Wiz to bring this vision to life.
“As an industry, it's critical that we prioritize interoperability and enable our mutual customers to seamlessly integrate best-of-breed solutions and effectively leverage AI across diverse security tools.”
— Stephen Lee, Vice President of Technical Strategy & Partnerships, Okta
GenAI and identity security: Cornerstones of unified security
As AI agents query data and initiate actions via MCP, understanding the identity context — who the user is, their permissions, and their current risk posture – is crucial for both efficacy and safety. Okta is exploring ways to expose rich identity insights and intelligence from across the Okta and Auth0 platforms via MCP-based services. This will allow Google's GenAI tools to leverage authoritative identity context within their workflows.
Getting authorization right for GenAI (inclusive of MCP and A2A)
Applying strong, standards-based identity security principles is essential as we build this interconnected ecosystem.
Early MCP designs prioritized protocol implementation, initially deferring comprehensive authentication and authorization. Authorization was integrated in later stages, with the initial spec consolidating the MCP server and Authorization Server roles. While functional, this tightly coupled architecture introduced complexity for developers and deviated from established OAuth best practices.
Adopting standard OAuth 2.0 patterns — specifically separating the MCP Resource Server (the API endpoint) from the Authorization Server (the "token factory") — offers a more modular, scalable, and interoperable solution. This decoupling simplifies API development, facilitates seamless integration with enterprise identity providers, and enables cleaner discovery mechanisms.
“As new AI protocols and patterns arise, Okta will be there to help shape their identity specs and ensure they are aligned with existing standards and industry best practices, like we are with MCP and A2A.”
— Aaron Parecki, Director of Identity Standards, Okta
(For a deeper technical discussion on applying OAuth correctly to MCP, please see Aaron Parecki's blog post.)
The road ahead
This is a foundational step. Okta is proud to work with Google Cloud and the community to build an open and secure AI ecosystem, powered by MCP.
We are in the early chapters of GenAI and MCP. Stay tuned for more updates and future posts, in which we'll dive deeper into how Okta's platform capabilities facilitate these integrations and explore further innovations.
We encourage you to explore the new google/mcp-security repository on GitHub and join us in shaping the future of secure, AI-driven operations.
For more, learn how Auth0 and Cloudflare are working together to facilitate the secure adoption of MCP and how Auth0 for GenAI helps you build an AI Agent, Application, or MCP server that requires secure and granular authorization.
Follow Aaron Parecki
