Strata Identity introduced a new product, Identity Orchestration for AI Agents. The solution is built on Strata’s Maverics identity fabric and hybrid air-gap architecture. It offers identity guardrails and observability for AI agents without limiting identity provider (IDP) choice.
AI agents pose new identity challenges that traditional IAM can’t handle. These agents are ephemeral and autonomous, accessing enterprise data through MCP (Model Context Protocol). As a result, they operate across systems using opaque credential flows without persistent attributes, dynamic provisioning, or audit trails. In hybrid setups—across clouds, on-premises systems, and multiple IDPs—this causes blind spots in governance. It also leads to inconsistent access control and increases the risk of fraud and non-compliance.
Strata’s new product solves these issues by issuing short-lived, scoped credentials at runtime. It enforces fine-grained, policy-as-code authorization. Sensitive actions can require human-in-the-loop approval. Every agent decision and MCP-initiated API call is logged for full auditability.
“Autonomous AI agents now act as users in enterprise systems—but without user-level guardrails or observability. Strata is bringing policy-based identity security to runtime—where agents live,” said Eric Olden, CEO of Strata Identity and co-author of the SAML standard. “Maverics supports open identity frameworks like OAuth and the AI-native MCP protocol. This enables seamless interoperability across vendors, platforms, and agent ecosystems at scale.”
Maverics treats each AI agent as a first-class identity, governed with the same rigor as human users. This approach ensures zero-trust governance for autonomous AI agents. This industry-first approach handles every agent action as a policy-enforced, observable, and auditable event in real time. Its identity-aware, MCP-native proxy enforces policy without requiring changes to existing apps or microservices.
According to Gartner: “A unified model that extends IAM principles to AI agents is crucial. It must also foster interoperability between AI platforms to realize the benefits of agentic AI securely and responsibly.”
For more on multi-cloud identity, see our overview of Hybrid Identity Setup on Ubuntu 24.04.
Maverics Identity Orchestration for AI Agents
To enable secure, auditable, and policy-driven control over AI agents, Maverics Identity Orchestration provides the following key capabilities:
- Dynamic, runtime authentication for agents using delegated OAuth flows—supporting PKCE and SPIFFE/SVID to enable ephemeral, scoped trust without static credentials.
- Policy-driven, attribute- and context-aware authorization, through On-Behalf-Of (OBO) flows with optional human-in-the-loop verification to enforce step-up approvals for sensitive or high-risk actions.
- Just-in-time issuance/provisioning of agent identities into any cloud or on-premises IDP, including automatic credential rotation, lifecycle expiry, and ownership assignment.
- Full-stack observability through OpenTelemetry, providing near real-time, correlated traces of both human and agent interactions for forensic lineage, risk analysis, and audit through your existing reporting and analytics tools.
With extensive input from Strata’s design partners–including leaders in global financial services, high-tech manufacturing, defense, and retail–Strata’s Identity Orchestration for AI Agents was built to meet enterprise requirements for guardrails and observability over the secure use of agentic workflows, enabling seamless interoperability across vendors, platforms, and agent ecosystems.
