One SSO Login Unlocks All MCP Servers via XAA
Cross-App Access (XAA) uses IDJAG tokens from IDPs like Okta to exchange a single SSO login for short-lived access tokens across MCP servers, eliminating repeated OAuth consents and improving IT visibility/security.
Eliminate Repeated OAuth Consents with Trusted SSO
Current MCP setups force users to endure OAuth consent screens for every server (e.g., Figma, Notion in Cursor or Claude), leading to dozens of logins per team. This stems from OAuth's assumption that apps don't trust each other, ignoring enterprise SSO via IDPs like Okta or Entra ID. IT teams lose visibility: they can't track MCP server usage, block unapproved AI agents (e.g., Cursor vs. DeepSeek), or revoke lingering access tokens/refresh tokens (lasting days/weeks/months) during incidents like the npm Axios breach. Onboarding remains manual despite auto-config, and offboarding leaves standing access outside IDP control.
Cross-App Access (XAA) fixes this by establishing three-way trust: MCP client (e.g., Claude Code), MCP server (e.g., Figma), and IDP (e.g., Okta). Users log in once via SSO (daily/weekly per policy), gaining an ID token + refresh token. The client then requests an Identity JWT Authorization Grant (IDJAG) token from the IDP, specifying the target audience (e.g., mcp.figma.com). IDP verifies user membership in both apps and issues the IDJAG. Client exchanges it at MCP server's auth endpoint for a standard OAuth access token (~5 minutes expiry). Token expiry triggers automatic refresh via IDJAG—no user intervention, no consents. Revocation propagates instantly: expired tokens can't renew without active SSO.
Streamline Setup Across Roles
IT Admin: In Okta's manage connections portal, link apps (e.g., grant Cursor access to Figma). Users must belong to both; policies apply as usual. Supports OIDC now, SAML soon; Entra ID support pending.
MCP Client (e.g., Cursor/Claude): Integrate XA-compatible SSO. Request IDJAG with audience URL, exchange at server, then use standard MCP OAuth flow. WorkOS handles this for Anthropic/Cursor.
MCP Server: Announce IDJAG support via new JWT bearer type in discovery. Accept/verify IDJAG against IDP (standard JWT validation), then issue access token. No new credential types.
This maintains your Figma permissions (auth, not scoped auth yet—future extension planned). Client knows target via configured audience; scopes must match OIDC requests.
Boost Security and Agent Identity
Short-lived tokens + IDP session tie-in exceed OAuth security: no long-term refresh tokens outside IT view. Enables agent-wide identity beyond MCP—e.g., IT controls AI tool access centrally. Handles ecosystem fragmentation (DCR/CIMD support varies; pre-register non-DCR clients). Read IDJAG spec or use Claude to grok it; WorkOS blog details implementation.