The MintMCP BlogMCP
Jiquan Ngiam
Jiquan Ngiam
June 23, 2026

Okta partners with MintMCP to govern how agents connect to enterprise apps

Okta partners with MintMCP to govern how agents connect to enterprise apps
Skip to main content

Most AI agents reach enterprise applications the same way: a static API key or a long-lived token pasted into a config file. That credential rarely rotates, carries broad scope, and gives no clean way to tell which agent used it or to cut off access. As teams move from a handful of experiments to agents acting on behalf of real users, IT and security need a way to scope, audit, and revoke agent access without slowing every project down. The exposure is already showing up: a survey of more than 900 practitioners found that 88% of organizations have seen confirmed or suspected AI agent security incidents, and IBM reports that 97% of organizations hit by an AI-related breach lacked proper AI access controls.

Today, Okta and MintMCP are officially partnering on Cross App Access (XAA), Okta's new approach to securing how AI agents connect to applications. MintMCP is one of 25+ launch partners adopting it. For enterprises already running MintMCP to deploy MCP servers and agents, the partnership means MintMCP can tie those agent connections to the same Okta identity and policies that secure the rest of your workforce.

What it means for enterprises deploying MCP and agents

With XAA, MintMCP can authorize agent connections against Okta identity and policy instead of static keys, while its gateway keeps governing which MCP servers and tools an agent reaches. The controls you already run for employees now extend to the agents acting on their behalf, and the people those agents work for stop signing into the same apps over and over. For teams putting MCP servers and agents into production, that changes a few things:

  • Security teams can limit and revoke access: each connection runs on scoped, short-lived tokens instead of standing API keys, and every XAA-governed connection is logged against an identity, so you can see which agent reached what, under whose authority, and cut off access when something looks wrong.
  • Users sign in once, not once per app: use an AI assistant like Claude with MCP servers today and each downstream app needs its own login, so you OAuth into one, then the next, then the next. Routing through MintMCP, you authenticate once and the agent gets scoped access to those apps on your behalf, no repeated sign-ins, and that holds for any AI system on the gateway, not just Claude but Cursor, ChatGPT, Copilot, and the rest.
  • Agent access follows your Okta policies: the gateway authorizes connections against the identity-based rules you already maintain, so you extend existing governance to agents rather than building a separate one for AI.
  • Security review starts with identity and audit already covered: when identity and audit run through Okta and MintMCP, security review can focus on app-specific scopes and exceptions instead of rebuilding the governance model.

Because Cross App Access is built on OAuth, it works with the identity controls you already run rather than adding a proprietary layer to adopt and maintain.

"Cross App Access is the result of a massive, two-year collaborative effort within the OAuth working group to ensure secure, revocable agent delegation. At Okta, we are proud to have helped champion this new open standard, and we're thrilled to see MintMCP among the very first to bring it to production for enterprises deploying MCP across their org."

Aaron Parecki, Director of Identity Standards at Okta

How MintMCP fits

MintMCP is the gateway and control plane for agent traffic. As requests pass through custom agents, MCP servers, and orchestration layers, our gateway governs which servers an agent can reach and which tools it can call, gives each agent its own identity through agent identities, and logs every call for audit. That is our own policy and governance engine, and it runs independently of Okta.

"Agents should not directly impersonate a user, and users should not have to sign in twice just to let an agent help them. With the Cross App Access protocol, MintMCP's gateway can give each agent its own identity while it acts on behalf of a real user. That means security teams can limit and revoke access, and users stay out of the repeat login loop."

Jiquan Ngiam, Co-founder and CEO at MintMCP

Cross App Access connects that control plane to Okta. Instead of static keys, agent connections are authorized against your Okta identity and policies, so MintMCP's MCP-level governance and the identity controls you already run work together on the same connection.

Where Cross App Access fits

XAA is one piece of what Okta calls the blueprint for the secure agentic enterprise, a framework built on three questions: where are my agents, what can they connect to, and what can they do. Cross App Access answers the second. It pairs with work we've already shipped: agent identities give each agent its own credentials and scoped permissions, and the MintMCP gateway governs which tools an agent can call and records every call.

Availability

Cross App Access support is available to MintMCP customers running Mint with Okta. If that's your setup, reach out and we can walk through how it fits.

To go deeper, join our fireside chat with Aaron Parecki of Okta on giving AI agents safe access to enterprise apps.

MintMCP Agent Activity Dashboard

Ready to get started?

See how MintMCP helps you secure and scale your AI tools with a unified control plane.

Sign up