Latest news with #ArnabBose
Time of India
5 days ago
- Business
- Time of India
Okta introduces Cross App access to help secure AI agents in the enterprise
Okta, Inc., the leading independent identity partner, today announced Cross App Access, a new protocol to help secure AI agents. As an extension of OAuth, it brings visibility and control to both agent-driven and app-to-app interactions, allowing IT teams to decide what apps are connecting and what information AI agents can it matters: More AI tools are using protocols like Model Context Protocol (MCP) and Agent2Agent (A2A) to connect their AI learning models to relevant data and apps within the enterprise. However, for connections to be established between agents and apps, such as Google Drive or Slack, users need to manually log in and consent to grant the agent access to each integration. These app-to-app connections occur without oversight, with IT and security teams having to rely on manual and inconsistent processes to gain visibility. This creates a big blind spot in enterprise security and expands an increasingly unmanaged perimeter. This challenge will be amplified with the explosion of AI agents, which are introducing new, non-deterministic access patterns, crossing system boundaries, triggering actions on their own, and interacting with sensitive data. Today's security controls aren't equipped to handle their autonomy, scale, and unpredictability. Existing identity standards are not designed for securing an interconnected web of services and applications in the enterprise – and while MCP improves transparency and communication between agents, it doesn't help manage access. "While we're actively working with the MCP and A2A communities to improve AI agents' functionality, their increased access to data and the explosion of app-to-app connections will create new identity security challenges,' said Arnab Bose, Chief Product Officer, Okta Platform at Okta. "With Cross App Access, Okta is excited to bring oversight and control to how agents interact across the enterprise. Since protocols are only as powerful as the ecosystem that supports them, we're also committed to collaborating across the software industry to help provide agents with secure, standardized access to all apps.' What we're introducing - Cross App Access Okta, working with industry-leading ISVs, is launching Cross App Access to help ISVs deliver secure, enterprise-ready integrations in an AI-powered world. Anticipated to be available for select Okta Platform customers as a feature in Q3 of this year, it will enable ISV's enterprise customers to better connect their AI tools to other apps and data, deliver more seamless experiences for the end user by removing repetitive authorization consent screens, and manage agent access for better security and compliance. For example, an AI tool may need to access an internal communication app to retrieve information or take action on a user's behalf. Without Cross App Access, the user must log into the AI tool via their company's SSO and then manually approve each integration, logging into and consenting to the internal communication app separately. This process would then need to be repeated for other necessary applications, such as a file storage service or a project management application. Each consent and access is invisible to the enterprise customer. With Cross App Access, the AI tool can instead request access to the internal communication app from Okta, which evaluates the request against enterprise policies and determines whether the tool is authorized to access that specific user's internal communication app data. If permitted, Okta issues a token to the AI tool, which it presents to the internal communication app for validation. Once validated, the internal communication app provides access—all without additional user interaction, and under enterprise-defined security controls. The enterprise has visibility into when the AI tool accesses the internal communication app on behalf of the user. What challenges does this solve for ISVs? ISVs face growing pressure to support secure, seamless cross-app experiences for their enterprise customers, but the underlying identity and access flows are often inconsistent, fragmented, and hard to scale. These integrations typically rely on risky token exchanges and user-granted access, leading to token sprawl and visibility gaps. As AI agents begin to autonomously connect across systems, this complexity and the risk only increases. How Cross App access can help: Cross App Access enables ISVs to deliver secure, enterprise-grade integrations for AI agents and other autonomous systems, such as workflow automation tools. By shifting access control to the identity provider, like Okta, ISVs can reduce security risks, simplify integration complexity, and better support their customers' compliance and governance needs. What challenges does this solve for enterprises? Integrating AI tools with existing data and systems presents significant hurdles. Many businesses currently rely on ad hoc methods like long-lived tokens and fragmented access controls, making these integrations inherently risky. AI adoption is being stalled by this lack of visibility and control over how agents access data across apps. Beyond security, the user experience is also impacted when agents can't act seamlessly on behalf of users, due to repetitive and outdated authorization flows. How Cross App access can help: With Cross App Access, enterprises can enhance security and usability, empowering IT to manage agent access while enabling seamless, low-friction experiences for users. It supports secure interoperability between apps and AI systems, making it easier to adopt innovative ISV solutions without compromising oversight or performance.
