Okta Expands Cross App Access for Enhanced AI Agent Security

Okta Inc. announces more than 25 software makers joining its Cross App Access (XAA) framework, enabling secure AI agent connections through enterprise identity controls.

Adopters include Asana, Atlassian, Cloudflare, Salesforce’s Slack, and Zoom, enhancing integration across applications. Introduced in June 2025, XAA governs interactions between agents and applications, addressing risks associated with static API keys and unmanaged privileges.

XAA functions as an open, vendor-neutral protocol, allowing identity policies to adapt as agents access various applications. Partners are categorized into three roles: requesting applications like Claude and Zoom, resource applications such as Asana and Slack, and identity infrastructure including Cloudflare and Keycloak.

The framework aims to streamline workflows, ensuring that every action taken by AI agents is logged and compliant with enterprise policies. As stated by Okta’s Chief Product Officer Ely Kahn, organizations are increasingly recognizing XAA as the secure method for deploying AI agents in production settings.

Zoom supports XAA by allowing its AI assistant to merge context from connected apps into workflows. To solidify its standing, XAA is being integrated into enterprise-managed authorization extensions for various programming languages. Early production use cases highlight partnerships including Ramp and HubSpot, focusing on centralized authorization and automated permission management.

Availability will commence for Okta Workforce customers in August, with Auth0 B2B customers gaining early access at the end of July.