Agent Identity & Access

Giving every agent its own identity and tightly scoped permissions -- answering not just whether a call can happen but who authorized the goal and who implemented it. The shift from impersonation (the agent assumes a user's identity) to delegation (the agent holds its own identity while acting on a user's behalf).

The Pattern

"Identity with Agents isn't just authentication -- it's accountability." -- Raghvender Arni (source)

Agent identity and access is the platform discipline of giving every agent its own identity and tightly scoped permissions -- answering not just "can this call happen" but "who authorized the goal, and who implemented it." The failure mode it prevents is impersonation: an agent that simply assumes a user's identity, which leaves the user blamed for autonomous decisions and the audit trail meaningless. The emerging model is delegation -- the agent holds its own identity while acting on a user's behalf, using mechanisms like OAuth Token Exchange (RFC 8693) actor tokens, and asynchronous human approval (OIDC CIBA) for high-risk actions (Raghvender Arni).

Operationally this is non-human identity done right: workload identity and secretless auth so agents never hold long-lived keys, scoped tokens per task, and SSO and audit integration so every action is attributable (Tobin South, WorkOS).

Why It Matters

As agents move from tools to autonomous decision-makers, identity has to shift from "who clicked" to "who authorized versus who acted." This is the authn/authz foundation the guardrails proxy and observability build on -- you cannot police or audit what you cannot attribute. The honest caveat: the standards are early and still settling (RFC 8693, OIDC CIBA, emerging agent-identity protocols), so most orgs start with scoped impersonation and grow toward true delegation.

Last reviewed: 2026-06-24