Register an AI agent
Early Access release
Registering an AI agent formalizes it as a workload principal in the Universal Directory (UD) and gives it a unique record alongside human identities. This process requires defining the agent's profile and assigning a human owner for governance and accountability. Once registered, managed connections can be configured to ensure least privilege access to external resources.
To complete the registration process, follow these steps:
Before you begin
- You have the super admin role.
- You have a custom OIDC AI Agent linked app. See Create OpenID Connect app integrations.
- You have a public JSON Web Key (JWK) for authentication with Okta. If you don't have one already, you can generate one after registering the agent.
Register the agent
-
In the Admin Console, go to .
- Click Register AI Agent.
-
Enter a Name and Description.
-
Optional. Click the App instance dropdown list and select an app instance.
-
Click Register.
-
Assign an Owner by selecting one of the following: Assign individual owners or Assign a group owner.
-
Click Add owners.
Generate a public key
After registering the AI agent, you must add a public key. This key is required for the agent to authenticate with Okta.
-
In the Admin Console, go to .
- Select an agent.
- Go to the Credentials tab.
- Click Add public key.
- On the dialog that appears, paste a public key on the field, or click Generate new key. Okta creates a public key that's associated with a private key that you can view in JSON/PEM.
- Click Copy to clipboard and store the public key safely.
- Click Done.
Link an app instance
-
In the Admin Console, go to .
- Click an agent to connect it to an app.
- Click Connect application.
- Select an app from the dropdown list.
- Click Connect.
Activate an agent
After you register an AI agent, it has a STAGED status. To activate the agent, you must add at least one owner, one credential, and a link to an OIDC app. See Activate or deactivate an AI agent.