Federated exchange for AI clients: what it means for IAM teams

TL;DR: Enterprise AI clients are already in daily use, but most organisations still stall when those tools need governed access to data through an MCP server, forcing awkward service-account shortcuts that weaken auditability and control, according to Strata Identity. The real issue is not the client, it is the trust model between workforce AI and the data layer.

NHIMG editorial — based on content published by Strata Identity: federated exchange for AI clients and MCP data access

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
• Only 18% of MCP server deployments implement any form of access scoping for tool permissions.

Questions worth separating out

Q: How should security teams handle AI client access to governed data without shared secrets?

A: Security teams should federate access through the corporate IdP and a token-brokering layer so the data platform receives short-lived credentials tied to an individual user.

Q: Why do AI clients create identity risk for data platforms?

A: AI clients make identity risk harder because they compress many users, tools, and requests into a small number of access paths.

Q: What breaks when MCP access is granted through one shared warehouse account?

A: Shared warehouse access breaks attribution, lifecycle management, and least-privilege review.

Practitioner guidance

• Replace shared warehouse secrets with federated identity exchange Route AI client access through a trusted IdP and authorization server so the data platform receives short-lived, audience-bound tokens tied to a named user rather than a common service account.
• Require delegated claims on every AI-to-data access hop Make sub, act, aud, iat, and exp mandatory in the identity handoff so reviewers can distinguish the human requester from the client acting on their behalf and confirm the token cannot be replayed outside its intended audience.
• Put policy enforcement in front of MCP exchanges Use a gateway or authorization layer to inspect each tool call before the upstream exchange occurs, then log the full user-to-agent-to-tool chain for later investigation and access review.

What's in the full article

Strata Identity's full analysis covers the operational detail this post intentionally leaves for the source:

• Step-by-step token brokering flows for Session Passthrough, Federated Exchange, and Brokered Exchange.
• Claim examples showing how sub, act, aud, iat, and exp work in a real exchange.
• The Databricks and Snowflake federation mechanics behind the model.
• How the Maverics audit chain records user, agent, tool, and upstream context.

👉 Read Strata Identity's analysis of federated exchange for AI client data access →

Federated exchange for AI clients: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →