Today, Okta announced general availability of Okta for AI Agents – Core for regulated environments—including FedRAMP and HIPAA environments. By extending its unified identity fabric into regulated environments, Okta elevates AI agents to first-class identities managed alongside human workforces. This allows federal agencies and healthcare organizations to register, protect and govern AI agents within the same secure boundary they already trust Okta to manage.
Okta for AI Agents - Core now manages the agent lifecycle for AI agents operating on regulated data, all inside the regulated boundary. By unifying AI, machine and human governance into a single control plane, compliance and security leaders can answer three key questions to discover, protect and govern their AI agents:
Where are my agents? Organizations can discover & onboard known agents operating within regulated boundaries, verifying they are each registered to an accountable human owner to satisfy strict administration, custody and audit requirements.
What can they connect to? Organizations can protect valuable data knowing that agent access to resources is managed with scoped, least-privilege access. This ensures that agents never cross-contaminate regulated data cells or access unauthorized backend systems.
What can they do? Standard compliance protocols like access certifications and entitlement reviews are seamlessly extended to agent identities. Authorized administrators can quickly review agent activity, process access requests, or initiate manual deactivation serving as an emergency "kill switch" to isolate a non-compliant or malfunctioning agent.
Federal agencies facing AI mandates can now deploy AI agents against federal data inside their FedRAMP Moderate and High boundaries without standing up new infrastructure or delaying mission-critical adoption. Meanwhile, providers and payers needing HIPAA standards can run AI agents against patient data for clinical workflows, claims, or operations inside a HIPAA-aligned environment, with BAAs and controls already in place.
Why it matters:
Driven by the mandates of both the National Cyber Strategy and the zero-trust principles of Executive Order 14028, federal agencies are accelerating their secure adoption of agentic AI. This urgency is echoed across other regulated sectors, with 85% of healthcare organizations planning to increase agentic AI investment in the next two years, according to Deloitte.
Until now, organizations have struggled to secure these AI systems because they treated them as static service accounts or hardcoded API keys. Okta for AI Agents - Core fundamentally changes this paradigm by elevating AI agents to first-class citizens in the identity ecosystem. Just like human employees, AI agents now have their own dynamic profiles, context-aware access policies, and continuous security monitoring.
With Okta for AI Agents - Core now available for FedRAMP and HIPAA customers, organizations in regulated industries can:
Register agents as first-class identities. Agents are imported and registered in Universal Directory—inside an organization’s regulated cell—with a unique identity and a named human owner.
Replace hardcoded credentials with scoped, short-lived tokens. Cross App Access and API Access Management define and enforce what agents can connect to.
Govern the lifecycle, including termination. Okta extends identity lifecycle controls to agent profiles, allowing a single manual deactivation action to prevent new token requests and future authorizations.
"Okta for AI Agents - Core is the only independent identity platform built to secure AI agents everywhere they operate—across any identity platform, any ecosystem, and throughout regulated environments," said Amy Johanek, Vice President Federal at Okta. “You can now run the full agent lifecycle inside the same FedRAMP and HIPAA cells you already trust Okta to run for human identities. It’s the same boundary, same assurances, and extended security for a new, rapidly-growing identity class."
To get started with Okta for AI Agents - Core in highly regulated environments, visit the Okta blog here.
Any mention of future products, features, functionalities, or certifications in this blog is for informational purposes only. These items are not commitments to deliver and should not be relied upon to make purchasing decisions.
Okta for AI Agents - Core is not authorized in Okta for US Military cells.
