Announcing Keycard Support for ID-JAG and Cross-App Access from Okta

Announcing Keycard Support for ID-JAG and Cross-App Access from Okta
Ian Livingstone
Ian Livingstone Announcements
3m read

Today we’re announcing Keycard support for ID-JAG, the Identity Assertion Authorization Grant, the open standard behind Cross-App Access by Okta. ID-JAG joins OAuth, A2A, MCP, and more in the suite of standards Keycard speaks to securely connect agents to the tools and data they need.

Agents act on behalf of users, and increasingly on behalf of other agents too, with or without a human in the loop, across clouds and applications. To reach the tools they need, most borrow access: a human’s login, a shared service account, a static key copied between services. Borrowed access can’t tell one agent from another, or an agent from the person it’s acting for, and it can’t be scoped, governed, or revoked. Agents need an identity of their own.

ID-JAG protocol flow from users and identity providers through Keycard to agents, tools, and services

That’s what Keycard is for: centralizing how you adopt and build agents to automate your software development lifecycle and your business: the products you build and the home-grown agents and workflows that run them. One policy model governs what each agent and the applications it reaches can do, evaluated per session, so the same controls apply whether an agent acts for a person or runs on its own. It works with the identity providers you already run, from Okta and its Cross-App Access implementation to any other provider for users or workloads.

That changes the day-to-day for everyone who builds, secures, and runs agents:

  • Developers building an agent or automating a workflow in your SDLC ship it with scoped access in a few lines, no per-application auth to hand-roll, no tokens or secrets to manage.
  • Security governs every agent the organization builds or buys, across every application it runs: each carries its own identity, access is scoped to the session and revocable in an instant, and every action runs through one auditable policy model you change in one place.
  • The organization moves faster, because security is unblocked and developers build and adopt without authentication and authorization holding them back.

This builds on Keycard for Multi-Agent Apps and Keycard for Coding Agents, which brought that policy to run time. By centralizing identity and access with Keycard, your workflows go secretless: short-lived, identity-bound tokens replace every borrowed credential, and each agent gets exactly the access it needs and nothing more.

API keys defined access for services. OAuth defined it for the web. For agents, it’s delegated identity across every tool they need and Keycard is where you build on it.

Keycard support for ID-JAG is in early access today.

Sign up for early access →

New to Keycard? The Quickstart walks you through installing, opening a session, and issuing your first scoped grant.

Last updated June 23, 2026

Have questions about agent security?

Ask our agent — it's a live Keycard-on-Keycard demo.