Subscribe
Sectors
Companies
About
  • Home
  • /
  • Software
  • /
  • New Auth0 Platform innovations help developers secure GenAI applications with identity for AI agents

New Auth0 Platform innovations help developers secure GenAI applications with identity for AI agents

Issued by ITWeb Security Summit
Johannesburg, 25 Apr 2025
AI-powered assistants in the spotlight.
AI-powered assistants in the spotlight.

Okta (NASDAQ: OKTA), which positions itself as the leading independent identity partner, today announced the availability of Auth for GenAI in Developer Preview, as part of the Auth0 Platform, a suite of features that enable developers to integrate secure identity into GenAI applications, helping ensure AI agents have built-in authentication, fine-grained authorisation, async workflows and secure API access. Through other new capabilities, developers can better meet enterprise app requirements and deliver seamless experiences that address the expectations of today’s end-users.

Why it matters:

  • As LLMs become increasingly commoditised, with more widely available, cost-effective models and open source AI frameworks emerge to rival proprietary systems, AI agents will become commonplace quicker than expected. This is in addition to LLMs making it possible for anyone to program in natural language.
  • Despite AI agents' ability to connect with more layers of data than LLMs alone, security remains an afterthought. To keep up with the pace of innovation, developers are wholly focused on functionality, often moving forward with insecure implementations or defaulting to postponing or cancelling their AI agent projects altogether.
  • Authorisation is being frequently overlooked. Agents are connecting to APIs with integrations that aren’t optimised for AI-driven access, and e-mail or push notifications triggered to approve sensitive actions are being implemented with minimal security controls.
  • Regardless of what frameworks developers choose to build on top of, without a purpose-built security approach, these gaps leave AI agents vulnerable to unauthorised access, data exposure, and other prevalent LLM risks.(1)
  • Outside of securely building GenAI applications, developers are also being tasked with ensuring their B2B SaaS applications meet the more stringent requirements of enterprise buyers, while also delivering seamless and contextualised experiences for end-users.

“This explosion of AI-powered assistants that can answer complex questions, automate workflows and take actions on behalf of users is undoubtedly exciting. However, it can be challenging to add security effectively once deployed,” said Shiven Ramji, President of Auth0 at Okta. “With Auth for GenAI, developers can help ensure that AI agents are built with secure authentication and authorisation from their inception, granting access only to what’s necessary and preventing misuse.”

Secure identity in GenAI applications with a seamless developer experience

AI agents are being granted access to systems without the right identity controls, creating security blind spots and risk. Traditional authentication methods weren’t built for AI-driven applications, leaving gaps in control and accountability. Developers need to ensure AI agents authenticate users, interact with other apps on the user’s behalf, use asynchronous interactions and consider user permissions when accessing data.

What’s the latest – Auth for GenAI

Now available in Developer Preview, Auth for GenAI enables developers to meet the identity requirements to build secure agentic apps and seamlessly integrate with the broader GenAI ecosystem. Auth for GenAI also integrates with popular AI frameworks like Langchain, Llamaindex, Google GenKit and Vercel.ai, giving developers greater flexibility and efficiency in building and deploying AI-powered applications. Features include:

  • User authentication: To operate securely, AI agents must authenticate users, just like any other application, ensuring they confirm the user's identity before granting access or taking specific actions. With Auth for GenAI, developers can build a secure and seamless experience for AI agents to authenticate users.
  • Token Vault: AI agents interact with applications on behalf of users through APIs, not user interfaces. Without strong identity controls, AI agents could access APIs they shouldn’t, leak sensitive data to unauthorised sources or be unable to perform tasks. With the Token Vault, AI agents can securely connect to tools like Gmail and Slack using OAuth 2.0 for token management, while also automatically handling token refreshes and exchanges.
  • Asynchronous authorisation: AI agents don’t always complete tasks instantly, with some actions – like data processing, transaction approvals or decision-making – taking minutes, hours or even days. Async authorisation triggers human-in-the-loop approval, allowing humans to supervise and approve or reject sensitive actions when away from the chatbot.

