You spent years getting identity right. SSO works. MFA works. Joiner-mover-leaver is wired to HR. Nobody wants to touch it, and nobody should.
Then your teams started shipping AI agents, and the question changed.
Your workforce IdP is excellent at answering one question:
Who is this human, and what apps and groups are they entitled to?
An agent that can read records, move money, call tools, and trigger workflows forces a second question into the foreground:
Who is this agent, on whose behalf is it acting, which exact tool calls did policy approve at the moment the token was minted, with what proof that the token is hard to replay, and how fast can I shut it off?
That is not a feature gap you close with another group claim or one more broad OAuth scope. It is a different shape of problem. The answer is not to replace the identity system your humans depend on. The answer is to federate it to an identity plane built for agents.
The Trap: Stretching a Human IdP to Fit Machines
The instinct is understandable: "We already have an IdP. Can't it handle agents too?" The market is moving in that direction. Microsoft Entra Agent ID gives agents first-class identities in Entra. Okta Cross App Access moves cross-app authorization for agent scenarios into centrally managed policies.
That direction is right. The gap is not whether agents can have identities or whether on-behalf-of flows can exist. The gap is what happens at the moment a token is minted.
Scopes are blunt
travel:read travel:write cannot say "search flights but do not book," "spend at most $500," or "only these three tools."
OBO is often pre-consented
Many on-behalf-of patterns lean on admin-consented app permissions, not a live check against what this user delegated for this request.
Self-validating tokens linger
A JWT that validates by signature usually lives until it expires. Cutting off an agent this second needs another path.
Attribution can blur
A shared agent identity acting for many users makes it harder to know whose consent, budget, and audit trail apply.
You can build around these gaps. But then you are assembling per-tool authorization, a delegation store, token-endpoint policy hooks, revocation plumbing, proof-of-possession, and audit evidence yourself. That is a platform program, not a configuration toggle.
The Move: Two Trust Anchors, One Federation Link
The clean architecture keeps your workforce IdP as the human trust anchor and adds EmpowerNow as the agent and authorization trust anchor.
Workforce IdP
Okta, Entra ID, or Ping keeps owning SSO, MFA, conditional access, and lifecycle.
- Human credentials
- HR-driven lifecycle
- Existing app groups
EmpowerNow IdP
Purpose-built OAuth/OIDC plane for agent identity, delegated authorization, policy-at-mint, and revocation.
- Agent registration and ARNs
- RAR-gated OBO tokens
- DPoP, mTLS, audience binding
AuthZEN PDP
The token path asks policy about the requested action and carries obligations, delegation constraints, and evidence forward.
A human signs in at your IdP. EmpowerNow accepts that login or exchanges the token, maps the subject to a canonical identity, and lets agent-native authorization take over. Agents get governed identities from EmpowerNow because that is where the agent machinery lives.
Keep your IdP. Add the agent plane. Federate the two.
What the Agent Plane Adds
The differentiator is not a proprietary protocol. The wire stays standards-based: OIDC, OAuth token exchange, RAR, resource indicators, DPoP, mTLS, DCR, introspection, and OpenID AuthZEN. The value is how those pieces compose for agents.
Policy decisions at mint time
Before issuing or exchanging a token, the IdP asks the PDP about the specific tools and actions in the request. Deny fails closed, and policy can return obligations that shape what happens next.
Agents as governed identities
Agents register as first-class OAuth clients with stable agent ARNs, owners, credentials, and lifecycle events. That is very different from handing out raw API keys.
Delegation scoped to what the user approved
An agent can request the moon. It receives the intersection of what it requested, what policy allows, and what the user actually delegated.
Tokens you can take back quickly
For automation and CLI callers, opaque PATs validated by introspection can be revoked on the next check instead of waiting for a long-lived JWT to age out.
How a Delegated Agent Action Works
- Human logs in at the workforce IdP. Existing credential, MFA, lifecycle, and conditional access controls stay in place.
- EmpowerNow federates the session using OIDC or RFC 8693 token exchange and maps the subject to a canonical identity.
- The agent requests action with a rich authorization request naming the tools and constraints it wants.
- The PDP decides whether the agent may act on behalf of the user, and with which capabilities, constraints, and obligations.
- The IdP mints a governed token carrying the actor claim, delegation id, approved scope of tools, audience, and sender constraint where applicable.
- Downstream services and receipts see both parties: who the human principal is and which agent acted for them.
One nuance matters: step-up token elevation for in-conversation MCP re-authentication is a separate rollout track. The core pattern here is the governed identity plane and policy-gated token path: agent identity, delegation, per-request authorization, revocation, and evidence.
What Still Belongs in Your Workforce IdP
This is explicitly not a rip-and-replace pitch. Your workforce IdP should keep doing the work it already does well.
The Takeaway
AI agents do not make your workforce IdP obsolete. They reveal that it was always answering a different question. Humans need SSO, MFA, and lifecycle. Agents need fine-grained, delegated, rapidly revocable, policy-gated identity composed in one place.
Keep your IdP. Add the agent plane. Federate the two. That is the low-friction path to letting agents act in your environment without losing control of what they can do or how fast you can stop them.
See the agent identity plane in context
Explore the EmpowerNow IdP product page for token exchange, RAR, DPoP, consent at issuance, and agent passports.