Identities
Identities control who can run agents, which tools they can access, and what actions are permitted.
Identity Controls
- User and service identity mapping.
- Provider-backed OAuth/token connections.
- Role-scoped tool and runtime permissions.
- Identity-aware guardrails and approvals.
Best Practices
- Use least-privilege defaults.
- Separate development and production identities.
- Rotate credentials and validate provider scopes.
- Combine identities with approvals for sensitive operations.