Skip to content

Commit d9d4601

Browse files
committed
fix navigation and couple of links
1 parent b5e9e96 commit d9d4601

4 files changed

Lines changed: 15 additions & 16 deletions

File tree

main/config/navigation/secure.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -332,7 +332,7 @@
332332
{
333333
"group": "XAA IdP Setup",
334334
"pages": [
335-
"docs/secure/call-apis-on-users-behalf/xaa/idp/manage-xaa-in-okta",
335+
"docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp",
336336
"docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-saml-idp",
337337
"docs/secure/call-apis-on-users-behalf/xaa/idp/federate-with-enterprise-idp"
338338
]

main/docs/secure/call-apis-on-users-behalf/xaa.mdx

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,6 @@ import { ReleaseStageNotice } from "/snippets/ReleaseStageNotice.jsx"
1313
terms="true"
1414
/>
1515

16-
<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
17-
18-
This guide assumes you use Okta as your enterprise identity provider (IdP) and have administrative access to an Okta tenant you can use for testing. If you don’t have one, read [Create and configure your Okta tenant](/docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp#create-and-configure-your-okta-tenant).
19-
20-
</Callout>
21-
2216
Connecting third-party apps and AI agents in an enterprise creates two key problems: poor IT visibility into data sharing and repetitive consent flows for users.
2317

2418
Cross App Access (XAA) addresses these challenges by allowing IT admins to centrally define access controls for how SaaS applications, like AI agents, connect on a user's behalf. Admins manage these connections in a central dashboard, like the Okta Admin Console, which eliminates disruptive OAuth consent prompts for end-users. The result is improved organizational security, governance, and user experience.
@@ -58,7 +52,7 @@ In the following diagram, Acme is the enterprise customer whose employees authen
5852
- The Requesting App (Agent0) is registered with the Resource App Authorization Server as an OAuth 2.0 client with a valid client_id and credentials to request access tokens from the Resource App Authorization Server.
5953
- The Acme IT admin has defined XAA access controls between Agent0 and Todo0.
6054

61-
The Auth0 resource Authorization Server and the enterprise IdP are configured separately: see [Set up Auth0 XAA Environment](/docs/secure/call-apis-on-users-behalf/xaa/set-up-xaa-test-environment) for the Auth0 side, and [Configure Okta as OIDC IdP](/docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp) under **XAA IdP Setup** for the IdP side.
55+
The Auth0 resource Authorization Server and the enterprise IdP are configured separately: see [Set up Auth0 XAA Environment](/docs/secure/call-apis-on-users-behalf/xaa/set-up-xaa-test-environment) for the Auth0 side, and [Configure Okta as OIDC IdP](/docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp) for the IdP side.
6256

6357
## End-to-end XAA flow
6458

@@ -67,14 +61,12 @@ With our Acme example in mind, the end-to-end XAA flow has the following steps:
6761
1. The Acme employee logs into the Requesting App (Agent0) using SSO with the enterprise IdP. The Requesting App obtains an ID token to verify the Acme employee’s identity.
6862
2. The Requesting App makes a token exchange request to the IdP to exchange the ID token for a cross-domain Identity Assertion JWT Authorization Grant, also known as ID-JAG. The IdP validates the request and checks the XAA policy defined by the Acme IT Admin.
6963
3. If the XAA policy allows for it, the IdP returns the ID-JAG to the Requesting App.
70-
4. The Requesting App makes a token request using the ID-JAG to the Resource App (Todo0) Authorization Server.
64+
4. The Requesting App makes a token request using the ID-JAG to the Resource App Authorization Server.
7165
5. The Resource App Authorization Server validates the ID-JAG using the public key it also uses for its OpenID Connect flow with the IdP. If valid, the authorization server returns an access token.
7266
6. The Requesting App makes a request with the access token to the Resource App’s API.
7367

7468
Leveraging the XAA flow, Acme’s IT admin policies govern access from Agent0 to Todo0, requiring no end-user redirection or interaction.
7569

