Managing AI Agents
After AI agent data has been onboarded into Identity Security Cloud, you can assign owners to AI agents and update their attributes. You can also create an AI agent within your tenant in cases where a source account may represent an agent.
Creating AI Agents
You can create an AI agent in your tenant to track and govern your organization’s agents.
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Select Create AI Agent.
-
In the creation window, complete the following:
-
In the Name field, enter a unique name for the AI agent.
-
In the Business Application field, enter a unique value that describes the agent.
-
In the Primary Owner dropdown list, select the human identity responsible for this agent.
-
(Optional) In the Additional Owners dropdown list, select up to 10 human identities to assume ownership of the agent if the primary owner’s identity state changes to inactive. SailPoint recommends adding additional owners to reduce the number of unmanaged agents.
Notes on Succession
If the primary owner’s identity is deleted or set to an inactive identity state, the ownership automatically passes to the first Active identity in the Additional Owners list. If no additional owner is selected, the ownership passes to the manager of the primary owner. If this identity has no manager, the agent will have no primary owner until one is manually added.
Identities that become inactive are automatically removed from the Additional Owners list.
-
-
Select the user entitlements that will grant access to this agent. You can add a maximum of 10 user entitlements from multiple sources.
After an agent has been created, you can view the user entitlements that grant users access to it in the agent's Details tab.
-
(Optional) In the Description field, enter a description for the agent.
-
Select Save to create the agent.
The AI agent is added to the list of AI agents, and you can update or delete.
Viewing AI Agents
You can access an AI agent’s control panel and identity graph to view additional data about the agent, including its attributes, user entitlements, and audit events.
Viewing an Agent's Control Panel
Like human identities, you can review additional details about agents and track their accounts and usage from their control panel.
To access an agent’s control panel:
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Find and select an AI agent to view its control panel.
From the control panel, you can perform the following actions:
-
View and copy
the agent's attributes in the Details tab. -
View the user entitlements that grant identities access to the agent in the Details tab. You can also select a user entitlement to view further information about it, including the identities that receive access to the agent through the user entitlement.
-
Review the entitlements assigned to the agent's correlated machine accounts in the Access tab.
-
View and update the machine accounts correlated to the agent in the Accounts tab.
-
Review audit events in the Events tab.
-
Update or delete the agent by selecting the Actions menu in the upper-right corner of the page.
Accessing an AI Agent’s Identity Graph
If your organization has access to the Identity Graph feature, you can use this tool to visualize an AI agent’s relationships to access items.
Limited Availability
This page describes a Limited Availability feature. AI agents only display in the Identity Graph for select customers. Contact your Customer Success team for more information.
To access an agent’s identity graph:
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Find or search for an agent.
-
Select the View in Identity Graph icon
.
You can now review the agent’s relationships to access items and identify possible risks through a visualization.
To return to the identity list, select the Exit Identity Graph icon
in the upper-right corner of the Identity Graph window.
Updating AI Agents
After an AI agent has been created, you can update its attributes from its control panel.
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Find the agent that requires updates and select Actions
> Update Identity. -
Update the AI agent's attributes.
-
Select Save to update the AI agent.
Deleting AI Agents
You may need to delete an AI agent if your organization has decommissioned it.
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Find the agent that requires updates and select Actions
> Delete Identity. -
In the confirmation window, select Delete.
The AI agent is removed from Identity Security Cloud.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.
