Cross-App Access (XAA)

aid: okta:okta-cross-app-access
name: Cross-App Access (XAA)
description: Cross-App Access is Okta's emerging OAuth profile for secure agent-to-app and app-to-app
  authorization, based on the IETF draft "OAuth Identity Assertion Authorization Grant" (ID-JAG, draft-ietf-oauth-identity-assertion-authz-grant).
  It lets an Identity Provider mint an identity assertion that downstream resource applications can exchange
  for a scoped access token, eliminating long-lived unmanaged credentials between AI agents and SaaS apps.
  Okta operates xaa.dev as a public sandbox for testing requesting and resource application implementations.
humanURL: https://xaa.dev/
baseURL: https://xaa.dev
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- Cross-App Access
- AI Agents
- OAuth
- ID-JAG
- Authorization
properties:
- type: Documentation
  url: https://xaa.dev/
- type: Specification
  url: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-identity-assertion-authz-grant
- type: Sandbox
  url: https://xaa.dev/
- type: Blog
  url: https://developer.okta.com/blog/2026/01/20/introducing-xaadev-a-playground-for-cross-app-access
- type: Blog
  url: https://developer.okta.com/blog/2026/02/10/make-secure-app-to-app-connections-using-cross-app-access