Today, Okta extended Okta for AI Agents to support new agent ecosystems, any identity provider, and govern access to any enterprise resource. New updates include an integration with Amazon Bedrock AgentCore, a fully managed generative AI service from Amazon Web Services (AWS), that provides identity lifecycle management for agents customers build on AWS, and support for non-Okta identity providers. Together, these capabilities help organizations discover, onboard, protect, and govern agents regardless of which agents they deploy, which identity platforms they own, or which resources they connect to.
"Security and IT leaders need a better way to understand where their agents are, what they can connect to, and what they can do," said Ely Kahn, Chief Product Officer, Okta. “With AI agents being built on different platforms and being deployed across distributed environments, the agentic enterprise doesn't fit into a single-vendor ecosystem. Okta for AI Agents is the neutral platform built to secure the full agent lifecycle, from initial discovery and onboarding to ongoing protection and governance.”
Why it matters:
By 2028, Gartner predicts that an average global Fortune 500 company will have over 150,000 agents in use. Yet, security and governance models are already falling short: 90% of enterprise agents are over-permissioned, and 53% of AI agents access sensitive information. Enterprises need to maintain visibility and control over their sprawl of agents, ensuring they have governed identities, consistent access policies, and ways to shut them down.
The challenge is compounded by the pace of change across the AI landscape. Model leadership is constantly rotating, platform adoption patterns are shifting, and organizations using multiple platforms benefit from a unified identity layer that works across ecosystems.
At the same time, most point solutions, such as a credential vault or a policy engine, secure only one part of the agent lifecycle. Enterprises need a vendor-neutral platform to secure every agent end-to-end.
Available now – Okta for AI Agents integration with Amazon Bedrock AgentCore
Okta for AI Agents now integrates with Amazon Bedrock AgentCore to provide customers with identity governance capabilities for their agents, including ownership assignment, lifecycle management, and the ability to deactivate rogue agents. Key capabilities include:
AI Agent Discovery: Identify agents across an organization’s environment, including those built on AgentCore, by monitoring for new OAuth consent grants on browsers.
AI Agent Import: Import agents from AgentCore directly into Okta via the Okta Integration Network (OIN) to allow for governance of agents within minutes.
AI Agent Registry: Register agents built on AgentCore as identities with a clear human owner and baseline governance policies from a centralized source of truth.
Resource Connections: Define and securely enforce which resources AgentCore agents can access, which authentication method they use, and what scopes they receive.
User Access Requests and Certifications for AI Agents: Govern agents across their full lifecycle by automating workflows to request and certify user access to AI agents built on AgentCore.
Agent Deactivation: If an organization needs to revoke an agent's access, it can do so with a single action, supporting rapid incident response across the enterprise.
System Logs and Telemetry: Capture tool calls and authorization decisions to maintain compliance and stream to a SIEM for rapid incident response.
These capabilities are platform-neutral. They work across different agent builders that Okta supports, including Salesforce Agentforce and ServiceNow AI Platform, with *additional integrations for DataRobot, Boomi, Glean, Google Vertex AI, and Workday coming soon.
Available now – Okta for AI Agents on any identity provider
Okta for AI Agents works alongside non-Okta identity providers, giving organizations a purpose-built agent identity platform without requiring them to replace their existing human identity infrastructure. Customers can continue to use identity providers, such as Microsoft Entra ID, Ping, or others, as the system of record for human users, while Okta layers identity security for the full agent lifecycle.
This gives organizations a single control plane to discover where their agents are, protect what they can connect to across SaaS apps, APIs, MCP servers, and other enterprise resources, and govern what they can do – without ecosystem lock-in or blind spots.
Learn how to get started with Okta for AI Agents.
*Any mention in this article of solutions, features, functionalities, certifications, authorizations, or attestations that are not currently generally available or have not yet been obtained may not be delivered or obtained on time or at all. We assume no obligation to deliver on such items and you should not rely on them to make your purchase decisions.
