66°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

#xaa

  • The Grant Behind Enterprise Managed Auth for Claude: ID-JAG with Karl McGuinness (ex-Okta) — Insecure Agents (www.insecureagents.com)
    Tue, Jul 14, 2026 5:45pm -07:00 #xaa #okta #oauth
  • XAA and EMA: Field Notes and Insights | Alvaro Inckot (www.alvaroinckot.com)
    Thu, Jul 9, 2026 10:04am -07:00 #xaa #mcp #oauth
  • Aaron Parecki
    Figuring out how AI agents get access to enterprise apps gets messy fast.

    Static API keys and repeated OAuth flows look fine in a demo, but they completely break down at scale.

    Lately, much of my work in the IETF OAuth Working Group has focused on solving this exact bottleneck.

    By leveraging the Cross-App Access pattern, built on the Identity Assertion JWT Authorization Grant, we can fundamentally change how agents interact with your stack:

    • No more manual OAuth dance: Agents get seamless, scoped access to connected apps entirely behind the scenes.
    • Centralized IT control: Enterprise admins get the clear visibility, security boundaries, and policy control they actually need.

    I’m joining Jiquan Ngiam, CEO of MintMCP, to discuss how this plays out in practice. JQ runs over 20 agents on MintMCP's platform, so we’ll explore what MCP Enterprise-Managed Authorization looks like when deployed across tools like Salesforce, GitHub, and Confluence.

    If you work in identity, security, or are currently figuring out how to safely deploy AI agents in your enterprise, come join the conversation.

    Free and live on Zoom, Jul 9 at 9am Pacific: https://luma.com/va1tfrnf
    Portland, Oregon, USA • 79°F
    Wed, Jul 8, 2026 6:12pm -07:00 #xaa #oauth #okta
  • Enterprise-Grade MCP Access Control Is Here. Your Gateway Makes It Real. (konghq.com)
    Mon, Jul 6, 2026 8:56am -07:00 #xaa #okta #oauth
  • Arcade.dev Supports EMA for Enterprise MCP Agents (www.arcade.dev)
    Wed, Jun 24, 2026 4:00pm -07:00 #oauth #okta #xaa
  • Okta expands AI agent access controls with 25 links (itbrief.com.au)
    Wed, Jun 24, 2026 9:37am -07:00 #okta #oauth #xaa
  • Only 13% of Australian firms can stop a rogue AI agent: Okta expands Cross App Access with Anthropic, Canva and Atlassian aboard | iTWire (itwire.com)
    Wed, Jun 24, 2026 9:37am -07:00 #okta #xaa #oauth
  • Okta expands Cross App Access ecosystem to secure AI agent connections - SiliconANGLE (siliconangle.com)
    Wed, Jun 24, 2026 9:37am -07:00 #okta #xaa #oauth
  • No more blind trust: Identity controls for AI agents | resource | SC Media (www.scworld.com)
    Tue, Jun 23, 2026 12:39pm -07:00 #okta #oauth #xaa
  • Announcing Keycard Support for ID-JAG and Cross-App Access from Okta — Keycard (www.keycard.ai)
    Tue, Jun 23, 2026 12:07pm -07:00 #okta #oauth #xaa
  • Okta partners with MintMCP to govern how agents connect to enterprise apps | MintMCP Blog (www.mintmcp.com)
    Tue, Jun 23, 2026 7:51am -07:00 #xaa #oauth #okta #mcp
  • Okta advances the industry standard for secure AI agent connections with expanding Cross App Access ecosystem (www.okta.com)
    Tue, Jun 23, 2026 7:51am -07:00 #oauth #okta #xaa
  • Zero-Touch OAuth: How MCP Enterprise-Managed Authorization Is Solving the AI Agent Auth Crisis - DEV Community (dev.to)
    Mon, Jun 22, 2026 4:59pm -07:00 #xaa #mcp #okta #oauth
  • Enterprise-Managed MCP Auth Changes the Game — What Teams and Server Builders Should Do Now - Influzer.ai (www.influzer.ai)
    Mon, Jun 22, 2026 4:57pm -07:00 #xaa #okta #mcp #oauth
  • MCP Enterprise Authorization Goes Stable: Zero-Touch SSO for Okta, Anthropic, VS Code (www.techtimes.com)
    Sat, Jun 20, 2026 1:53pm -07:00 #xaa #oauth #okta #mcp
  • MCP gets its missing enterprise authorization layer - The New Stack (thenewstack.io)
    Thu, Jun 18, 2026 1:10pm -07:00 #mcp #xaa #oauth #okta
  • Aaron Parecki
    Enterprise AI just got a lot more secure. Anthropic launched a beta of "Enterprise Managed Auth" in Claude, so you can now connect Claude seamlessly to MCP servers through your enterprise IdP like Okta!

    Now employees no longer have to connect MCP servers manually and wait for a series of OAuth and login prompts. Once you log in to Claude from Okta, all the preconfigured MCP servers are already connected! It's not every day you get to improve both usability and security!

    This is an application of the Cross App Access pattern, defined in the Identity Assertion JWT Authorization Grant being standardized in the OAuth working group at the IETF.

    Seeing adoption from a massive player like Claude is a huge validation of the effort! It's been fantastic to work with the folks at Anthropic over the past year on this Paul Carleton and Den Delimarsky. And of course this wouldn't be possible without the collaboration with my co-authors on the spec Karl McGuinness and Brian Campbell!

    https://claude.com/blog/enterprise-managed-auth

    https://www.youtube.com/watch?v=5kTDt9ewTwE
    San Francisco, California, USA • 66°F
    Thu, Jun 18, 2026 12:35pm -07:00 #oauth #mcp #xaa #enterprisesecurity
  • Cross-Domain API Access: Beyond the "Obvious" Shortcuts

    Cross-domain access is everywhere in today's software landscape. Whether you look at enterprise SaaS applications, AI agents interacting with user data across multiple platforms, or "integrated experiences" pulling information from a calendar, a chat tool, and a wiki—everything eventually needs to talk across boundaries.
    continue reading...
    1 like
    Wed, May 27, 2026 4:35pm -07:00 #oauth #okta #xaa #id-jag #ai
  • Aaron Parecki
    The "Agent Verified" signup flow from WorkOS is exactly what I've been telling the agent platforms they should be doing with Cross App Access! Very cool to see this launch! 👏

    https://workos.com/auth-md/docs/flows/verified

    "The agent's provider — OpenAI, Anthropic, Cursor, or any trusted agent platform — attests to the user's identity at registration time. Your service verifies the attestation and issues credentials synchronously, no human interaction required."

    In Cross App Access terms:

    • The "agent platform/provider" is the ID-JAG issuer, because users are already signed in to those platforms when they use agents
    • The "service" is the ID-JAG consumer (the Resource AS), and issues an access token if the ID-JAG is trusted and valid

    You can test this out in the Cross App Access sandbox today! https://xaa.dev/
    Portland, Oregon, USA • 79°F
    Thu, May 21, 2026 7:12pm -07:00 #oauth #xaa #ai #okta
  • MCP Authorization Patterns for Upstream API Calls | Solo.io (www.solo.io)
    Thu, Apr 9, 2026 4:55pm -07:00 #xaa #mcp
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2026 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv