Identity and access management company Okta Inc. today expanded its Okta for AI Agents platform to cover any agent ecosystem, any enterprise resource and any identity provider, including a new integration with Amazon Web Services Inc.’s Amazon Bedrock and support for non-Okta identity systems.

The expansion is being pitched as a way to let organizations discover, onboard, protect and govern artificial intelligence agents without being locked into a single vendor’s stack. Okta argues that enterprises are already deploying agents across multiple builder platforms and resource types and that identity providers tied to a closed ecosystem leave gaps in visibility and control.

“The agentic enterprise doesn’t fit neatly into one vendor’s ecosystem,” said Chief Product Officer Ely Kahn. “Okta for AI Agents is the only platform built for that reality, securing the full agent lifecycle — discover, onboard, protect and govern, while meeting customers where they are.”

The Amazon Bedrock integration lets teams assign Bedrock-built agents a dedicated identity, attach a human owner and enforce access policies at scale. Capabilities include shadow agent discovery through monitoring of OAuth consent grants on managed browsers such as Google Chrome, direct import of Bedrock agents into Okta via the Okta Integration Network and a registry that treats every agent as a first-class identity with baseline security policies.

Administrators can also define which resources Bedrock agents can reach, the authentication method they use and the scopes they receive. A kill switch allows a misbehaving agent to be shut down with a single action and system logs capture every tool call and authorization decision for streaming into a security information and event management system.

User access requests and certifications, long a fixture of human identity governance, now extend to agents as well. The workflows automate requests for user access to agents built on Bedrock and require periodic certification of that access.

Beyond Bedrock, the agents can be imported under governance from Salesforce Inc.’s Agentforce and ServiceNow Inc.’s AI Platform, with integrations for DataRobot Inc., Boomi Inc., Glean Technologies Inc., Google Cloud’s Vertex AI and Workday Inc. coming soon.

The second part of the announcement today opens Okta for AI Agents to customers that use a different identity provider for their workforce. Organizations running Microsoft Corp.’s Entra ID, Ping Identity Holdings Corp., or other systems as the system of record for human users can layer Okta on top to manage agent identities specifically, without ripping out existing infrastructure.

Okta describes the result as a single control plane for agent identity that spans software-as-a-service applications, application programming interfaces, Model Context Protocol servers, service accounts and secrets. The framing leans on a recurring industry concern that agent sprawl, much like earlier waves of nonhuman identity sprawl around service accounts and bots, will outpace governance if treated as an afterthought.

The announcement follows Okta’s rollout of Okta for AI Agents and reflects a push across the identity sector to position agent identity as a distinct category rather than an extension of workforce or customer identity products.

Image: Okta