Okta: Digital identity for AI agents
AI agents are now also an issue in identity management. Specialist Okta presents products for this.
(Image: Vincent Rittner / Heise Medien)
- Vincent Rittner
At this year's Oktane in-house exhibition in Las Vegas, the software manufacturer and identity provider (IDP) Okta is announcing enhancements to its platform of the same name and the Auth0 developer platform. Okta offers tools for identity and access management that companies can use to authenticate employees, customers, and partners, control access rights, and centrally manage digital identities. AI agents can now be integrated into both platforms in a secure and standardized way.
AI agents as identities
To this end, the manufacturer has presented its new Okta for AI Agents suite. This is aimed at developers and security teams and integrates AI agents into both the Auth0 developer platform and the Okta enterprise platform. According to Kristen Swanson, Head of Design and Research at Okta, AI agents are similar to humans in their non-deterministic behavior but also act like machines. The aim is to bring both aspects together in a digital identity.
Okta states that the suite bundles and orchestrates various modules of its software package. According to the company, AI agents should be able to track down and identify potential security risks such as service accounts, API keys, or OAuth tokens using Identity Security Posture Management (ISPM), Okta's observability tool for identities. The “Universal Directory” serves as a central directory in which all of a company's identities are consolidated, enriched, and made available for various applications.
A new feature is that agents can be managed and linked to risk classifications and owners, which should facilitate their use in company and developer platforms. According to the company, access rights can be assigned according to the “Principle of Least Privilege” or controlled for static credentials via Okta Privileged Access (OPA). In addition, Okta Identity Governance (OIG) and Identity Threat Protection (ITP) will log activities, recognize anomalies, and, if necessary, trigger automatic countermeasures.
It was not clear from the announcements to what extent the suite actually enables contextual understanding of the AI agents. The release of the software package is planned in two phases. Starting with early access from Q1 2026 and general availability in the same year.
New protocol for less spam
Okta is also presenting the new open protocol “Cross App Access” (XAA) in collaboration with the Internet Engineering Task Force (IETF). It will soon extend OAuth with centrally controlled guidelines and secure agent-controlled interactions as well as app-to-app interactions within the company. According to the company, this allows unauthorized access to be checked or blocked.
XAA is also intended to reduce the effort for users by authorizing agent-to-app or app-to-app connections in advance. This should result in fewer “consent screens” being displayed, reduce the burden on users, and improve security at the same time. Early access is already available in “Okta for AI agents.”
More security despite AI fakes
While Cross App Access (XAA) is intended to secure the access of AI agents and applications in the company, according to Okta, the company is also planning to introduce a new product: Verifiable Digital Credentials (VDC).
Videos by heise
This will enable companies to issue and verify digital proofs of identity, such as ID cards, certificates, or proof of employment, from 2026. The VDCs are based on open standards. A new digital ID verification is planned for early access in the fourth quarter of 2025. Initially, mobile driving licenses are to be verified, with other types of ID to be supported at a later date.
(dahe)
