search
News – Okta Becomes a Featured Identity Provider Powering Secure AI Agent Connections for Claude Enterprise

Okta Becomes a Featured Identity Provider Powering Secure AI Agent Connections for Claude Enterprise

Okta just became a featured identity provider in Anthropic’s beta program for Claude, and that’s good news if you’re trying to keep tabs on what your AI agents can touch. Announced June 18, 2026, the integration runs on Okta’s Cross App Access (XAA) protocol and covers Claude’s connections to MCP-based apps like Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase.

What Cross App Access Does for Claude

XAA builds on OAuth to cover agent-to-app and app-to-app access, and it now ships inside MCP itself as an authorization extension called “Enterprise Managed Auth.” Put Okta in the middle, and IT admins get three things they didn’t have before:

  • Centralized authorization: admins set up and approve MCP connectors once for the whole company, instead of chasing down app-by-app consent prompts.
  • Access control by role: users and their AI agents inherit access to specific connectors based on the Okta groups and roles they’re already in.
  • Automated offboarding: the moment someone’s deactivated or an agent’s role changes, its connector access gets pulled automatically through Okta’s standard offboarding flow.

So far, joint customers testing the beta include Ramp, Webflow, and HubSpot.

Part of a Broader Push

None of this happened overnight. XAA first launched in June 2025, picked up backing from the OAuth working group that September, and got folded into MCP itself by November. Okta’s also extending Okta for AI Agents to pull Claude’s managed agents into Universal Directory, so every agent gets a human owner and a centralized policy. On top of that, its Identity Security Posture Management now pairs with Anthropic’s Claude Compliance API to flag dormant accounts and misconfigurations inside Claude Enterprise.

“The moment an AI agent needs access to seven different tools, most companies default to shared credentials nobody tracks. Routing that access through the identity provider you already trust means every connector approval, every scope, and every revocation lives in one governed place, not scattered across seven admin consoles.”
Maksym Shapoval Director of Security Architecture & Security Alliances at Cloudfresh

How Cloudfresh Helps

Cloudfresh, as an Okta Activate Partner, helps IT and security teams map out which MCP connectors their organization actually needs before rolling out Claude Enterprise, then sets up the Okta groups and roles that govern them.

Rolling out Claude Enterprise and want the access model mapped out first? Book a call with our team →
Sign up to cloud newsletter