As enterprises rapidly deploy AI agents across their organizations, a critical security visibility gap has emerged. IT teams lack the ability to see or control how these autonomous tools access sensitive data, creating risks associated with shadow AI and identity governance.
To address this challenge, a new open standard protocol called Cross App Access (XAA) provides complete visibility and control. Built as an extension of existing OAuth and OpenID Connect standards, XAA uses centralized identity management to facilitate secure app-to-app communication. This enables identity-first security for emerging AI agent ecosystems, ensuring organizations can safely deploy AI at scale.
Designed for implementation by independent software vendors (ISVs), identity providers (IdPs), and enterprise applications, Cross App Access centralizes AI agent governance and app-to-app access control, replacing fragmented, app-specific permissions with unified security oversight. This OAuth extension enhances existing authorization flows by introducing an AI agent and non-human identity context to the IdP’s governance layer, without requiring new identity infrastructure.
The enterprise AI security challenge
Modern enterprises need protection that traditional identity and access management (IAM) wasn’t developed for: securing autonomous AI agents on behalf of IT administrators and users. These agents operate across multiple applications without constant human supervision and require robust non-human identity security.
Gartner predicts 40% of enterprise applications will include task-specific AI agents by 2026. This accelerated growth creates sizable security and compliance challenges for organizations.
The visibility gap
When a user connects an AI tool to an app through OAuth authorization or a single sign-on (SSO) flow, the IdP can authenticate the user, but typically cannot see the exact permissions the AI Agent is requesting. A user might see a prompt like “Allow access to your files,” but IT can’t see whether that means one file or an entire database.
This creates three critical vulnerabilities:
Approval fatigue: Users click “allow” on AI tool permissions without carefully reading what they’re agreeing to, potentially granting broad access to sensitive data
Lack of visibility: IT and security teams can verify the user’s identity but have no way to see or govern the AI agent’s specific access privileges, creating dangerous security visibility gaps
Inability to scale: As organizations deploy dozens or hundreds of AI agents and manage them manually, every new AI connection becomes a potential security risk
Shadow AI
Shadow AI occurs when users within an organization employ AI technology without IT approval or oversight. Unlike traditional shadow IT, AI agents actively take actions, analyze sensitive information, and make decisions on behalf of users. An over-permissioned AI agent with excessive access could inadvertently expose confidential data, violate compliance rules, or create legal liability.
AI agent identity management challenges
AI agents present unique AI identity management challenges that traditional enterprise identity management systems weren't designed to handle:
Dynamic access patterns: AI agents require context-aware access control that adapts to changing tasks and responsibilities
Non-human identity governance: Unlike humans, AI agents operate autonomously across trust boundaries without constant supervision
Token sprawl: Unmanaged AI agents create proliferating credentials (API tokens, refresh tokens, and service accounts) that increase the attack surface, highlighting the need for automated identity lifecycle management
Zero Trust requirements: AI agent security requires enforcing least privilege access and just-in-time permissions to minimize risk
What is Cross App Access?
Cross App Access is an industry standard protocol designed specifically for centralized access control for AI and app-to-app connections. It shifts authorization decisions from individual applications to an organization’s identity provider. The IdP serves as the central system that manages access to resources through identity governance, policy-based authorization, and least privilege access control.
The protocol addresses the challenge of machine-to-machine authentication and AI identity management by enabling secure delegation. This means the IdP preserves the user’s identity and authorization context even as AI agents access multiple applications across different trust domains. Instead of each app negotiating access directly, the IdP acts as a trusted authorization broker, issuing and managing OAuth tokens that maintain user and agent context across systems.
Cross App Access requires coordination between three parties:
The enterprise's IdP (which acts as the authorization broker and identity governance center)
ISV applications that implement the protocol (like Box, Salesforce, or AI assistants)
The enterprise IT team (which sets security policies)
ISVs integrate Cross App Access into their products, while enterprises enable and configure these capabilities through their existing IdP.
How Cross App Access works
Cross App Access sits between AI agents and the applications they need to access, providing centralized access control and identity governance.
When an AI tool needs to access company data:
The AI agent requests permission from the identity provider
The IdP checks the IT security policies and queries:
Is this AI tool approved?
Does this user’s role allow AI access to this data?
If everything checks out, access is granted, and IT can see the entire transaction
Every access event is logged for auditing and compliance
Cross App Access builds on existing identity standards by using the Identity Assertion Authorization Grant, a new specification adopted by the IETF’s OAuth Working Group. This allows the enterprise IdP to mediate AI-to-app and app-to-app connections, translating identity and authorization context across domains. XAA leverages standard token-based authorization flows, specifically OpenID Connect and OAuth, while extending them for AI agent governance. The IdP can then issue tokens that contain the necessary context about both the human user and the AI agent, facilitating secure delegation and maintaining a clear audit trail across systems. Initial collaborators, including Automation Anywhere, Boomi, Box, and Glean Technologies, have shown support for the new protocol, indicating early industry adoption.
