Connect an AI agent to an authorization server

Early Access release

If your org uses authorization servers to protect its resources, you can create a managed connection for this resource type. Okta authorization servers use Cross App Access to manage resource security, and are the recommended choice for securing AI agents. See Configure Cross App Access.

When you configure the authorization server, remember to create an access policy that has the JWT bearer grant type. This is required for Cross App Access to work.

Before you begin

• You have the super admin role.
• You've registered an AI agent in your org. See Register an AI agent.
• You've configured the authorization server that you want to use. See Create an authorization server.
• The authorization server has an access policy for the AI agent that includes the JWT bearer grant type. See Create access policies.

Start this task

1. In the Admin Console, go to DirectoryAI Agents.
2. Select a registered AI agent.
3. Select the Managed connections tab.
4. Click Add connection. The Add connection page opens.
5. Select the Authorization server resource type.
6. Select an authorization server from the dropdown list. The Select AI agent scopes section appears.
7. To grant all available scopes to the AI agent, select Allow all from the dropdown menu. Or, select Only allow or Disallow and enter the scopes that you want to grant or deny the AI agent.
8. Click Add. On the Managed connections tab, the authorization server appears as a connected resource.

Related topics

Connect an AI agent to a secret

Connect an AI agent to a service account

Edit or remove a managed connection