Notifications
Clear all
Topic starter
22/06/2026 9:57 am
TL;DR: C1 says enterprise-managed authorization gives AI agents short-lived, scoped tokens for MCP-connected tools, centralising session policy, re-authentication, and revocation across compatible and non-compatible systems, according to ConductorOne. The security issue is not access speed but whether existing identity controls can govern agents without scattering credentials or weakening auditability.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- Only 18% of MCP server deployments implement any form of access scoping for tool permissions.
- Only 5.7% of organisations have full visibility into their service accounts.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should security teams govern AI agent access to MCP-connected tools?
A: Security teams should centralise policy in a control plane that issues scoped, short-lived tokens and records every decision in one audit trail.
Q: When does short-lived access still create too much risk for AI agents?
A: Short-lived access still creates too much risk when the scope is broader than the task, when downstream tools are not isolated, or when revocation does not cover every access path.
Q: What do teams get wrong about unified authorization for agents and people?
A: Teams often assume a shared policy layer automatically means shared governance.
Practitioner guidance
- Map every AI agent to a governance owner Require a named owner for each agent, its control plane policy, and the downstream tools it can reach.
- Separate scope design from token lifetime Review whether the scopes issued to MCP-connected agents are task-specific or merely short-lived.
- Inventory non-EMA access paths List every app, legacy system, and on-premises data path that does not support enterprise-managed authorization and require gateway enforcement for those routes.
What's in the full announcement
ConductorOne's full product announcement covers the operational detail this post intentionally leaves for the source:
- The exact enterprise-managed authorization flow for issuing short-lived scoped tokens to MCP-connected agents.
- The control-plane behaviour for session length, re-authentication policy, and immediate revocation.
- How Access Gateway handles non-compatible apps, on-premises data, and legacy systems under the same governance model.
- The vendor's description of entitlement and audit-trail coverage across human and agent access paths.
👉 Read ConductorOne's announcement on enterprise-managed authorization for AI agents →
Enterprise-managed authorization for AI agents: what changes now?
Explore further
22/06/2026 10:38 am
Enterprise-managed authorization is a control-plane answer to a control-plane problem. AI agents do not fail only at the tool layer. They fail when every downstream app invents its own authorisation boundary, which leaves identity teams with fragmented scope, inconsistent revocation, and no durable audit trail. The discipline here is not just better login flow. It is whether agent access can be made governable across every path that matters. Practitioners should treat this as an identity architecture decision, not a UI convenience.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- Another finding from our research shows that 97% of NHIs carry excessive privileges, which broadens blast radius when access is not tightly scoped.
A question worth separating out:
Q: How do access reviews change when AI agents use enterprise-managed authorization?
A: Access reviews must cover the agent, the policy that issued the token, and the downstream systems the token can reach. Reviewing only the app entitlement misses the control plane decision that created it. For managed AI access, certification has to include runtime scope, ownership, and revocation coverage.
👉 Read our full editorial: Enterprise-managed authorization for AI agents and MCP access
