Okta Extends Workforce Security to AI Employees

Organisations are adding AI agents to their workforces at speed, with Okta's AI Agents at Work market report finding that 92% of executives report moderate or widespread use of AI agents within their organisations.

However, only 34% of organisations apply the same security controls to these digital workers as they do to human employees. This gap could create vulnerabilities as automated tools access sensitive systems and data alongside human colleagues.

As AI agents operate autonomously – making decisions and taking actions across multiple systems without direct human oversight in real time – lacking property identity governance can lead to organisations facing risks including unauthorised data access, compliance violations and potential breaches that may go undetected until significant damage occurs.

Okta is expanding its work with Google Cloud to address these challenges.

The collaboration combines identity, cloud and productivity solutions to extend governance across human and automated workers, with the partnership reflecting the growing recognition that workforce security frameworks must evolve to accommodate both traditional employees and the AI agents working alongside them.

Governing digital workforce identities

According to Vineet Bhan, Director and Global Head of Security and Identity ISV Partnerships at Google Cloud, the partnership aims to create a consistent security layer across platforms.

He says: "Together with Okta, we're extending that foundation across Google Cloud – so customers can confidently deploy AI agents in production, govern how they interact with critical systems and maintain strong protection across the browser."

Auth0 for AI Agents now integrates directly with the Agent Runtime on the Gemini Enterprise Agent Platform, providing identity and access controls without requiring custom coding removing technical barriers that previously slowed secure agent deployment.

Developers can embed several core features into their workflows, such as user authentication, which verifies that only authenticated users can invoke an agent, ensuring digital workers operate under human authority. 

Human-in-the-loop workflows can also trigger human approval checkpoints for high-risk actions while agents work in the background. This maintains oversight for sensitive operations such as financial transactions or data deletions whilst allowing agents to handle routine tasks independently.

Fine-Grained Authorisation ensures that agents perform only the specific actions a user is permitted to take, preventing privilege escalation, while Auth for MCP adds authentication and authorisation to any Model Context Protocol server, extending security controls across different agent frameworks.

Managing browser-based work environments

Session hijacking has seen a 127% year-over-year increase as threat actors focus on stealing post-auth session tokens stored directly in the browser.

Modern work is taking place within web browsers, which creates new attack surfaces that traditional perimeter security cannot adequately protect.

As browsers have become the primary interface for accessing cloud applications, collaboration tools and AI services, they have become attractive targets for attackers seeking to compromise multiple systems through a single entry point.

Okta and Chrome Enterprise are configuring browsers to function as policy-enforced work environments, protecting applications, data and gen AI use on both managed and unmanaged devices, addressing the reality that employees access work resources from personal computers, tablets and smartphones.

The Chrome Enterprise Universal Enrollment feature enables IT teams to enforce enterprise-grade policies through managed Chrome profiles on any device. This is available through the Okta Integration Network and functions without requiring identity synchronisation to Google, simplifying deployment for organisations with complex identity infrastructures.

Ely Kahn, CPO at Okta, says: "Organisations shouldn't have to choose between the AI and productivity tools their teams want and the security their business requires. Okta and Google are a natural fit because we pair Google's leading product suite with an identity layer that can work across the entire modern, AI-powered work stack."

Addressing vendor lock-in concerns

Approximately 62% of IT executives view vendor lock-in as a strategic risk, with platform interoperability remains a priority for technology leaders managing diverse tool sets across departments and business units.

Device trust enhancements can integrate Okta Device Assurance with the Chrome Device Trust Connector to evaluate browser and device posture in real time. New antivirus signals allow Chrome to block logins at the browser level if a device has out-of-date protection, preventing compromised endpoints from accessing corporate resources.

Okta for AI Agents also integrates with the wider Gemini Enterprise Agent Platform, to ensure all automated tools possess a verified identity. The upcoming capabilities will continuously import agents into a centralised directory to maintain human accountability whilst routing external requests through a real-time policy enforcement point.

Employees can access work applications, including Google Workspace, through a centralised Okta identity dashboard. This approach applies consistent security policies across expanding digital workforces whilst giving IT teams visibility into both human and agent activity.