Skip to content

Aggregating AI Agents

To onboard AI agent data into Identity Security Cloud, you can schedule a reoccurring aggregation or run a manual aggregation from an authoritative agent source.

Supported Connectors

Before running an AI agent aggregation, ensure the source has been configured for agent governance. Refer to the appropriate connector guide for information on enablement:

Connector Guide Agent Development Platform
AWS SaaS Amazon Bedrock
Amazon Bedrock AgentCore

Note: Refer to the AWS product documentation for information on Bedrock AgentCore's available regions.
Databricks SaaS Mosaic AI Agent Framework
Google Workspace SaaS            Vertex AI Platform
Microsoft Entra SaaS Microsoft Copilot Studio
Microsoft Foundry

Note: Agent Discovery is only supported for Microsoft Foundry (classic).
Salesforce SaaS Agentforce
ServiceNow Identity Governance SaaS ServiceNow AI Platform
Snowflake SaaS Snowflake Cortex AI
Web Services SaaS Not applicable

Scheduling Aggregations for AI Agents

You can schedule AI agent aggregations to automatically load data from the source to Identity Security Cloud on a regular basis.

  1. Go to Admin > Connections > Sources.

  2. Select or edit a source that supports machine identity aggregations.

    Important

    Ensure the source has been enabled for agent governance before scheduling an aggregation. For more information, refer to the Supported Connectors table.

  3. In the Machine Identities section, select Machine Identity Aggregations.

  4. In the Machine Identity Aggregation Schedule tile, select Enable Schedule to enable scheduled aggregations for this source.

  5. Under Machine Identities Schemas, choose to aggregate agent data for all schemas or specific schemas:

    • All Schemas - Aggregate data for each schema on this source.

      • For sources with a single schema, this option aggregates data based on the schema.

      • For sources with multiple schemas, this option aggregates data for all schemas. For instance, selecting All Schemas for the AWS SaaS source will aggregate agent data from AWS Bedrock and Bedrock AgentCore.

    • Specific Schemas - Aggregate data for a specific schema on the source. For example, if you select Specific Schemas for the AWS SaaS source, you can choose to aggregate agent data from AWS Bedrock or Bedrock AgentCore.

      • If you select Specific Schemas, select a schema from the Types field.

  6. Choose how often the aggregation runs and the time you want each aggregation to start. Refer to Scheduling Aggregations for guidance on configuring aggregations.

    Note

    The time zone (GMT offset) for the aggregation schedule is determined by the time zone set for the connected virtual appliance cluster. Since time zones are set as an offset of GMT, standard time for the selected time zone is always used. Schedules do not shift for daylight saving time.

  7. (Optional) In the Machine Identity Deletion section, enable the deletion of machine identities from Identity Security Cloud if they are not detected during an aggregation.

    • Under Amount Type, choose whether to enter a number or percentage to indicate the amount of allowed machine identity deletions.

    • Enter a value in the Amount field. This is the maximum number or percentage of machine identities that can be deleted during an aggregation before the aggregation is canceled.

    • Select Save to save the deletion settings.

      Machine Identity Deletions and Correlated Machine Accounts

      A machine identity with correlated accounts can be deleted through a machine identity aggregation or removal. When this occurs, the correlation is removed from the machine account even if it has been manually edited.

      The system will attempt to find a machine identity that matches the deleted machine identity’s Native Identity attribute. If a match is found, the machine account and identity are correlated. If no match is found, an uncorrelated identity is created with that Native Identity attribute and correlated to the machine account. By default, the uncorrelated identity is given the application identity subtype, but this can be changed later.

    These settings also apply during manual aggregations.

  8. Select Save to save your aggregation schedule. The aggregation is added to the processing queue at the scheduled date and time. Other queued or in-progress operations might delay the start of your aggregation.

    Important

    The Identity Name and Native Identity attributes must be mapped in the machine identity schema for an aggregation to run.

    If you need to cancel an aggregation after it has started, go to the Latest Machine Identity Aggregation section and select Cancel on the aggregation card. You can also cancel an in-progress aggregation from the Aggregation History page.

Manually Aggregating AI Agents

You can run an aggregation for a source manually.

  1. Go to Admin > Connections > Sources.

  2. Select or edit a source that supports machine identity aggregations.

    Important

    Ensure the source has been enabled for agent governance before scheduling an aggregation. For more information, refer to the Supported Connectors table.

