Okta becomes an Official Partner of the McLaren Formula 1 Team Okta becomes an Official Partner of the McLaren Formula 1 Team Learn more →
+44 (800) 368-8930 Chat with Sales Search

New Auth0 Platform innovations help developers secure GenAI applications with Identity for AI agents

09 April 2025

LONDON – April 9, 2024 – Okta, Inc. (NASDAQ: OKTA), the leading independent Identity partner, today announced the availability of Auth for GenAI in Developer Preview, as part of the Auth0 Platform, a suite of features that enable developers to integrate secure identity into GenAI applications, helping ensure AI agents have built-in authentication, fine-grained authorization, async workflows, and secure API access. Through other new capabilities, developers can better meet enterprise app requirements and deliver seamless experiences that address the expectations of today’s end users. 

Why it Matters:

  • As LLMs become increasingly commoditized, with more widely available, cost-effective models and open-source AI frameworks emerge to rival proprietary systems, AI agents will become commonplace quicker than expected. This is in addition to LLMs making it possible for anyone to program in natural language. 

  • Despite AI agents' ability to connect with more layers of data than LLMs alone, security remains an afterthought. To keep up with the pace of innovation, developers are wholly focused on functionality, often moving forward with insecure implementations or defaulting to postponing or canceling their AI agent projects altogether.

  • Authorization is being frequently overlooked. Agents are connecting to APIs with integrations that aren’t optimized for AI-driven access, and email or push notifications triggered to approve sensitive actions are being implemented with minimal security controls. 

  • Regardless of what frameworks developers choose to build on top of, without a purpose-built security approach, these gaps leave AI agents vulnerable to unauthorized access, data exposure, and other prevalent LLM risks¹. 

  • Outside of securely building GenAI applications, developers are also being tasked with ensuring their B2B SaaS applications meet the more stringent requirements of enterprise buyers, while also delivering seamless and contextualized experiences for end users.

“This explosion of AI-powered assistants that can answer complex questions, automate workflows, and take actions on behalf of users is undoubtedly exciting. However, it can be challenging to add security effectively once deployed,” said Shiven Ramji, President of Auth0, at Okta. “With Auth for GenAI, developers can help ensure that AI agents are built with secure authentication and authorization from their inception, granting access only to what’s necessary and preventing misuse.”

Secure Identity in GenAI Applications with a Seamless Developer Experience

AI agents are being granted access to systems without the right identity controls, creating security blind spots and risk. Traditional authentication methods weren’t built for AI-driven applications, leaving gaps in control and accountability. Developers need to ensure AI agents authenticate users, interact with other apps on the user’s behalf, use asynchronous interactions, and consider user permissions when accessing data. 

What’s the Latest – Auth for GenAI

Now available in Developer Preview, Auth for GenAI enables developers to meet the identity requirements to build secure agentic apps and seamlessly integrate with the broader GenAI ecosystem. Auth for GenAI also integrates with popular AI frameworks like Langchain, Llamaindex, Google GenKit, and Vercel.ai, giving developers greater flexibility and efficiency in building and deploying AI-powered applications. Features include: 

  • User Authentication: To operate securely, AI agents must authenticate users, just like any other application, ensuring they confirm the user's identity before granting access or taking specific actions. With Auth for GenAI, developers can build a secure and seamless experience for AI agents to authenticate users.

  • Token Vault: AI Agents interact with applications on behalf of users through APIs, not user interfaces. Without strong identity controls, AI agents could access APIs they shouldn’t, leak sensitive data to unauthorized sources, or be unable to perform tasks. With the Token Vault, AI agents can securely connect to tools like Gmail and Slack using OAuth 2.0 for token management while also automatically handling token refreshes and exchanges.

  • Asynchronous Authorization:  AI agents don’t always complete tasks instantly, with some actions—like data processing, transaction approvals, or decision-making—taking minutes, hours, or even days. Async authorization triggers human-in-the-loop approval, allowing humans to supervise and approve or reject sensitive actions when away from the chatbot. 