76-
To set up this end-to-end flow, complete the Auth0 side via [Set up Auth0 XAA Environment](/docs/secure/call-apis-on-users-behalf/xaa/set-up-xaa-test-environment) and the IdP side via [Configure Okta as OIDC IdP](/docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp) under **XAA IdP Setup** in the sidebar.
77-
7870
## Beta limitations
7971

8072
XAA Beta has the following limitations:

main/docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp.mdx

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,12 @@ import { ReleaseStageNotice } from "/snippets/ReleaseStageNotice.jsx"
1313
terms="true"
1414
/>
1515

16+
<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
17+
18+
This guide assumes you use Okta as your enterprise identity provider (IdP) and have administrative access to an Okta tenant you can use for testing. If you don’t have one, read [Create and configure your Okta tenant](/docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp#create-and-configure-your-okta-tenant).
19+
20+
</Callout>
21+
1622
This page walks through configuring Okta as the OIDC enterprise identity provider for Cross App Access (XAA). You'll set up an Okta tenant, register the Resource and Requesting Apps in Okta, and configure a Workforce Enterprise connection so Auth0 can federate with Okta.
1723

1824
## Create and configure your Okta tenant

main/docs/secure/call-apis-on-users-behalf/xaa/set-up-xaa-test-environment.mdx

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,14 @@ import { ReleaseStageNotice } from "/snippets/ReleaseStageNotice.jsx"
1313
terms="true"
1414
/>
1515

16-
This section explains how to set up the end-to-end test environment for the Resource App. By configuring your Auth0 tenant as the Resource App Authorization Server, your SaaS application can start accepting incoming ID-JAG requests without requiring any code changes. This enables your SaaS API to generate access tokens in response to these requests, allowing AI agents and other applications to seamlessly consume your API.
16+
By configuring your Auth0 tenant as the Resource App Authorization Server, your SaaS application can start accepting incoming ID-JAG requests without requiring any code changes. This enables your SaaS API to generate access tokens in response to these requests, allowing AI agents and other applications to seamlessly consume your API.
1717

18-
To set up your end-to-end test environment for the Resource App:
18+
To set up your end-to-end test environment in Auth0:
1919

20-
- Configure and register your Resource App: This includes configuring your Auth0 tenant and registering your SaaS application as a Resource App with Okta. To learn more, read [Resource App setup](#resource-app-setup).
21-
- Configure the Requesting App to test the end-to-end: This includes registering a test Requesting App in your Auth0 tenant and updating Okta to link it with your Resource App. To learn more, read [Requesting App setup](#requesting-app-setup).
22-
- Configure how your Auth0 tenant federates with your customer’s enterprise IdP: In our test environment, the enterprise IdP will be your Okta test tenant, representing one of your enterprise customers. To learn more, read [Add Organization Support to XAA IdP](/docs/secure/call-apis-on-users-behalf/xaa/idp/federate-with-enterprise-idp).
20+
- Configure and register your API in Auth0. To learn more, read [Create the API in Auth0](#create-the-api-in-auth0)
21+
- Configure and register your Resource App: This includes configuring your Auth0 tenant and registering your SaaS application as a Resource App with IdP (e.g. Okta). To learn more, read [Resource App setup](/docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp#register-the-resource-app-in-okta).
22+
- Configure the Requesting App to test the end-to-end: This includes registering a test Requesting App in your Auth0 tenant and updating IdP (e.g. Okta) to link it with your Resource App. To learn more, read [Requesting App setup](#requesting-app-setup).
23+
- Configure how your Auth0 tenant federates with your customer’s enterprise IdP: In our test environment, the enterprise IdP will be your Okta test tenant, representing one of your enterprise customers. To learn more, read [Configure an Okta Workforce Enterprise connection in Auth0](docs/secure/call-apis-on-users-behalf/xaa/idp/configure-okta-as-oidc-idp#configure-an-okta-workforce-enterprise-connection-in-auth0).
2324

2425
{/* The following image maps the responsibilities of the different personas in a production-ready XAA flow: */}
2526

0 commit comments

Comments
 (0)