AI agent resource connections
After you've created and registered an AI agent in your org, you can define the resource that they can access. For some resource types, you can limit the scopes that are minted into the tokens. To understand which resource types best fits your use case, see Compare AI agent resource types.
Okta Privileged Access, Identity Security Posture Management (ISPM), and some features are excluded from the Okta for AI Agents - Core SKU, which is the version of Okta for AI Agents available to FedRAMP Moderate and FedRAMP High customers. Okta for AI Agents - Core is not available in Okta for US Military cells. For a current list of features that are excluded from the Okta for AI Agents - Core SKU, see Okta US Public Sector Limitations or Exceptions.
You can add resource connections to these resource types. Each resource type has configuration tasks that you must complete before you can connect it to an AI agent:
| Resource type |
Description |
Configuration tasks |
|---|---|---|
| Authorization server | Grants the AI agent access to resources that are protected by an Okta custom authorization server. |
|
| Secret | Uses a static credential for a downstream resource that has been vaulted in Okta Privileged Access. |
Configure the vaulted secret that you want to use. See Okta Privileged Access user guide.
|
| Service account | Uses a static credential for an app that's specified in the Universal Directory. This resource is vaulted in Okta Privileged Access. |
|
| Application | Uses OAuth client credentials for a custom or third-party resource server. |
Configure the resource server connector for the app that you want to use. See Configure a resource server connector. Or, create a custom resource server. See Add custom resource servers.
|
| MCP server | Grants the AI agent access to resources that are protected by a custom or third-party MCP server. |
Add the MCP server that you want to use. See Add MCP servers.
|
| Connect to another AI agent (Early Access) | Allows other AI agents and apps to call on the AI agent using its own identity. |
|
Next step