Your IAM Expert.
+421 2 3810 1152
info@inalogy.com
INALOGY a.s.
Černyševského 48
851 01 Bratislava
Slovakia
Every enterprise adopting AI agents faces the same question: who controls what the agent can do?
Right now, AI coding assistants run with whatever permissions the person who launched them has. If that person can delete production files, so can the agent. Read secrets? Sure. Force push to main at 2 AM? Nothing stops it.
And that’s just one agent helping one developer. Companies are already talking about fleets of autonomous agents — ten, fifty, a hundred — running tasks overnight, processing tickets, reviewing code. Each one operating under… whoever set it up. Or a shared service account nobody remembers creating.
This is where AI adoption stalls. Not because the technology isn’t ready, but because the governance isn’t there.
We decided to solve this with a tool that already handles identity at scale: midPoint.
We extended midPoint to govern AI agents the same way it governs human identities. Every action an agent takes — running a command, reading a file, pushing code — gets checked against its role assignments in real time. Permissions, domain knowledge, and audit are all centralized, all driven by the same RBAC model your organization already uses.
Change a role in midPoint and the agent’s boundaries update immediately. No config files to edit, no services to restart. The same platform that manages your human workforce now manages your AI agents.
We didn’t invent a new permission system. We took midPoint’s existing three-tier role model and extended it with attributes that make sense for AI agents:
Business Roles define who you are. Project Lead, Software Engineer, Accountant, Support Agent. The same roles HR already manages.
Application Roles define what you’re allowed to do. Which commands, which directories, which operations. Enforced on every action, in real time.
Skill Roles define what you know. This is the part that’s specific to AI. A skill is a set of instructions, procedures, and guardrails that get loaded into the agent’s context. An agent with a deployment skill knows your deployment process. One with a financial audit skill knows your compliance requirements. Without the role, the agent doesn’t even see those instructions.
The magic is in midPoint’s inducement mechanism. Assign someone the “Accountant” business role and they automatically get the right Application Role (finance tool access) plus the right Skill Roles (reporting procedures, audit knowledge). Remove the business role and everything cascades. Permissions gone, skills gone.
Here’s a screenshot from our demo. This is an AI agent sitting in the Engineering department. Look at the “All accesses” tab. midPoint computed the effective access automatically: Full Access permissions, Deploy skill, Quality skill — all inherited from the org placement and the induced Project Lead role. Nobody had to configure this by hand.
Here’s something that comes for free: since agent permissions are standard midPoint roles, they go through the same approval workflows as everything else.
A developer wants their agent to have deployment access? They request the role. It goes through the approval chain: manager, security team, whoever your policy requires. Approved? The agent gets the permission. Denied? Nothing changes.
No special tooling, no separate process for “AI permissions.” Same role request, same approval workflow, same audit trail your compliance team already trusts.
Most common case: a developer uses an AI assistant interactively. The agent inherits the developer’s midPoint identity — same roles, same boundaries.
A junior developer’s agent can read code and run quality checks, but can’t push, can’t install packages, can’t touch secrets. A senior lead’s agent can do all of that plus deploy. The boundaries match the org chart, and they update the moment someone’s role changes.
This is the part we’re most excited about.
Below is the org tree from our demo. Human identities and AI agent identities live side by side in the same department, same governance, same rules.
When you place an agent into an org unit, it inherits everything from that position and every parent above it. Put it in Accounting and it gets audit procedures, tax reporting skills, finance tool access — all coming from Accounting itself and from the parent Finance Department. Move it to Payroll and the tax skills drop off, replaced by payroll and HR integration skills.
The org chart is the policy.
This is probably the most interesting part: skills aren’t just permissions — they’re organizational knowledge.
A financial audit skill doesn’t just unlock certain tools. It gives the agent a complete set of instructions: what procedures to follow, what reports to generate, what compliance frameworks apply, what red flags to watch for. Think of it as onboarding documentation that gets loaded into the agent based on where it sits in the org.
