Govern access to AI agents

Use Okta Identity Governance to expand governance capabilities to AI agents and the user sign-on apps that it's linked to. This helps ensure that your users have the appropriate access.

When an AI agent is linked to an app, it can only access resources or perform actions on behalf of a user who is currently signed in to that app. Streamline requesting access to these apps using Access Requests and certify and remediate existing access to these apps with Access Certifications.

Note:

This feature is excluded from the Okta for AI Agents - Core SKU, which is the version of Okta for AI Agents available to FedRAMP Moderate and FedRAMP High customers. Okta for AI Agents - Core is not available in Okta for US Military cells. For a current list of features that are excluded from the Okta for AI Agents - Core SKU, see Okta US Public Sector Limitations or Exceptions.

Access Requests

Access Requests streamlines the process of requesting and approving access to apps. You can create conditions for apps so that only the users who need access can request access.

Users can request access to apps directly from their End-User Dashboard. You can define how the request is routed for approval and any actions, including custom actions through delegated flows, to automatically take as a result of approval or denial. You can also specify the duration of access after which the access is automatically revoked.

Access Certifications

Use resource or user campaigns to review and automatically remediate your users' access to apps based on the reviewer's decision. Campaigns are user access reviews from a certification and compliance perspective. Running campaigns helps you adopt the least privileged access model and ensure that your users have the right level of access to apps.

Use resource campaigns if you need clear visibility on who has access to user sign-on apps that are linked to AI agents.

Access certification is extensible through Okta Workflows.