The Highlander Principle for Agentic AI: There Can Be Only One

Let me save you some time: If you’re trying to secure autonomous agents with PAM, SSO, IGA, or generic “nonhuman identity” solutions, you’re bringing a knife to a gunfight. Actually, worse – you’re bringing a spoon to a space battle.

Here’s what nobody wants to admit: Autonomous agents aren’t “faster humans” or “smarter scripts.” They’re probabilistic decision-makers that think, act, and transact at machine speed across multiple trust boundaries – often before any human even knows they exist.

Trying to govern them with yesterday’s IAM tools? That’s like managing Kubernetes with cron jobs. Wrong abstraction. Wrong era. Wrong outcome.

The only control plane that matters in the agentic world is identity orchestration – working across a multi-vendor identity fabric that spans every IdP you own and every agent you don’t.

A man with long hair wearing fur and medieval armor stands holding a sword, with dark clouds and lightning in the background.

 

PAM: The Security Theater of Agent Control

You Can’t Vault Your Way to Agent Safety

PAM was built on a beautiful premise: Lock down privileged accounts, rotate credentials, and audit everything. It works great when privilege is tied to Bob from IT or ServiceAccount_42.

But agents? Their “root access” lives in the LLM’s reasoning layer. Unless you’re OpenAI, Anthropic, or Google, you can’t reach inside that black box and apply patches. You can’t rotate the weights. You can’t revoke the training.

PAM assumes you control the privileged entity. With agents, you don’t even control the decision-making process.

The Autonomy Paradox

Here’s the catch-22: Autonomy requires privilege. If an agent can’t complete workflows end-to-end, it’s not autonomous – it’s just expensive middleware.

But PAM can’t make runtime decisions about whether step 47 of a probabilistic decision tree is safe. It can issue a key, sure. But it can’t govern what happens next when “next” is determined by token probabilities.

And that’s before we talk about ephemeral identities. PAM loves stable, long-lived accounts. Agents? They’re born, they act, they vanish – sometimes in milliseconds. Your PAM vault is still trying to log the birth when the agent has already completed its mission and disappeared.

 

SSO: Solving Yesterday’s Problems Today

Agents Don’t Forget Passwords (Because They Never Had Them)

Single Sign-On solved a real problem: Humans are terrible at passwords. But agents don’t need password managers. They need ephemeral, cryptographically verifiable credentials scoped to single tasks.

Static API keys for agents? That’s like giving your house key to everyone who walks by and hoping they’re honest. The right pattern: dynamic credentials that live exactly as long as the task requires – not one millisecond longer.

The Federation Imperative

Agent sessions routinely span domains, clouds, and trust boundaries. Federation isn’t a nice-to-have – it’s table stakes. But traditional SSO wasn’t built for this.

And Multi-Factor Authentication? Your agents don’t have faces for Face ID or fingers for fingerprints. You need cryptographic proof-of-possession, not SMS codes that no agent will ever receive.

The Scale Breaker

Here’s the dirty secret: Human IdPs charge per human. When your agent population scales 50× to 80× beyond your workforce, your Okta bill becomes your biggest OpEx line item.

You need an identity fabric that seamlessly blends:

  • Human IdPs (Okta, Azure AD, Ping)
  • Workload IdPs (SPIRE, SPIFFE)
  • Purpose-built agent registries for ephemeral entities

Only identity orchestration can bind these together without forcing you to rewrite your entire stack.

 

The Nonhuman Identity Red Herring

NHI: Necessary but Not Sufficient

Yes, all agents are nonhuman identities. But saying “we need NHI for agents” is like saying “we need vehicles for Formula 1.” Technically true. Practically useless.

Agents aren’t just nonhuman – they’re autonomous decision-makers with emergent behaviors. Your service account doesn’t suddenly decide to negotiate a better deal with your vendors. Your API key doesn’t get creative with database queries.

The Accountability Gap

Securing the agent without securing its chain of human accountability is security theater. Every autonomous action must trace back to a human sponsor or governance policy. Otherwise, when something goes wrong – and it will – you’re explaining to regulators why nobody is responsible.

 

IGA: Bringing a Compliance Checklist to a Machine-Speed Fight

The Timeframe Mismatch

Identity Governance and Administration was built for quarterly access reviews and annual audits. By the time your IGA completes one certification cycle, your agents have executed millions of actions.

