Agent and Non-Human Identity Management
Issue every AI agent a distinct, bounded identity with scoped credentials, a defined lifecycle, and access controls — rather than sharing service accounts or running under user identities.
Objective
Ensure agents are identifiable, traceable, and accountable as distinct principals so their actions can be attributed, their access revoked, and their behavior audited independently of human users.
Maturity Levels
Initial
Agents share service accounts with other systems or run under user credentials; no agent-specific identity exists.
Developing
Some agents have dedicated service accounts but they are long-lived, broadly scoped, and not consistently reviewed.
Defined
Every agent has a documented identity with a defined scope, TTL, and owner; provisioning follows an approval workflow.
Managed
Agent credentials are reviewed quarterly; unused identities are deprovisioned; access events are logged and monitored.
Optimizing
Agent identities are dynamically provisioned per session with short-lived credentials scoped to the active task; deprovisioning is automatic on task completion.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Agent identity registry documenting every deployed agent identity, its owning team, permitted resources, credential type, TTL, and last review date
- —Provisioning records showing formal approval before agent identities were created or permissions were expanded
- —Quarterly access review records confirming agent identities were reviewed and unused identities were deprovisioned
- —Credential audit logs showing last-use timestamps for all active agent credentials over a sample period
- —Deprovisioning records for agent identities retired within the review period, confirming credentials were revoked
Implementation Notes
Key steps
- Treat each AI agent as a distinct non-human principal in your identity directory — not a shared service account, not a developer's personal token.
- Assign credentials with the shortest viable TTL: prefer session-scoped tokens over long-lived API keys, and revoke immediately after task completion.
- Maintain an agent identity registry: name, owning team, permitted resources, credential expiry, and last-use timestamp.
- Include agent identities in your access review cycle — they accumulate permissions faster than humans and rarely get deprovisioned without explicit process.
- For multi-agent systems, ensure sub-agents authenticate to orchestrators using the same identity framework rather than inheriting ambient access from the parent agent.
Example Implementation
Enterprise deploying multiple AI agents across HR, finance, and IT workflows
Agent Identity Registry — Sample Entries
| Agent Name | Owning Team | Credential Type | TTL | Permitted Resources | Last Reviewed |
|---|---|---|---|---|---|
| hr-onboarding-agent-v2 | People Ops / AI Eng | Session-scoped OAuth | 4 hours | HRIS read (new hires only), email send (internal), calendar read | 2026-04-01 |
| finance-invoice-agent-v1 | Finance / AI Eng | Short-lived API key | 1 hour | ERP read (AP module), PDF generator, email send (vendor@) | 2026-04-01 |
| it-helpdesk-agent-v3 | IT / AI Eng | Session-scoped OAuth | 2 hours | ServiceNow read/write (own tickets), KB read | 2026-04-01 |
Provisioning process: Identity creation requires sign-off from team lead + CISO office before credentials are issued.
Deprovisioning trigger: Identity deprovisioned within 24 hours of agent retirement or ownership change.
Review cadence: Quarterly; any identity with no usage in 60 days is flagged for deprovisioning.