Traditional approach vs. Cross App Access
Key consideration | Without Cross App Access | With Cross App Access |
IT visibility into AI connections | No visibility (security blind spots) | Complete visibility |
Security policy management | Each app decides separately | Centralized access control through IT |
Access revocation speed | Must disable in each app manually | Instant across all apps |
Audit trail logging | Scattered or missing logs | Complete audit trail |
User experience (UX) | Multiple approval screens | Seamless, one-time setup |
Risk level | Unknown (security visibility gaps) | Managed (full oversight) |
Business benefits of Cross App Access
For IT and security leaders
Centralized control: Security policies are set once at the IdP and applied enterprise-wide through identity governance
Instant response: Access can be revoked or adjusted immediately across all apps via centralized access control
Audit trails: Supports compliance with SOC 2, HIPAA, and GDPR through detailed logging and comprehensive audit trails
AI risk management: Positions organizations to meet emerging governance expectations and prevent shadow AI
For business decision-makers
Accelerate AI adoption: Safe deployment of AI tools enterprise-wide with identity-first security
Meet compliance requirements: Ensures authorized, auditable access to sensitive data through identity governance
Competitive advantage: Early adopters can securely deploy AI faster than competitors
Eliminate shadow AI: Gain visibility into unmanaged AI tools and bring them under IT governance
For users
Improved UX: Fewer approval prompts and faster access
Autonomy: AI agents work within IT-approved boundaries, completing tasks across multiple apps
Real-world business scenarios
Sales team productivity: AI agents access CRM and email data securely through identity-based access control, automatically adjusting for team changes
Customer support efficiency: AI agents access ticketing systems and databases based on role and region with Zero Trust security
Regulated industry compliance: Healthcare AI agents aggregate data while maintaining HIPAA-aligned logging and access control through enterprise identity management
How Cross App Access fits with other AI standards
Cross App Access complements other emerging AI agent standards:
Model Context Protocol (MCP): Defines how AI agents communicate with data sources and APIs. Cross App Access provides the necessary API security for AI to ensure those communications are governed
Agent2Agent (A2A): Specifies how AI agents collaborate and delegate tasks
While MCP and A2A define how AI systems communicate, Cross App Access governs authorization and access scope. This ensures that communications occur only between authenticated, identity-verified, and policy-approved systems that integrate seamlessly with OAuth and OpenID Connect frameworks.
Why XAA matters now
The urgency around AI agent security isn’t hypothetical. Organizations are deploying AI agents faster than security teams can adapt:
Gartner predicts by 2028: AI will make 15% of day-to-day work decisions autonomously; and
Without centralized AI access governance and identity visibility, enterprises face growing risks, including data breaches, compliance violations, the proliferation of shadow AI, and the loss of audit trails. Cross App Access provides the framework to manage these risks while capturing AI’s productivity benefits.
Evaluating and adopting Cross App Access
Organizations should consider Cross App Access if they are experiencing:
Shadow AI: Unmanaged AI tools in use
Visibility gaps: Difficulty tracking AI access
Compliance concerns: Auditors asking how AI accesses sensitive data
User friction: Repetitive permission prompts
Access management challenges: Difficulty revoking AI tool access
To implement XAA, enterprises need:
IdP support: Ensure the IdP supports Cross App Access
ISV support: Verify applications integrate XAA features
Phased rollout planning: Begin with non-critical apps
Security policy alignment: Define AI agent access policies and approval processes before rollout
FAQs
What is Cross App Access (XAA), and how does it secure AI agent access?
Cross App Access is a new security standard that provides IT teams with visibility and control over how AI agents connect to company applications through identity-based access control. Instead of users approving AI connections individually (with no IT oversight), Cross App Access centralizes these decisions with the organization’s identity provider for centralized identity management.
Does Cross App Access slow AI agent adoption?
No, it actually accelerates the safe adoption of AI agents. Users gain seamless access to IT-approved AI tools without having to navigate repetitive approval screens. IT teams can confidently enable AI agents, knowing they have visibility and control over them.
Can Cross App Access integrate with existing SSO and identity provider systems?
Yes. Cross App Access is designed to work alongside existing SSO and IdP systems. It extends existing OAuth standards rather than replacing them, providing enterprise identity management without infrastructure changes.
Do organizations need to change their identity provider to use Cross App Access?
No. Cross App Access works with major enterprise identity providers. Organizations continue to use their existing IdP and enable Cross App Access for ISV applications that support the protocol.
What business benefits does Cross App Access provide for enterprise AI security and compliance?
Organizations gain complete visibility into AI agent connections, consistent security policy enforcement through identity governance, comprehensive audit trails for compliance, instant access revocation when needed, and the ability to safely deploy AI tools enterprise-wide.
Is Cross App Access only applicable to AI agents, or can it secure other app-to-app connections?
While it's particularly valuable for AI agent security, Cross App Access can be implemented for any app-to-app connection scenario, including automation tools, CI/CD pipelines, API integrations, and service account management.
What is the typical implementation timeline for Cross App Access in enterprises?
Implementation timelines vary. Simple deployments may take a few weeks to complete. Large enterprises with numerous applications and complex security policies may require several months to implement. Most organizations take a phased approach, starting with non-critical systems.
Which enterprise vendors currently support Cross App Access (XAA)?
Early supporters include Automation Anywhere, Boomi, Box, and Glean Technologies. The standard is gaining industry momentum, with more ISV vendors expected to adopt it as organizations demand better AI agent governance capabilities.
What about compliance?
Cross App Access provides comprehensive audit trails for all AI agent connections, supporting compliance with SOC 2, HIPAA, GDPR, and other regulatory requirements. Auditors can see exactly which AI agents accessed which data, when, and why through unified identity management.
Secure AI agents and app-to-app connections at enterprise scale
Okta Cross App Access helps organizations securely adopt AI agents at enterprise scale with identity-first security — providing centralized governance, complete IT visibility, and instant access control built on proven OAuth and identity management standards.
Learn more
