Add AI agents manually

Manually add and register Homegrown: Fully custom AI agents in your org. When you register the AI agent, provide the following details:

  • Owners: The admins who are responsible for the AI agent's governance and lifecycle management. Okta recommends that you assign at least two owners to an AI agent to ensure that it always has an owner.
  • Credentials: Okta uses a public key to verify that the AI agent is authorized to access your resources and to validate the digital signatures of its requests.
  • Linked apps: When an AI agent is linked to an app, it can only access resources or perform actions on behalf of a user who is currently signed in to that app.

To secure Homegrown: Fully custom AI agents that don't have an available connector, complete the tasks on this page and then Set up AI agent token exchange.

Before you begin

  • You have the super admin role.
  • If you want to link an AI agent to an OIDC app, integrate that app in your org. See Add existing app integrations.
  • You have a public JSON Web Key (JWK) for authentication with Okta. If you don't have one already, you can generate one when you register the AI agent.

Add an AI agent

  1. In the Admin Console, go to DirectoryAI Agents.

  2. Click Register AI agentRegister manually.
  3. Enter a Name and Description.
  4. Optional. Select an app from the Application list and click Link.
  5. Click Register.
  6. Optional. On the Owners tab, assign one or more owners to the AI agent.
    • Assign individual owners: Select up to five users.
    • Assign a group owner: Select a group that has at least two members.
  7. If you didn't assign owners in the previous step, click Skip for now. Otherwise, Click Save.

Add a public key

After registering the AI agent, you must add a public key. This key is required for the agent to authenticate with Okta.

  1. On the AI agents page, select an AI agent.
  2. Go to the Credentials tab.
  3. Click Add public key.
  4. Enter your public key, or click Generate new key. Okta creates a public key that's associated with a private key that you can view in JSON or PEM.
  5. Click Copy to clipboard and store the private key safely.
  6. Click Done. The public key appears on the Credentials tab with the INACTIVE status.
  7. Click the vertical ellipses that's next to the public key and select Activate.
  8. To deactivate the public key, click the vertical ellipses and select Deactivate. To remove it, click the vertical ellipses again and select Delete.

Activate an AI agent

You can only activate AI agents that have assigned owners.

  1. On the AI agent page, select ActionsActivate.
  2. Click Confirm.
  3. To deactivate the agent, select ActionsDeactivate

Next step

Connect AI agents to resources