In enterprise organizations, workforce tools and AI-based apps often live as sovereign appdoms, isolated by the moats of security boundaries. Traditional OAuth flows allow users to lower the drawbridge themselves, often leaving the castle overlords, the enterprise IT admins, completely in the dark about who is accessing what. This session introduces the Identity Assertion OAuth spec and cross app access (XAA), a standardized way to ensure app-to-app interactions are backed by verifiable identity rather than just individual whims. We’ll explore how to bridge the gaps between MCP apps using this spec to provide the oversight your kingdom requires while maintaining a seamless experience for your knights.