  3. In the Machine Identities section, select Machine Identity Aggregations.

  4. In the Machine Identity Aggregation tile, choose to aggregate agent data for all schemas or specific schemas:

    • All Schemas - Aggregate data for each schema on this source.

      • For sources with a single schema, this option aggregates data based on the schema.

      • For sources with multiple schemas, this option aggregates data for all schemas. For instance, selecting All Schemas for the AWS SaaS source will aggregate agent data from AWS Bedrock and Bedrock AgentCore.

    • Specific Schemas - Aggregate data for a specific schema on the source. For example, if you select Specific Schemas for the AWS SaaS source, you can choose to aggregate agent data from AWS Bedrock or Bedrock AgentCore.

      • If you select Specific Schemas, select a schema from the Types field.

  5. (Optional) In the Machine Identity Deletion section, enable the deletion of machine identities from Identity Security Cloud if they are not detected during an aggregation.

    • Under Amount Type, choose whether to enter a number or percentage to indicate the amount of allowed machine identity deletions.

    • Enter a value in the Amount field. This is the maximum number or percentage of machine identities that can be deleted during an aggregation before the aggregation is canceled.

    • Select Save to save the deletion settings.

      Machine Identity Deletions and Correlated Machine Accounts

      A machine identity with correlated accounts can be deleted through a machine identity aggregation or removal. When this occurs, the correlation is removed from the machine account even if it has been manually edited.

      The system will attempt to find a machine identity that matches the deleted machine identity’s Native Identity attribute. If a match is found, the machine account and identity are correlated. If no match is found, an uncorrelated identity is created with that Native Identity attribute and correlated to the machine account. By default, the uncorrelated identity is given the application identity subtype, but this can be changed later.

    These settings also apply during scheduled aggregations.

  6. Select Start Aggregation.

    While an aggregation is running, the Start Aggregation button is disabled. You can view the progress of this aggregation in the Latest Machine Identity section on this page. You can cancel the aggregation by selecting Cancel on the aggregation card.

    You can also view aggregation activity or cancel the aggregation on the Aggregation History page.

Viewing Agent Aggregation History

When a source's agents are being aggregated, an entry is added to the Aggregation History section. This entry includes such information as the admin who started the aggregation (for manual aggregations), the date and time the aggregation occurred, the number of agents scanned, and the aggregation's status.

Aggregations are ordered by the most recent aggregation task. You can also sort by status to quickly find success, warning, error, and terminated tasks.

To view aggregation history:

  1. Go to Admin > Connections > Sources.

  2. Select or edit the source you want to view aggregation activity for.

  3. In the Aggregation History and Connections section, select Aggregation History.

    You can also access the Aggregation History page by selecting Aggregation History in the Latest Machine Identity Aggregation section of the Machine Identity Aggregations page.

  4. Select the Machine Identity Aggregations filter to view a list of machine identity aggregations. You can view information about each aggregation, such as its start and stop time and number of items scanned.

Canceling an Agent Aggregation

You can cancel an aggregation that is in progress from the Aggregation History page. Select the Terminate icon next to the aggregation and choose Terminate in the confirmation message.

Select Machine Identity Aggregation in the Type column to view additional information about the job execution, including the aggregation’s status, starting date and time, duration, and number of items scanned before the aggregation was terminated.

Select the Info icon to view the name of the user who terminated the task in the warning message.

Removing AI Agents

You may need to perform an aggregation to test your machine identity schemas. If you find that any changes are required, you can remove all AI agents that have been aggregated and update your configurations.

  1. Go to Admin > Connections > Sources.

  2. Select a source that supports machine identity aggregations.

  3. In the Machine Identities section, select Machine Identity Aggregations.

  4. In the Machine Identity Removal tile, choose to remove machine identities for all schemas or specific schemas. If you select Specific Schemas, select a schema to remove machine identities for.

    Note

    Machine identity removal cannot be performed while an aggregation is running on this source. Conversely, an aggregation cannot be performed while machine identities are being removed.

  5. Select Remove Machine Identities and confirm the deletion.

    Important

    This action only removes agents from Identity Security Cloud. These changes are not provisioned to the source. Remove the agents from the source to prevent them from being restored during the next aggregation.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.