ID-JAG helps AI agents authenticate On June 18, 2026, MCP launched enterprise-managed authorization using ID-JAG, an OAuth extension that lets identity providers like Okta issue scoped, short-lived tokens for AI agents to access third-party APIs without individual user consent. This gives organizations centralized control and visibility over agent API integrations, with initial support in Claude, VS Code, and apps like Asana and Salesforce. AI agents need access to third-party APIs to act on a user’s behalf. So far, that access is mostly approved by the users themselves, clicking “Allow” on an OAuth screen for every API. In an organization where many people use the same agent, each user has to authorize every API. This doesn’t scale. Organizations already control which apps their employees can use, and they want the same control and visibility over the API integrations their agents rely on. ID-JAG gives them that by moving the decision from the user to the organization’s identity provider IdP . On June 18, 2026, MCP shipped enterprise-managed authorization https://blog.modelcontextprotocol.io/posts/enterprise-managed-auth/ , and the OAuth extension behind it, ID-JAG, went from something conceptual to running in Claude, VS Code, and popular SaaS apps. What is ID-JAG? ID-JAG https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/ stands for Identity Assertion JWT Authorization Grant. It lets your identity provider IdP , like Okta, give an AI agent a scoped, short-lived token for another app’s API, like Salesforce, without sending every user through a consent screen or handing the agent a long-lived API key. It does not invent a new protocol. It chains two that already exist: OAuth token exchange https://datatracker.ietf.org/doc/html/rfc8693 to get the ID-JAG from your IdP, and the JWT bearer grant https://datatracker.ietf.org/doc/html/rfc7523 to trade it for a real access token at the target app. The ID-JAG itself is a signed token a JWT that says, in effect: this app can get a token for that API, on behalf of this user, with these scopes. Okta’s implementation of it is called Cross-App Access XAA https://developer.okta.com/blog/2025/09/03/cross-app-access . How it works Without ID-JAG, every user connects every app themselves. A thousand employees using an AI assistant that reaches Salesforce means a thousand trips through Salesforce’s consent screen, one per person. Each grant is between that employee and Salesforce, so the company has no central control over which agents reach which apps, and nowhere to revoke it all at once. ID-JAG moves that decision to the identity provider. The agent never asks the user to approve anything. It asks the IdP, which already knows what each employee is allowed to use: - The user signs in to the agent through their normal SSO, and the IdP issues an ID token. - The agent sends that ID token back to the IdP and asks for access to a specific app. The IdP checks the org’s policy: can this person, through this agent, reach Salesforce? - The IdP returns the ID-JAG, a signed token naming the agent, the user, and the app it is good for. - The agent presents the ID-JAG to Salesforce, which confirms the trusted IdP signed it and returns an access token. - The agent calls the API with that token. The request in step 2 is a token exchange with the IdP: POST /token grant type=urn:ietf:params:oauth:grant-type:token-exchange requested token type=urn:ietf:params:oauth:token-type:id-jag subject token=