Techday NZ
23-06-2025
- Business
- Techday NZ
Okta launches Cross App Access to boost AI security in firms
Okta has announced Cross App Access, a protocol designed to bring security, visibility, and control to the way AI agents interact with enterprise systems and applications. The protocol, extending the capabilities of OAuth, provides IT teams with oversight over both agent-driven and application-to-application interactions within an organisation. Through Cross App Access, teams can manage which applications are connecting, and the types of information AI agents are permitted to use or access. Security landscape The introduction of Cross App Access comes amid increasing enterprise adoption of AI-powered tools, which often use communication protocols such as Model Context Protocol (MCP) and Agent2Agent (A2A) to connect learning models to organisational data and applications. In current practice, establishing these connections typically requires users to grant manual consents and login approvals for each integration, such as linking AI tools to platforms like Google Drive or Slack. These processes frequently occur without clear oversight, leaving IT departments to handle access management through inconsistent manual methods. This situation, according to Okta, presents a security vulnerability that expands as the use of AI agents increases, creating what many describe as an unmanaged perimeter with limited visibility into agent and app activities. Arnab Bose, Chief Product Officer, Okta Platform at Okta, described the changing risk landscape as both a technological and security challenge for organisations adopting AI agents at scale. He stated: "While we're actively working with the MCP and A2A communities to improve AI agents' functionality, their increased access to data and the explosion of app-to-app connections will create new identity security challenges. With Cross App Access, Okta is excited to bring oversight and control to how agents interact across the enterprise. Since protocols are only as powerful as the ecosystem that supports them, we're also committed to collaborating across the software industry to help provide agents with secure, standardized access to all apps." Technical approach Cross App Access is aimed at software vendors that support enterprise customers, enabling them to facilitate secure integration between AI tools and other business applications. The protocol is set to become available as a feature for select Okta Platform customers in the third quarter. In the typical workflow described by Okta, an AI tool needing access to an internal communication app would—under existing processes—require the end user to sign in and approve each integration individually. Each instance of authorisation is usually not visible to the IT team, limiting the ability to monitor or control access at the organisational level. With Cross App Access, the workflow changes. The AI tool submits an access request to Okta, which then evaluates the request in line with company policies. If authorised, Okta issues a token to the AI tool, which presents it to the communication app for validation. The process is completed without further user interaction, and all interactions are logged and visible to enterprise IT. Impact for software vendors Independent software vendors (ISVs) are under pressure to create secure and seamless cross-application experiences. The complexities associated with current identity and access flows can lead to risks such as token sprawl and inconsistent user authorisations. These issues are compounded as AI agents increasingly initiate connections across disparate systems autonomously. Okta states that the protocol will address these challenges by shifting access management and control responsibility from individual integrations to centralised identity providers. This could help reduce risks and help ISVs with customer compliance requirements. Use by enterprises Many organisations currently implement AI integrations through patchwork processes that use long-lived tokens and fragmented control systems, which, Okta notes, are inherently risky and often stall further AI adoption. Without an overarching management system, businesses risk losing visibility into how, when, and why AI agents interact with sensitive data. From the end-user's perspective, repeated authorisation requests and outdated login flows can make adopting new AI-powered applications burdensome and inefficient. Cross App Access aims to address these issues by allowing IT administrators to manage agent access centrally, providing both security improvements and more streamlined user experiences. Companies can then integrate new AI applications with existing business systems while meeting requirements for oversight, compliance, and governance.