It’s like trying to govern Formula 1 with traffic court. Different speeds. Different stakes. Different universe.

Just-in-Time Isn’t Optional

Standing privileges for agents are like leaving candles burning when you leave the house. It may seem fine at first, but it creates an ongoing risk of disaster. Agents need:

  • Just-in-Time identity creation
  • Just-in-Time permission grants
  • Just-in-Time revocation

This isn’t a provisioning problem you solve once. It’s an orchestration problem you solve every millisecond, in the runtime path, with policy enforcement that travels with the transaction.

 

Why Identity Orchestration Is the Only Answer

Runtime Control: Where Policy Meets Reality

Identity orchestration doesn’t theorize about what agents might do. It enforces policy at the point of action – authentication, authorization, attribute validation, and audit – in the transaction path.

Not in some provisioning workflow. Not in next quarter’s review. Right now, in real-time, before the action completes.

The OAuth Chain of Custody

Orchestrated On-Behalf-Of (OBO) flows create an unbreakable chain from human to agent to resource. Every action carries cryptographic proof of who authorized it, who delegated it, and who executed it.

This isn’t logging after the fact. It’s proof built into the protocol.

Dynamic Agent Authentication That Actually Works

Forget static credentials. Orchestration enables:

  • Dynamic Client Registration (DCR): Agents born with credentials
  • PKCE: Public agents without embedded secrets
  • SPIFFE SVIDs: Cryptographic workload identity
  • Task-Scoped Credentials: Live for one job, die at completion

Multi-Step Identity Choreography

Create an agent identity. Bind it to a task. Execute with constraints. Revoke immediately. Delete the identity but keep the audit trail.

This is a dance that happens millions of times per hour. Only orchestration can choreograph it.

The Identity Fabric Advantage

Don’t rip and replace. Orchestrate:

  • Keep Okta for humans
  • Use SPIRE for workloads
  • Add agent registries for the ephemeral
  • Unite them all through orchestration

One control plane. Multiple IdPs. Zero rewrites.

MCP and Beyond: Protocol-Native Security

Model Context Protocol, Agent-to-Agent protocols, Agentic Communication Protocol – new standards are emerging weekly. Orchestration provides the policy enforcement layer that works across all of them.

Human-in-the-Loop Without Breaking the Flow

High-risk action detected? Orchestration dynamically inserts human approval – spanning multiple IdPs, maintaining the session, preserving the context.

No broken workflows. No manual stitching. Just seamless governance at machine speed.

Observability That Explains the “Why”

Not just “Agent_X called API_Y at timestamp_Z.”

Full context: What was the intent? What policy applied? What attributes were evaluated? What was the outcome? Who authorized it?

When the auditors come – and they will – you need answers, not logs.

 

The Inevitable Truth

PAM, SSO, IGA, and generic NHI solutions each solve a piece of the puzzle. But none of them can govern agents in full flight – across boundaries, at machine speed, with ephemeral identities and complex delegation chains.

This isn’t about choosing the best of several options. This is about recognizing that only one option exists.

In the microservices era, API gateways became mandatory. In the agentic era, identity orchestration is the mandatory control plane.

 

The Bottom Line: Control the Runtime or Lose Control

If you don’t control the runtime identity flow for your agents, you don’t control your agents. Period.

And if you don’t control your agents, they will eventually do something you can’t explain. Not to your CEO. Not to your customers. And definitely not to the judge.

The agent economy isn’t waiting for standards committees or vendor roadmaps. It’s happening now, at machine speed, with or without you.

 

The Strata Strategy: Own the Runtime, Win the Game

The winners in the agent economy will be those who:

  • See the risk as opportunity – First-mover advantage in agent governance
  • Prioritize what matters – JIT identity, runtime enforcement, human traceability
  • Orchestrate everything – One control plane across every IdP you’ll ever need

At Strata, we’re not building another IAM tool. We’re building the inevitable standard for agent security in the identity fabric era: Agentic Identity Orchestration.

Because in the world of agent identity, there can be only one control plane that matters. And it’s the one that controls the runtime.

Ready to control your agents before they control you? Join the Agentic Identity waitlist and be among the first to implement policy-enforced runtime control across every IdP you own – and every agent you’re about to deploy.

Because when it comes to agent security, there can be only one. Make sure it’s yours.