Fine Grained Authorization for RAG: Not every AI agent should have the same permissions. Some should only retrieve data, others should execute commands and some should make high-risk decisions – like approving a loan or processing a refund. With Auth0 Fine Grained Authorization for retrieval augmented generation (RAG), agents will only retrieve documents that users have access to, dynamically updating to reflect changing business rules, compliance requirements and risk levels.

Asynchronous authorisation (Auth for GenAI).
Asynchronous authorisation (Auth for GenAI).

Build enterprise-ready apps that meet critical identity requirements

To move upmarket, B2B SaaS developers need to ensure the core app features meet the needs of enterprise buyers. This includes satisfying a long list of critical identity requirements, such as supporting the latest security protocols and identity standards, automating user provisioning and de-provisioning, and enabling delegated administration.

What’s new – Enterprise Ready Customer Identity

Enterprise Ready Customer Identity is a suite of new and existing enterprise-differentiating identity and access management capabilities. It provides a faster, more efficient and cost-effective way to meet key enterprise requirements. Features include:

  • Auth0’s comprehensive self-service capabilities to help reduce developer burden by streamlining identity management and delegating core admin tasks to their business customers.
  • Auth0 Universal Logout provides out-of-the-box user session and token revocation for enterprise-grade security, mitigating risks across the app ecosystem without building and maintaining custom global token revocation endpoints.
  • Auth0 Organizations helps manage business customers at scale with branded, federated login flows tailored to each business's unique needs, supporting up to 2 million business customers within a single Auth0 tenant.
  • Auth0 Fine Grained Authorization enables user collaboration and access control with granularity, all with easy-to-use APIs.
Universal Logout in Auth0.
Universal Logout in Auth0.

Improve user experiences while strengthening security

Modern digital experiences are raising customer expectations and redefining what businesses must deliver to remain competitive. Businesses need to show that they understand their customers’ unique needs by personalising their offers, providing ease of use across all channels and proving they can protect their data.

What’s new – Auth0 Platform: Innovations for secure experiences

Through new enhancements to the Auth0 Platform, organisations can deliver seamless, trusted customer experiences before, at and after login. Innovations include:

  • Before login: Tenant access control – control who can access an app – and how. Organisations can set rules that determine whether users can access the app, get blocked or get redirected, and they can do this all before the user ever reaches the login screen.
  • At login: Advanced customisation for universal login – the next evolution of Universal Login customisation lets organisations tailor every detail – down to the last pixel – to match their brand and user experience goals.
  • After login:
  • FAPI 2 Certification expected Q2 2025 – advanced API security to help protect customer privacy and secure transactions.
  • CIBA now in GA – client systems like call centres, kiosks or AI agents can start the login process for customers – securely and seamlessly.
  • Native to Web SSO – create a smoother customer journey by enabling users to move from mobile apps to web apps without logging in again.
Client-Initiated Back Channel Authentication (CIBA).
Client-Initiated Back Channel Authentication (CIBA).

(1) 2025 Top 10 Risks & Mitigations for LLMs and GenAI Apps, OWASP, 2025.

Disclaimer: Any products, features, functionalities, certifications, authorisations or attestations referenced in this material that are not currently generally available or have not yet been obtained or are not currently maintained may not be delivered or obtained on time or at all. Product roadmaps do not represent a commitment, obligation or promise to deliver any product, feature, functionality, certification or attestation and you should not rely on them to make your purchase decisions.

About Okta

Okta is 'The World’s Identity Company'. It secures identity, so everyone is free to safely use any technology. Okta's customer and workforce solutions empower businesses and developers to use the power of identity to drive security, efficiencies and success – all while protecting their users, employees and partners. Learn why the world’s leading brands trust Okta for authentication, authorisation and more at okta.com.

Media contact:

Kyrk Storer

press@okta.com

Share