AI agent resource connections

After you've created and registered an AI agent in your org, you can define the resource that they can access. For some resource types, you can limit the scopes that are minted into the tokens. To understand which resource types best fits your use case, see Compare AI agent resource types.

You can add resource connections to these resource types. Each resource type has configuration tasks that you must complete before you can connect it to an AI agent:

Resource type	Description	Configuration tasks
Authorization server	Grants the AI agent access to resources that are protected by an Okta custom authorization server.	Create the authorization server that you want to use. See Create an authorization server. Create an access policy for the authorization server that includes the JWT bearer grant type. See Create access policies.
Secret	Uses a static credential for a downstream resource that has been vaulted in Okta Privileged Access.	Configure the vaulted secret that you want to use. See Okta Privileged Access user guide.
Service account	Uses a static credential for an app that's specified in the Universal Directory. This resource is vaulted in Okta Privileged Access.	Add the Okta Privileged Access OIN app to your Okta org. See Set up Okta Privileged Access. Configure the service account that you want to use. See Manage service accounts. Create a project in Okta Privileged Access and assign it to the service account. See Projects and Resource assignment.
Application	Uses OAuth client credentials for a custom or third-party resource server.	Configure the resource server connector for the app that you want to use. See Configure resource server connectors. Or, create a custom resource server. See Add custom resource servers.
MCP server	Grants the AI agent access to resources that are protected by a custom or third-party MCP server.	Add the MCP server that you want to use. See Add MCP servers.

Next step

Connect AI agents to resources