Cross App Access (XAA): The enterprise way to govern AI app integrations

Cross App Access (XAA) is an OAuth 2.0 extension designed to address the shadow IT problem by enhancing enterprise governance over app-to-app connections, particularly in contexts involving AI applications. Traditionally, when an AI app connected to a tool like Asana or Zendesk, the OAuth handshake bypassed the enterprise Identity Provider (IdP), leading to compliance challenges and visibility gaps for IT administrators. XAA solves this by incorporating the IdP into the OAuth process, allowing centralized control over app permissions without additional user consent steps. This extension is based on the Identity Assertion JWT Authorization Grant (ID-JAG) specification, which enables the IdP to issue a short-lived identity assertion that verifies the app's permissions to act on behalf of a user at a resource app. By shifting the approval and governance responsibilities to the IdP, XAA provides enterprises with visibility into app-to-tool delegations, centralized management of approvals and revocations, and a more streamlined rollout process for AI integrations, aligning with modern enterprise security and procurement needs.