New capabilities help organizations make their apps and APIs agent-compatible, securely connect AI agents to external tools, and secure remote MCP servers with enterprise-grade authorization
Descope, the drag & drop external IAM platform, today announced the launch of the Agentic Identity Hub, an industry-first platform that helps organizations solve authentication and authorization challenges for AI agents, systems, and workflows. Notable additions include providing apps an easy way to become agent-ready while requiring user consent, providing agents a scalable way to connect with 50+ third-party tools and enterprise systems, and helping developers using the Model Context Protocol (MCP) protect their remote MCP servers with purpose-built authorization APIs and SDKs.
As agents, LLMs, and other AI systems become increasingly embedded into enterprise and consumer workflows, developers struggle with the dual challenge of securely connecting these AI systems to external SaaS tools and ensuring their own apps properly authenticate AI agents with the right level of access and human oversight. As the industry converges on a few key standards to power identity infrastructure for agentic builds (e.g. OAuth, MCP), developers face the choice between spending time to become experts in these protocols to build and manage authentication for AI systems, or risking identity spoofing, tool misuse, privilege compromise, and other threats described in the OWASP Top 10 for GenAI. This developer complexity contributes to the fact that less than two-fifths of GenAI projects go into production.
The Descope no / low code external IAM platform helps organizations easily create, modify, and manage journeys for their consumers, business customers, partners, and APIs / AI agents using visual workflows. Hundreds of customers including GoFundMe, Databricks, Navan, and You.com use Descope to enhance customer experience, help prevent account takeover, and get a 360 view of their customer and machine identities.
Capabilities announced today include:
- Inbound Apps, which provide every application an easy way to become its own identity provider using the OAuth standard. This allows AI agents to securely authenticate, access authorized user data, and take scoped actions on behalf of users with their explicit consent.
- Outbound Apps, which provide every AI agent builder a secure, scalable way to connect AI agents to external tools without having to manually manage and store tokens, scopes, and permissions. Developers can choose from over 50 out-of-the-box tool integration templates including Gmail, HubSpot, GitHub, Snowflake, Slack, Notion, and Shopify.
- MCP Auth SDKs and APIs that help developers building and managing remote MCP servers secure their systems with robust authorization controls as well as extend the MCP servers’ functionality by connecting them with multiple OAuth-based services.
“As AI systems make our lives easier, we must ensure the lives of developers building AI don’t become harder,” said Slavik Markovich, Co-founder and CEO of Descope. “The Agentic Identity Hub provides a set of tools to help developers spend more time on the interesting work of building and fine-tuning their AI systems and hardly any time on the nitty-gritties of authentication and access control. True enterprise AI adoption won’t happen without a robust, interoperable identity infrastructure working behind the scenes, and we’re excited to be a part of that infrastructure.”
“According to industry trends, over 70% of enterprises cite security, compliance, and trust as primary concerns when adopting AI technologies. As organizations increasingly integrate AI agents into their workflows, the need for robust governance frameworks becomes critical,” said Paul Nashawaty, Principal Analyst at theCUBE. “To scale AI adoption successfully, enterprises must become AI-ready—by modernizing their identity infrastructure—while AI systems must be architected for enterprise-grade demands. Solutions like the Descope Agentic Identity Hub, with its secure, granular, and interoperable identity management capabilities, are essential to bridging this readiness gap.”
To learn more, visit Descope’s AI Launch Week page and AI demo site.
Inbound Apps
AI agents are autonomous enough to navigate digital storefronts and access SaaS applications–however, these apps need to account for the fact that many AI agents don’t navigate the web like humans do. Instead of visual stimuli and UI, AI systems rely on APIs, standards like OAuth, and token-based flows to securely communicate with other machines.
With Descope Inbound Apps, any app or API can easily become OAuth-compatible, enabling a variety of use cases such as:
- Secure connectivity with AI agents with consent screens for users to have control and visibility into what data the AI agent can access and what actions it can perform.
- Integrating with partner applications while allowing them to fetch user data and take authorized actions on the user’s behalf.
- Powering app registration, token management, and consent for B2C and B2B marketplace ecosystems.
“We’re very excited about the potential of Descope Inbound Apps,” said Arnie Katz, Chief Product and Technology Officer at GoFundMe. “Descope is helping us provide frictionless, secure, and omnichannel authentication experiences for millions of users. Inbound Apps builds on this by providing the building blocks for us to more deeply connect with our charity partner ecosystem and make it easier for users to create and donate to fundraisers wherever they are – extending the reach and impact of our platform.”
Outbound Apps
Developers seeking to build powerful AI systems that can interact with the “real world” (e.g. book meetings, write emails, retrieve data from external systems on users’ behalf) face several authentication and integration challenges that delay or prevent production-readiness.
Descope Outbound Apps simplifies how AI agents connect with external tools and enterprise systems. Developers can pick from 50+ templates–ranging from CRMs and payroll to calendars and customer support tools–to securely integrate their AI agent without the heavy lift of learning complex OAuth processes, managing and storing tokens, or ensuring properly scoped access.
“Descope’s Outbound Apps capability frees up our developers from tooling and integration work so they can spend more time shipping core features instead,” said Soham Mazumdar, Co-founder and CEO of WisdomAI. “Being able to seamlessly connect with CRMs, data warehouses, and messaging tools to take actions on users’ behalf helps us show the value of our AI-powered analytics platform instantly.”
Remote MCP Auth SDKs and APIs
The Model Context Protocol, developed by Anthropic, provides a standardized way for LLMs to connect with external tools and services. As MCP continues to gain rapid adoption–with OpenAI, Microsoft, and Figma being a few recent adopters–developers face a mounting list of tasks to make their MCP servers production-ready.
The Descope MCP Auth SDKs and APIs simplify the process of implementing MCP authorization in remote MCP Servers, abstracting out complexities such as creating OAuth-based flows with PKCE or dynamic client registration. These SDKs and APIs work seamlessly with Inbound Apps, enabling use cases such as:
- Protecting MCP servers with OAuth-based authorization, ensuring scoped access to authorized clients.
- Extending MCP server functionality by connecting with external OAuth-based services.