Fine Grained Authorization for RAG: Not every AI agent should have the same permissions. Some should only retrieve data, others should execute commands, and some should make high-risk decisions—like approving a loan or processing a refund. With Auth0 Fine Grained Authorization for retrieval augmented generation (RAG), agents will only retrieve documents that users have access to, dynamically updating to reflect changing business rules, compliance requirements, and risk levels.

Asynchronous Authorization (Auth for GenAI)

 

Build Enterprise-Ready Apps that Meet Critical Identity Requirements

To move upmarket, B2B SaaS developers need to ensure the core app features meet the needs of enterprise buyers. This includes satisfying a long list of critical identity requirements, such as supporting the latest security protocols and identity standards, automating user provisioning and deprovisioning and, enabling delegated administration. 

What’s New – Enterprise Ready Customer Identity 

Enterprise Ready Customer Identity is a suite of new and existing enterprise-differentiating identity and access management capabilities. It provides a faster, more efficient, and cost-effective way to meet key enterprise requirements. Features include: 

  • Auth0’s comprehensive self-service capabilities to help reduce developer burden by streamlining identity management and delegating core admin tasks to their business customers.

  • Auth0 Universal Logout provides out-of-the-box user session and token revocation for enterprise-grade security, mitigating risks across the app ecosystem without building and maintaining custom global token revocation endpoints.

  • Auth0 Organizations helps manage business customers at scale with branded, federated login flows tailored to each business's unique needs, supporting up to 2 million business customers within a single Auth0 tenant. 

  • Auth0 Fine Grained Authorization enables user collaboration and access control with granularity, all with easy-to-use APIs. 

Universal Logout in Auth0 

 

Improve User Experiences While Strengthening Security

Modern digital experiences are raising customer expectations and redefining what businesses must deliver to remain competitive. Businesses need to show that they understand their customers’ unique needs by personalizing their offers, providing ease of use across all channels, and proving they can protect their data. 

What’s New – Auth0 Platform: Innovations for Secure Experiences

Through new enhancements to the Auth0 platform, organizations can deliver seamless, trusted customer experiences before, at, and after login. Innovations include:

  • Before login: Tenant Access Control – Control who can access an app — and how. Organizations can set rules that determine whether users can access the app, get blocked, or get redirected, and they can do this all before the user ever reaches the login screen. 

  • At login: Advanced Customization for Universal Login – The next evolution of Universal Login customization lets organizations tailor every detail — down to the last pixel — to match their brand and user experience goals. 

  • After login: 

    • FAPI 2 Certification expected Q2 2025 – Advanced API Security to help protect customer privacy and secure transactions. 

    • CIBA now in GA  – Client systems like call centers, kiosks, or AI agents can start the login process for customers — securely and seamlessly.  

    • Native to Web SSO – Create a smoother customer journey by enabling users to move from mobile apps to web apps without logging in again. 

Client-Initiated Back Channel Authentication (CIBA)

¹2025 Top 10 Risks & Mitigations for LLMs and GenAI Apps, OWASP, 2025. 

Disclaimer: Any products, features, functionalities, certifications, authorizations, or attestations referenced in this material that are not currently generally available or have not yet been obtained or are not currently maintained may not be delivered or obtained on time or at all. Product roadmaps do not represent a commitment, obligation or promise to deliver any product, feature, functionality, certification or attestation and you should not rely on them to make your purchase decisions.

 

About Okta

Okta, Inc. is The World’s Identity Company™. We secure Identity, so everyone is free to safely use any technology. Our customer and workforce solutions empower businesses and developers to use the power of Identity to drive security, efficiencies, and success — all while protecting their users, employees, and partners. Learn why the world’s leading brands trust Okta for authentication, authorization, and more at okta.com.

Media Contact:
Kyrk Storer
press@okta.com

Get our Identity newsletter

Let the headlines come straight to you with Access Granted — a monthly edition of Okta announcements, expert perspectives, analysis, and more.

Subscribe for free
Okta newsletter image