IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Okta Becomes Featured Provider for Claude at Scale

Anthropic announced Okta as a featured identity provider supporting their beta program, which enables joint customers; including state agencies, Webflow, HubSpot, and others to leverage Okta to help govern their use of Claude and access to applications from participating MCP providers including Asana, Atlassian, Canva, Figma, Granola, Linear, and Supabase.

This announcement comes at a pivotal moment for government AI adoption. Asstates like California move to make AI responsibly accessible across all government agencies, identity governance has become essential. The partnership between Okta and Anthropic addresses a critical need: enabling government and enterprise organizations to deploy Claude at scale while maintaining the security, compliance, and human oversight that public service demands.

The beta program demonstrates how secure Claude connections can be established when AI tools and downstream resource applications standardize around Cross App Access (XAA). This marks an important milestone for XAA, an open protocol that extends OAuth to secure agent-to-app and app-to-app access and is an official authorization extension within MCP listed under the name "Enterprise Managed Auth."

Why Government Needs Identity Governance for AI


Government agencies face unique challenges when deploying AI tools. State workers need fast access to productivity tools like Claude to draft documents, analyze information, and improve services for constituents. Yet IT leaders must maintain visibility and control ensuring that access is properly scoped, auditable, and can be revoked when employees leave or roles change.

With Okta as the governance layer, government agencies and enterprises can apply identity controls to Claude Enterprise workflows. This enables IT admins to authorize MCP connectors once for their organization, scope access by Okta groups or roles, and revoke access through Okta when users or deployed agents are offboarded.

Key XAA capabilities provided to participating customers, and planned to be available more broadly, include:
  • Centralized authorization: Admins provision and authorize MCP connectors for their organization once, helping reduce fragmented agent configurations and repetitive consent prompts. This is particularly valuable for large government deployments across multiple departments and agencies.
  • Robust access control: Users and their AI agents inherit access to specific MCP connectors based on the existing Okta groups and roles they already belong to. Government workers access only the tools their role requires, maintaining proper oversight and compliance.
  • Automated offboarding: Offboarding flows through Okta's standard revocation path. When a user is deactivated or their agent's role changes, their access to MCP connectors is quickly revoked alongside their other enterprise application permissions essential for government security and audit requirements.
"The industry has seen that when technology ecosystems grow quickly, open standards become critical to helping them scale securely," said Ely Kahn, Chief Product Officer, Okta. "Okta first championed Cross App Access to give organizations a common way to secure AI agent connections, and continuing that work with Anthropic and other partners marks a significant milestone in the journey to broad industry adoption. Together, we're helping drive ecosystem alignment around the standards shaping the AI era."

"Enterprise-managed auth gives MCP the foundation it needs to scale across an enterprise, with Okta as our first identity provider partner," said Mayank Malhotra, Product, Anthropic. "When an admin authorizes a connector once for the whole organization, every employee gets instant access to more of their tools through Claude, governed by the IDP they already trust. We invite MCP developers to support enterprise-managed auth so their connectors are enterprise ready on day one."

AI in Service of People, Not Replacing Them


This partnership reflects a shared commitment to responsible AI deployment. As governments expand access to AI tools, from drafting and summarizing documents to analyzing data and improving citizen services, the focus remains on augmenting human capability, not replacing the human work of government.

State workers across agencies are already seeing the benefits. California's Department of Motor Vehicles is using Claude to improve customer service and lower wait times. The Department of Healthcare Services, the largest Medicaid agency in the country, is leveraging Claude for internal workflows to better assist recipients. State cybersecurity teams are using Claude for threat detection and code remediation. And agencies are building custom tools like Poppy, designed by state workers for state workers, with pre-built queries tailored to common government business needs.

By adding Okta's identity layer, government agencies can scale these implementations confidently, knowing that access is controlled, audited, and compliant with their security and privacy requirements.

Where It Began: XAA Extends MCP with Enterprise-Grade Authorization


Enterprise and government AI workflows are becoming more tool-rich, a shift driven in part by MCP. AI agents work across hundreds or thousands of tools, from developer systems and deployment pipelines to messaging, project management, documentation, and databases.

Yet agent access too often relies on static credentials, unmanaged consent prompts, or one-off approvals that are difficult for IT and security teams to manage. Every connection needs to be visible, authorized, and scoped while the user experience remains seamless.

In June 2025, XAA was introduced to help solve this challenge: extending identity governance to AI agents and applications as they connect to business tools, data, and systems, and improving the end-user experience by reducing repetitive authorization consent screens.

With XAA, organizations can bring agent-to-app and app-to-app access inside the identity perimeter by making the identity provider the control point. Instead of users handling the connection between an AI tool and a business application, the tool can request access through the identity provider. Okta, for example, can evaluate the request against enterprise policy, issue a scoped token when appropriate, and log the access event.

In September 2025, XAA was adopted by the OAuth working group, and in November 2025 was incorporated within MCP to provide the missing authorization layer. This extended XAA's reach to power identity and authorization across the entire ecosystem of MCP-connected AI tools.

What's Next: A Broader Commitment to Secure AI Deployment


This XAA work addresses one of the core questions in secure AI deployment: what can agents connect to? However, Okta's broader work with Anthropic helps organizations further advance their implementation by addressing where agents are and who has visibility and control.

Okta for AI Agents can now import Claude Managed Agents and register them within Universal Directory, enabling organizations to assign human owners and enforce centralized policies. This capability is particularly valuable for government agencies managing Claude deployments across multiple departments and ensuring accountability for AI system usage.

Okta is also supporting secure enterprise and government AI deployment by securing the identities that interact with these tools. Through an integration between Okta Identity Security Posture Management and the Claude Compliance API, security teams gain centralized visibility and the ability to remediate identity risks, dormant accounts, and misconfigurations within Claude Enterprise. For government agencies managing sensitive citizen data and subject to strict compliance requirements, this integration provides the audit trail and oversight needed for responsible AI deployment.

To strengthen Okta's infrastructure that supports AI systems, Okta is part of Anthropic's Project Glasswing, leveraging Claude Mythos Preview to accelerate vulnerability discovery.

Supporting the Future of Government Technology


As government agencies across the country look to responsibly adopt AI, identity governance will be essential. Okta's partnership with Anthropic ensures that when agencies procure Claude through shared services platforms or make AI tools available to their workforce, they can do so with confidence—knowing that access is controlled, transparent, and aligned with their mission to serve citizens effectively.
The combination of centralized authorization, robust access controls, and automated offboarding enables IT teams to focus on what matters: helping government workers move faster, solve problems more effectively, and deliver better results for the people they serve.

Any mention in this article of solutions, features, functionalities, certifications, authorizations, or attestations that are not currently generally available or have not yet been obtained may not be delivered or obtained on time or at all. We assume no obligation to deliver on such items and you should not rely on them to make your purchase decisions.

About Okta

Okta, Inc. is The World's Identity Company™. We secure AI, machine, and human identity so everyone is free to safely use any technology. Our customer and workforce solutions empower businesses and developers to protect their AI agents, users, employees, and partners while driving security, efficiencies, and innovation. Learn why the world's leading brands trust Okta for authentication, authorization, and more at okta.com.
Okta, Inc. is The World’s Identity Company™. We secure identity, so everyone is free to safely use any technology. Our customer and workforce solutions empower organizations and developers to use the power of identity to drive security, efficiencies, and success. Learn why the world’s leading brands trust Okta at okta.com.