A New Identity Playbook for AI Agents: Securing the Agentic User Flow

Key Takeaways

• AI agents aren’t just another flavor of non-human identity. Unlike static service accounts or API keys, agentic identities are dynamic, ephemeral, and autonomous. They reason, delegate, and act across domains and trust zones, which means legacy NHI models simply don’t apply.
• Securing the agentic user flow requires identity controls at every step. From OIDC authentication and OAuth subject-actor trust binding to MCP-based resource discovery, just-in-time provisioning, and layered policy evaluation, every stage of an agent’s lifecycle needs purpose-built identity governance.
• Just-in-time provisioning eliminates credential sprawl before it starts. Maverics provisions agent identities on demand with attributes like TTL, purpose, risk, and delegation context attached. When the task is done, the identity is retired. No orphaned credentials, no permission sprawl.
• Human-in-the-loop isn’t optional for high-risk actions. Sensitive operations trigger step-up authentication, liveness validation, and active human approval, ensuring that final authorization always aligns with verified human intent and prevents fraud.
• Full observability is what makes all of this auditable and defensible.Every action across the agentic flow, including subject, actor, delegation chain, purpose, resource, and policy decisions, is logged to a centralized, OTEL-compatible system for compliance, SIEM, and audit readiness.

Artificial intelligence has reached an inflection point. AI agents are no longer just service accounts or background processes. They’re decision-makers, workflow executors, and digital delegates—acting autonomously across APIs, clouds, and systems. Unlike traditional non-human identities (NHI), like service accounts or static API keys, agentic identities are dynamic, ephemeral, and often self-directed.

Gartner highlights that by 2026, 30% of enterprises will rely on AI agents that act independently, triggering transactions and completing tasks on behalf of humans or systems. This new reality demands a new identity playbook. Our legacy IAM architectures—designed for long-lived human users or fixed NHI—weren’t built for this level of machine autonomy, scale, or complexity.

Strata’s Maverics Agentic Identity platform is built precisely to address this gap. Below, we break down what an agentic user flow looks like when you apply Zero Trust principles and modern identity orchestration to this new class of digital actors.

Agentic User Flow: A New Identity Model in Action

Human or Delegating Agent Authenticates to Actor Agent

The journey begins when a human (or delegating agent) authenticates to the actor agent via OIDC and a trusted IDP (e.g., Azure AD, Okta, Google).

Passwordless MFA (passkeys, FaceID) ensures secure, frictionless authentication—no shared secrets at risk.

Establish Subject-Actor Trust

OAuth frameworks bind:

• Subject: the human or delegating agent.
• Actor: the AI agent carrying out tasks.

The subject may grant fine-grained permissions to the actor using OAuth scopes, ensuring delegated rights are explicit and limited.

Subject Directs the Agent

The human or delegating agent issues the command (e.g., “Buy concert tickets using my company card”). The actor agent accepts the task within its scoped authority.

Intent is clear; delegation is bound by policy.

Agent Discovers Where and How to Act

The agent queries MCP (Model Context Protocol) or similar discovery mechanisms to:

• Identify the right APIs, services, and endpoints.
• Map its plan for fulfilling the assigned task.

This ensures resource access is intentional and traceable.

 Agent Authenticates to MCP Bridge

• Public agents use PKCE for secure, secret-less proof-of-possession.
• Trusted/internal agents use SPIFFE/SPIRE X.509 SVIDs for mTLS and client auth.

Strong, verifiable agent identity protects APIs from unauthorized access.

Just-in-Time (JIT) Provisioning

Once authenticated:

• Maverics provisions the agent on demand into the agent registry (IDP).
• Full profiles for long-lived agents or ephemeral Agent IDs for short-lived tasks.
• Attributes like TTL, purpose, risk, and delegation are attached.

No orphaned credentials. Every agent is governed, contextual, and ephemeral as needed.

Policy Evaluation by PDP + PEP

The agent’s request triggers layered evaluation:

• Coarse-grained controls (API, resource, method-level).
• Fine-grained authorization via OPA/ABAC: purpose, task, risk level, and delegation context checked.
• Policies reference both IDP-stored attributes and OAuth token claims.

Zero Trust enforced at every level of access.

Human-in-the-Loop + Up-Authentication

For sensitive actions:

• Liveness validation (biometric, challenge-response) ensures the subject is present.
• Passwordless MFA (e.g., FaceID push) enforces step-up security.
• The subject actively approves or denies the agent’s action.

Final authorization aligns with verified human intent and ensures no bot or fake subject or actor is involved preventing fraud.

Execution + Observability

Once approved:

• The agent executes only authorized API calls.
• All steps—including subject, actor, delegation, purpose, resource, policy decisions—are logged.
• Data feeds a centralized, OTEL-compatible logging system for compliance, SIEM, and audit.

Full forensic trail supports trust, accountability, and regulatory readiness.

What Makes This Different From NHI?

AI agents may technically fall under the category of non-human identities, but functionally, they operate in an entirely different class. Traditional NHIs—like service accounts, API clients, or machine users—are static, narrowly scoped, and often tied to a single system or task. In contrast, agentic identities are dynamic, autonomous, and fluid. They reason, delegate, and act independently—often across domains and systems—requiring real-time policy evaluation, accountability, and human oversight for sensitive actions. Securing these identities demands a fundamentally new approach, not just an extension of legacy NHI models.

Agentic Identity	Non-Human Identity (NHI)
Ephemeral, JIT created	Long-lived, pre-provisioned
Acts autonomously, often with delegation chains	Static purpose, tied to a single app/system
Requires dynamic policy evaluation	Managed via fixed roles/scopes
Works across domains and trust zones	Typically scoped to a single system
Needs human-in-the-loop for sensitive tasks	Rarely includes live human validation
Bound by Zero Trust and least privilege	Often over-permissioned or coarse-grained

Why Enterprises Need This Now

AI agents are reshaping operations. Without the right identity architecture:

1. Risks grow: Over-permissioned agents, poor visibility, compliance gaps.
2. Innovation stalls: Security teams will restrict what agents can do.
   

With Maverics Agentic Identity, enterprises get:

• Zero Trust at machine speed.
• Dynamic, granular controls for agents.
• Future-proof identity for AI-driven operations.

👉 The time for static identity is over. The future is agentic—and the future is now. Get early access to Maverics Identity for Agentic AI to shape the future of AI identity!