Agent Identity Security Overview
SailPoint Agent Identity Security helps organizations discover, secure, and govern AI agents.
An AI agent is a type of machine identity that represent entities leveraging large language models (LLMs) to perform tasks on behalf of users or other systems. By aggregating or creating AI agents, you can secure and monitor the agents in your organization to prevent issues like misconfigurations, excessive permissions, and shadow access.
By onboarding AI agent information into Identity Security Cloud, you can:
-
Discover AI agents used by other teams in your organization.
-
Govern AI agents alongside human and application identities.
-
Assign multiple owners to AI agents to ensure constant oversight.
-
Prevent human identities from gaining excessive permissions through AI agents.
Implementing Agent Identity Security
Organizations that have licensed Machine Identity Security and Agent Identity Security can configure AI agents using the following steps:
-
Aggregate AI agent data from supported sources. You can also create AI agents within Identity Security Cloud.
-
If AI agents are using machine accounts, you can classify those machine accounts on the source and then correlate them to AI agents:
-
Create machine account subtypes that categorize the AI agents on the source.
-
Set a classification policy to identify the machine accounts on a source.
-
Review possible machine accounts the classification policy may have missed.
-
-
Assign owners to AI agents and configure an automated succession plan.
-
Review and update the attributes for AI agents and machine accounts as needed.
-
Review the human identities that have access to AI agents:
-
View a list of identities that are assigned the user entitlement granting access to the AI agent.
-
Run the Identities Overpermissioned by Agents report.
-
Create certification campaigns for certifiers to review access.
-
-
Review the tools the AI agent has access to:
-
View the access entitlements that are granted to the AI agent’s correlated machine accounts.
-
Create certification campaigns for certifiers to review access.
-
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.