Cross App Access (XAA) is an OAuth extension protocol that lets AI agents securely access enterprise applications on a user's behalf — without exposing credentials, spamming consent prompts, or bypassing IT governance. Originated by Okta, now adopted as MCP's "Enterprise-Managed Authorization" extension and being standardized at the IETF as ID-JAG (Identity Assertion JWT Authorization Grant).
The Problem It Solves
When an AI agent needs to act on a user's behalf across multiple SaaS applications — reading calendar events, creating tickets, querying databases — there was no standard way to do it securely at enterprise scale. Existing OAuth flows weren't designed for agent-to-app delegation: they either require per-app user consent (friction), store long-lived tokens in the agent (risk), or give agents broader access than necessary (governance gap).
XAA fills this gap by introducing a three-party trust model where the identity provider mediates access between the requesting application (the AI agent's host) and the resource application.
How It Works
The protocol introduces a two-step token exchange:
- ID-JAG issuance: The requesting app authenticates the user and obtains an Identity Assertion JWT (ID-JAG) from the identity provider — a signed, scoped assertion of who the user is and what the requesting app needs.
- Token exchange: The requesting app presents the ID-JAG to the resource application's authorization server, which validates the trust relationship and issues a scoped access token.
This means the AI agent never sees the user's credentials, the resource app controls what access to grant, and IT administrators can govern the trust relationships centrally.
Relationship to MCP
XAA is now incorporated into the MCP specification as the "Enterprise-Managed Authorization" extension. While MCP defines how agents discover and call tools, XAA adds the identity-aware authorization layer that enterprises require before deploying agents in production.
xaa.dev Playground
xaa.dev is a free, no-signup sandbox for learning and debugging the XAA flow end-to-end. It provides all three roles (requesting app, resource app, identity provider) in-browser, letting developers go from zero to a working token exchange in under 60 seconds. The playground is IdP-agnostic — it teaches the spec, not a specific vendor's implementation.
Why Assess (Not Trial)
XAA has strong momentum:
- Multi-vendor adoption — Okta, Auth0, WorkOS, Descope, and Scalekit all document XAA
- MCP integration — incorporated as the enterprise auth extension in the MCP spec
- IETF standardization — ID-JAG is being formalized as an OAuth grant type
- Developer tooling — xaa.dev playground, Okta sample MCP client on GitHub
But it's not yet Trial because:
- The playground is still in beta
- Production deployments are not widely documented outside Okta's ecosystem
- The IETF draft is not yet an RFC
- Competing approaches (plain OAuth 2.1 with DPoP, GNAP) still have advocates
Key Characteristics
| Aspect | Detail |
|---|---|
| Type | OAuth extension protocol |
| Core mechanism | ID-JAG (Identity Assertion JWT Authorization Grant) |
| MCP integration | Enterprise-Managed Authorization extension |
| Standardization | IETF draft in progress |
| Playground | xaa.dev — free, no signup |
| Primary backer | Okta / Auth0 |
| Open source | Playground is free; spec is open |
Further Reading
- xaa.dev — Open Sandbox for Cross App Access
- Introducing xaa.dev: A Playground for Cross App Access (Okta Developer Blog)
- Build Secure Agent-to-App Connections with XAA (Okta Developer Blog)
- Cross App Access — oauth.net
- Cross App Access extends MCP (Okta Newsroom)
- XAA: The enterprise way to govern AI app integrations (WorkOS)
- The Cross App Access Protocol Makes AI Agents Enterprise-Ready (The New Stack)