Enterprise software is entering its most consequential transition since the move to the cloud.
AI agents are no longer experimental tools running in isolation. They are becoming first-class actors in enterprise environments. They initiate workflows, access sensitive data, and act across multiple systems at machine speed. And as these agents increasingly connect to applications, the security of the enterprise is no longer defined by any single product or platform. It is defined by how much visibility and control enterprises have over those connections.
That reality places enterprise SaaS builders and AI platforms at the center of a new shared security responsibility. In the agentic age, trust must be built into the way applications connect from the start.
The hidden risk in integrations
Over the past year, the industry has seen a series of SaaS supply-chain incidents where attackers didn’t compromise core infrastructure, they exploited trusted integrations. In multiple cases, long-lived or replayable tokens were stolen from one application and reused to gain access to dozens, sometimes hundreds, of downstream enterprise environments.
Okta was not immune to this category of risk. Like most modern enterprises, we rely on a broad ecosystem of SaaS vendors to run our business. That’s why we have established a baseline set of security controls for the applications we use, such as strong identity federation, scoped access, network restrictions, and auditability. These measures proved critical, limiting exposure during recent SaaS compromises and helping prevent the replay of stolen tokens into Okta environments.
Now, as AI agents become active participants in enterprise workflows, security teams must turn their attention to a new class of access challenges that existing models were never designed to handle.
Traditional app-to-app authorization models, including static credentials, user-granted OAuth consent, and unmanaged service accounts, were not designed for a world where agents initiate actions independently, establish connections dynamically, and operate across multiple systems without human involvement. As AI agents enter the picture, access patterns become non-deterministic, integrations multiply rapidly, and the blast radius of a single compromised token grows dramatically.
Cross App Access (XAA) — an open, vendor-neutral protocol for securing agent-to-app and app-to-app access at enterprise scale — is designed to close this gap.
Agentic AI changes the security equation
Standards like Model Context Protocol (MCP) have accelerated innovation by making it easier for AI agents to interact with tools and data sources. That interoperability is powerful, but without enterprise-managed authorization, it also creates new security blind spots.
Too often today, access decisions are still being made implicitly by individual users or embedded directly into application logic. Enterprises have little visibility into which agents are connected to which systems, what permissions they hold, or how to revoke that access when something goes wrong.
This is not sustainable at scale. Security teams need centralized control, auditability, and the ability to apply policy consistently, regardless of whether access is initiated by a human user, an application, or an AI agent.
Why the XAA protocol matters for SaaS builders and AI platforms
As an open, interoperable protocol designed to work across identity providers, SaaS vendors, and AI platforms, XAA allows enterprises to apply consistent authorization policy regardless of which products they use.
XAA is an extension of OAuth, and an authorization extension of MCP. It shifts authorization decisions out of individual applications and into the enterprise identity provider. This allows enterprises to define and enforce policies for app-to-app and agent-to-app access centrally, without relying on fragile tokens or repeated user consent prompts.
For SaaS builders and AI platforms, this is not just a security improvement, it’s a competitive advantage.
Adopting XAA enables them to:
Deliver integrations that meet enterprise expectations for governance, auditability, and revocation
Eliminate risky token sprawl and static credentials
- Simplify customer onboarding by removing repetitive authorization prompts, reducing consent fatigue and the risk of over-privileged or accidental access
- Build once and interoperate across customer environments and identity providers
Most importantly, it allows them to align with how enterprises actually want to manage AI-driven access: through identity, policy, and visibility and not scattered secrets and one-off approvals.
A new shared responsibility and a clear expectation
At Okta, we believe securing the agentic future requires the entire ecosystem to move together. Identity providers, enterprises, and SaaS vendors all have a role to play. But that role starts with building the right security foundations into the products enterprises depend on.
As we look at how we operate internally and how our customers expect their SaaS ecosystems to behave, one thing is clear: Enterprises are no longer comfortable with user-managed connections or static credentials operating outside centralized oversight. They want assurance that the applications and AI platforms they rely on support modern, standards-based controls for app-to-app and agent-to-app access.
That is why XAA matters so deeply to us. We see XAA as a critical evolution in how trust is established between applications in the agentic age and an important capability for any SaaS vendor that serves enterprise customers at scale. Vendors that invest early in these controls are better positioned to meet rising customer expectations, reduce systemic risk, and participate confidently in increasingly interconnected enterprise environments.
Our goal is to work closely with SaaS builders and AI platforms to make this transition practical, interoperable, and developer-friendly, because meaningful security progress only happens when the ecosystem moves forward together.
Getting started with XAA
The shift to agentic AI is happening quickly, but adopting stronger authorization models doesn’t have to be complex.
To make it easy for SaaS builders and AI platforms to explore and adopt XAA, Okta has invested in a growing set of vendor-agnostic developer resources designed to support both experimentation and production readiness. These include technical documentation, reference implementations, and a new developer playground that allows teams to inspect XAA-powered integrations without needing to wire up a local environment.
For SaaS vendors already building on Auth0, the path is even simpler. XAA is available out of the box for Auth0 customers, with support currently in beta. This allows teams to enable XAA using their existing OAuth infrastructure, dramatically reducing the effort required to help secure agent-to-app and app-to-app access.
Whether you’re securing an MCP server, enabling agent-to-app access, or modernizing existing OAuth-based integrations, these tools are designed to help you evaluate XAA quickly and understand how enterprise-managed authorization fits into your architecture.
As the agentic ecosystem continues to evolve, now is the time for ISVs to get ahead by building integrations that enterprises can trust by default, and by making identity and authorization a first-class part of how AI-powered software connects.
