Enterprises can enforce runtime authentication, authorization, and audit controls to establish guardrails for autonomous AI agents and secure MCP services
BOULDER, Colo.–(BUSINESS WIRE)–#CloudIAM—Strata Identity today announced the introduction of a new product, Identity Orchestration for AI Agents. Built on Strata’s Maverics vendor-agnostic identity fabric and hybrid air-gap architecture, it provides identity guardrails and observability for AI agents without limiting identity provider (IDP) choice.
AI agents pose new identity challenges that traditional IAM can’t handle. These agents are ephemeral and autonomous, accessing enterprise data through MCP (Model Context Protocol). As a result, they operate across systems using opaque credential flows without persistent attributes, dynamic provisioning, or audit trails. In hybrid environments spanning clouds, on-prem systems, and multiple IDPs, this creates blind spots in governance, inconsistent access control, and a higher risk of fraud and non-compliance.
Strata’s new product addresses these challenges by issuing short-lived, scoped credentials at runtime; enforcing fine-grained, policy-as-code authorization, including human-in-the-loop approval for sensitive actions; and logging every agent decision and MCP-initiated API call for full auditability.
“Autonomous AI agents now act as users in enterprise systems—but without user-level guardrails or observability. So Strata is bringing policy-based identity security to runtime where agents live,” said Eric Olden, CEO of Strata Identity and co-author of the SAML standard. “Strata’s Maverics supports open identity frameworks such as OAuth and emerging standards like the AI-native MCP protocol, enabling seamless interoperability across vendors, platforms, and agent ecosystems at scale.”
Strata’s Maverics treats every AI agent as a first-class identity, governed by the same rigor as human users, to provide zero-trust governance for autonomous AI agents. This industry-first approach handles every agent action as a policy-enforced, observable, and auditable event in real time. Its identity-aware, MCP-native proxy enforces policy without requiring changes to existing apps or microservices.
According to Gartner®, “A unified model that extends established IAM principles and protocols to AI agents, while also fostering interoperability between different AI platforms, is crucial for realizing the benefits of agentic AI in a secure and responsible manner.”1
Maverics Identity Orchestration for AI Agents
To enable secure, auditable, and policy-driven control over AI agents, Maverics Identity Orchestration provides the following key capabilities:
- Dynamic, runtime authentication for agents using delegated OAuth flows—supporting PKCE and SPIFFE/SVID to enable ephemeral, scoped trust without static credentials.
- Policy-driven, attribute- and context-aware authorization, through On-Behalf-Of (OBO) flows with optional human-in-the-loop verification to enforce step-up approvals for sensitive or high-risk actions.
- Just-in-time issuance/provisioning of agent identities into any cloud or on-premises IDP, including automatic credential rotation, lifecycle expiry, and ownership assignment.
- Full-stack observability through OpenTelemetry, providing near real-time, correlated traces of both human and agent interactions for forensic lineage, risk analysis, and audit through your existing reporting and analytics tools.
With extensive input from Strata’s design partners–including leaders in global financial services, high-tech manufacturing, defense, and retail–Strata’s Identity Orchestration for AI Agents was built to meet enterprise requirements for guardrails and observability over the secure use of agentic workflows, enabling seamless interoperability across vendors, platforms, and agent ecosystems.
1Gartner, IAM for LLM-Based AI Agents, Homan Farahmand, June 12, 2025.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Availability
To learn more about Strata’s Maverics Identity Orchestration for AI Agents and how it enables safer, more compliant AI operations, visit: https://www.strata.io/agentic-pr/?utm_medium=referral&utm_source=businesswire
About Strata Identity
Strata Identity enables organizations to orchestrate and modernize identity without disrupting existing infrastructure while maintaining a frictionless user experience. By decoupling identity from applications, Strata’s Maverics platform unifies SSO, can rationalize redundant IDPs, and ensures continuous access during outages via IDP failover. It enables organizations to extend zero-trust controls across human, machine, and autonomous AI identities. Led by CEO Eric Olden—co-author of the SAML standard— Strata also created the Identity Query Language (IDQL) and open-source Hexa project to help standardize multi-cloud identity management. Learn more at Strata.io and follow us on LinkedIn and YouTube.
Contacts
Media:
Marc Gendron
Marc Gendron PR for Strata
+1-617-877-7480
[email protected]