Accounting agents get accounting expertise. Engineering agents get engineering expertise. Same platform, different knowledge based on organizational context.
Interactive agents can piggyback on a human’s identity, but they can also have their own. A developer might have a personal NHI agent as a dedicated persona, separate from their human account but linked to them. And then there are agents that work fully alone: overnight batch jobs, autonomous ticket processors, background code reviewers.
Those need their own identity in midPoint. We model them as Non-Human Identities (NHI) with a dedicated archetype, giving them the same lifecycle management as any other identity:
And if an agent misbehaves? Disable it in midPoint, immediately. The next action it tries gets blocked. You could even automate this with monitoring that detects anomalies and triggers a disable through midPoint’s REST API.
An NHI agent has its own roles (assigned or inherited), its own identity tokens and certificates, and its own audit trail. When it processes invoices at 3 AM, the logs show exactly which agent did what, under which policy. Not “service-account-7” but a real, trackable identity.
Your Finance department needs three invoice-processing agents? Create three NHIs, drop them in the Accounting org unit. They inherit everything they need. They can’t touch anything they shouldn’t. When the quarter ends, disable them. Done.
You need ten agents for a large project, each with specific capabilities. In most setups, that means ten manual configurations. In ours, it’s one org unit.
midPoint already provisions identities at scale. That’s what it does for your human workforce. We just point it at AI agents too.
Define the demand in an org unit. midPoint creates the identities, provisions accounts through your existing infrastructure, and brings each agent online with the right permissions and skills inherited from the org.
Scale down? Disable the org unit. Everything deprovisioned automatically. Standard identity lifecycle.
Autonomous agents can also receive personality through the role model: who they are, what queue they process, what they should escalate, what they should never do. Different agents in the same org can have entirely different behaviors — all governed from midPoint.
Everything is logged. Every action, every decision, every denial with its reason.
We differentiate audit depth by identity type. Human sessions get standard logging with privacy protections, autonomous agents get full traceability. The audit tier follows the archetype automatically. NIS2 and ISO 27001 requirements covered without extra configuration.
Onboarding in minutes. HR creates an identity, assigns a business role, the developer’s AI assistant immediately knows its boundaries.
Project-scoped agent fleets. Spin up a project org with ten agents, work for three months, disable the org when it’s done. Clean.
Self-service with governance. Developers request additional agent permissions through standard role requests. Approval workflows, audit trail, the works. No shadow IT.
Cross-department knowledge sharing. Finance builds a budget analysis skill, Operations needs it too. Assign the skill role to the Ops org, done. Update the skill once, every agent sees the change.
Instant incident response. Agent acting up? Disable the identity. One click, instant revocation. Full audit trail and role history from the same screen.
At its core, AI agent governance is an identity management problem. And we’ve been solving identity management for decades.
We picked midPoint for a reason. The role model, org hierarchy, inducement, meta-roles — even meta-meta-roles for building role hierarchies dynamically — provisioning connectors, approval workflows, lifecycle policies, audit. It was all already there. We didn’t have to reinvent governance for AI. We just had to connect it to agents.
midPoint isn’t an “AI governance tool.” It’s an identity governance platform that turns out to be exactly the orchestrator autonomous agents need. RBAC, organizational inheritance, non-human identity lifecycle, provisioning at scale, compliance-grade audit trails. These aren’t features we bolted on. They’re what midPoint has done for human identities for years. AI agents just became the next type of identity it manages.
As this year’s Gartner IAM Summit confirmed, sovereignty and AI governance are converging — and identity platforms are at the center of that shift.
The result: AI agents governed like employees. Because for your security team, your compliance team, and your CISO, that’s exactly what they need to be.
If you have any questions or feedback, we’d be happy to hear from you. Reach out.
Written by Patrik Rovňák
Inalogy. Identity Governance for the AI era.
Want to read more ?
