Identity before intelligence:
what agent IAM forces you to decide

In mid-March 2026, Okta made a deliberate move: treat software agents as first-class actors in the enterprise perimeter, with a product lane aimed at three blunt questions: where are my agents, what can they connect to, and what can they do? General availability was on the calendar for April 30.

You don't have to use Okta to care about this. The pattern shows up wherever MCP servers, tool routers, and orchestration layers multiply. Agents are users without a face. If your IdP story stops at people, you'll invent shadow IAM in YAML and regret it.

Question 1: Where are your agents?

Not "what demos did we build." Registered agents: name, owner team, environment, data class, blast radius if credentials leak. If you can't produce a list in five minutes, you don't have inventory. You have folklore.

Practical floor: every non-trivial agent gets a service identity, a rotation story, and an owner on call. No exceptions for "the quick Slack bot."

Question 2: What can they connect to?

This is where MCP, custom tools, and legacy SOAP endpoints collide. The protocol is not the policy. You still need scoped tokens, network paths, and explicit allowlists for production versus sandbox.

We've watched teams ship a beautiful agent that could reach fifteen internal APIs because the dev keys were wide open. The model wasn't the risk. The graph of reachable systems was.

Question 3: What can they do?

Read versus write. PII versus aggregate. "Suggest" versus "execute." Time-bound approval for irreversible actions. If you can't explain the policy in one sentence to your legal partner, your agent shouldn't have the capability yet.

This is also where evals meet security. A capability without a test is a rumor. Write the negative cases: what must never happen, and how you'd detect it in logs or traces.

How this fits how we work

We spend a lot of time on platform plumbing: auth patterns, observability, deployment, and the data models that survive the second product team joining the first. Agent identity isn't a vendor press release problem. It's an architecture problem. The headline just makes it harder to postpone.

If you're wiring agents into CRMs, ticketing, or document systems, get the identity layer right early. It's cheaper than an incident review.

Context: Okta announced a blueprint for the secure agentic enterprise and an April 30, 2026 GA target for Okta for AI Agents (March 16, 2026). Product overview: okta.com/products/govern-ai-agent-identity.