Managing AI Agents
After AI agent data has been onboarded into Identity Security Cloud, you can assign owners to AI agents and update their attributes. You can also create an AI agent within your tenant in cases where a source account may represent an agent.
Creating AI Agents
You can create an AI agent in your tenant to track and govern your organization’s agents.
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Select Create AI Agent.
-
In the creation window, complete the following:
-
In the Name field, enter a unique name for the AI agent.
-
In the Business Application field, enter a unique value that describes the agent.
-
In the Primary Owner dropdown list, select the human identity responsible for this agent.
-
(Optional) In the Additional Owners dropdown list, select up to 10 human identities to assume ownership of the agent if the primary owner’s identity state changes to inactive. SailPoint recommends adding additional owners to reduce the number of unmanaged agents.
Notes on Succession
If the primary owner’s identity is deleted or set to an inactive identity state, the ownership automatically passes to the first Active identity in the Additional Owners list. If no additional owner is selected, the ownership passes to the manager of the primary owner. If this identity has no manager, the agent will have no primary owner until one is manually added.
Identities that become inactive are automatically removed from the Additional Owners list.
-
-
Select the user entitlements that will grant access to this agent. You can add a maximum of 10 user entitlements from multiple sources.
After an agent has been created, you can view the user entitlements that grant users access to it in the agent's Details tab.
-
(Optional) In the Description field, enter a description for the agent.
-
Select Save to create the agent.
The AI agent is added to the list of AI agents, and you can update or delete it as needed.
Viewing an Agent's Control Panel
Like human identities, you can review additional details about agents and track their accounts and usage from their control panel.
To access an agent’s control panel:
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Find and select an AI agent to view its control panel.
From the control panel, you can perform the following actions:
-
View and copy
the agent's attributes in the Details tab.
-
View the user entitlements that grant identities access to the agent in the Details tab. You can also select a user entitlement to view further information about it, including the identities that receive access to the agent through the user entitlement.
-
Review the entitlements assigned to the agent's correlated machine accounts in the Access tab.
-
View and update the machine accounts correlated to the agent in the Accounts tab.
-
Review audit events in the Events tab.
-
Update or delete the agent by selecting the Actions menu in the upper-right corner of the page.
Updating AI Agents
After an AI agent has been created, you can update its attributes from its control panel.
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Find the agent that requires updates and select Actions
> Update Identity.
-
Update the AI agent's attributes.
-
Select Save to update the AI agent.
Deleting AI Agents
You may need to delete an AI agent if your organization has decommissioned it.
-
Go to Admin > Identity Management > Identities.
-
In the Machine Identities section, select AI Agents.
-
Find the agent that requires updates and select Actions
> Delete Identity.
-
In the confirmation window, select Delete.
The AI agent is removed from Identity Security Cloud.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.