Today, Okta, Inc. announced new Auth0 for AI Agents capabilities that help eliminate the custom identity work that is stalling agent deployments at scale. The latest features — including Auth for MCP, Agent as Principal, On-Behalf-Of Token Exchange, Token Vault with Organizations Support, and FGA Permissions Index — enable organizations to securely authenticate, authorize and audit every autonomous action. Developers can now securely ship production-ready agents.
“When an AI agent needs to access dozens of different tools, developers are often forced to manually hardcode API keys or build custom authorization logic from scratch. This impacts productivity and exponentially increases the risk of a breach,” said Gareth Davies, Auth0 Chief Product Officer. “With the latest Auth0 for AI Agents updates, developers can focus on building delightful experiences that drive revenue, backed by an independent identity platform that securely connects agents to any tool, any system and any provider.”
Why it matters:
Until now, securing AI tool access and preventing unauthorized actions has been a critical roadblock. Almost 80% of companies are adopting or experimenting with agents, yet only about one-third have managed to move them into a "full, stable implementation.” Three critical gaps exist:
Agents lack proper identities. Treating AI agents as user extensions grants them overly broad permissions and fundamentally breaks auditability. Security teams are left with massive blind spots and unable to tell if an action was taken by an employee or a machine acting on their behalf.
Legacy access controls break AI security. Every autonomous agent action requires access, but without proper identity controls, teams are forced to grant that access through shared secrets and overpowered service accounts. This reliance on 'super keys' creates a massive breach blast radius and leaves security teams with no way to audit activity or prove compliance.
Authorization doesn't scale. Legacy permission models force slow API calls that bog down performance and prevent deploying agents to production.
Without a neutral identity layer that works across any tech stack, organizations can't secure autonomous systems or deploy agents at scale.
Auth0 for AI Agents provides a universal security foundation across industries, allowing highly regulated sectors like banking and healthcare to track high-stakes agent activity like payment transactions and Electronic Medical Record (EMR) access. This granular control can also help ensure customer-facing retail copilots stay segmented from back-office inventory systems, and legal research agents can maintain strict matter-level access to help prevent internal data exposure. Ultimately, this allows organizations across all industries to operate AI across complex, multi-tenant environments without the risk of data leakage or the burden of manual credential management.
With new capabilities, customers can now:
Deliver the missing identity layer for agents
Organizations need to treat AI agents as first-class identities. With Agent as Principal, developers can assign unique identities to AI agents—distinct from the users they serve—so agent actions can be independently permissioned and audited. This enables agents to operate with proper oversight, not as shadow identities bypassing enterprise controls.
Secure agent-to-tool connections without compromise
Okta is now the first enterprise-grade identity platform to authenticate and authorize MCP clients. Auth for MCP helps ensure agent operations on behalf of a verified user is scoped only to the exact tools and APIs it needs—no more, no less. On-Behalf-Of Token Exchange reduces shared secrets by allowing servers to securely trade user access tokens for correctly scoped downstream tokens, helping to ensure the API action is tied to the right user with minimal blast radius. Together, they replace risky service account shortcuts with verifiable, auditable agent access.
Scale authorization and isolation across your organization
As agent deployments grow, authorization and isolation must keep pace. FGA Permissions Index enables high-performance permission checks by replacing slow API calls and allowing applications to filter large datasets with consistently low latency. Token Vault with Organizations Support helps multi-tenant SaaS platforms securely isolate third-party credentials per customer organization, reducing cross-tenant risks. Together, they enable agent actions to scale securely across an organization without compromise.
"By offloading identity and token management to Auth0, we were able to focus entirely on building a robust dual-agent architecture for Knowhy. With Auth0, AI agents can be securely authorized to act — without ever seeing the user's credentials,” said İskender Çevik, Founder at Knowhy.co.
Auth0 for MCP and On-Behalf-Of Token Exchange are available today in GA, with Agent as Principal and FGA Permissions Index available in Developer Preview. Token Vault with Organizations Support* is planned to be available in early June. These updates come on the heels of extended Okta for AI Agents support for new agent ecosystems, any identity provider, and any enterprise resource.
For more information, visit: https://auth0.com/ai.
*Any mention of future products, features, functionalities, or certifications in this presentation is for informational purposes only. These items are not commitments to deliver and should not be relied upon to make purchasing decisions.
