Azure AI Foundry Agents Management

Azure AI Foundry Agent Service enables you to create AI agents that automate tasks and workflows. This platform provides:

A framework for building agents that reason, act, and learn
Access to diverse models, knowledge sources, and tools
Real-world interaction capabilities through search, action connectors, and code execution

Applications range from simple task automation to complex, multi-agent workflows. The platform offers a unified experience for developers and IT administrators through:

A web portal
Software Development Kit (SDK)
Application Programming Interfaces (APIs)
Use these tools to build, deploy, and manage your AI agents efficiently.

Important

You must have a SailPoint Agent Identity Security license to enable the Agent governance features. Contact your SailPoint Customer Success Manager for more details on obtaining the necessary license.
Agent Discovery currently supports Azure AI Foundry Classic Agents.

Supported Features

Aggregation of Azure AI Foundry agents

Required Permissions

API / Role	Permission / Role Name	Type	Description / Purpose
Microsoft Graph API	Application.Read.All OR Directory.Read.All	Application	Read application data Read directory data
Azure Service Management API	user_impersonation	Delegated	Access Azure Resource Manager as organization users
Azure RBAC Role on your subscription	Reader	Role-based	View all resources, but does not allow you to make any changes.
Azure RBAC Role on your subscription	Cognitive Services Data Contributor (Preview)	Role-based	Allows to call data plane APIs, but not any control plane APIs for Microsoft Cognitive Services. This role is in preview and subject to change.

Assigning Reader and Cognitive Services Data Contributor (Preview) Role in Azure for your Subscription:

Follow these steps to assign the Cognitive Services Data Contributor (Preview) Role in Azure for your subscription :

Go to Azure Portal.
Select your active Azure Subscription under Use option.
Go to Access Control (IAM) for the subscription.
Select + Add > Add role assignment.
Assign the Reader role:
1. Under Role, select Reader.
2. In the Members section, search for and select your Registered Application.
3. Select Review + assign to apply the role.
Assign the Cognitive Services Data Contributor (Preview) role:
1. Under Role, select Cognitive Services Data Contributor (Preview).
2. In the Members section, find and select your Registered Application.
3. Click on Review + assign to apply the role.

This grants the necessary permissions to your Registered Application for Cognitive Services data access.

Important
If you have multiple subscriptions in your Azure tenant, repeat the role assignment process for each subscription from which you want to manage resources (agents).

Enabling Machine Identity Governance

To enable Azure AI Foundry aggregation, follow these steps:

Go to Microsoft Entra SaaS source configuration page within ISC.
Select Machine Identity Governance Settings tab.
Select Enable Azure AI Foundry Agents. This enables Agent Governance support for your environment.
Select Save.

Supported Schema Attributes

For more information, refer to Azure AI Foundry Agents Attributes.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here: