Strata introduces AI Identity Gateway to secure and govern agentic systems

Strata Identity announced the availability of the AI Identity Gateway, an enterprise-grade runtime identity and policy-enforcement control point for agentic behavior. As part of Maverics for Agentic Identity, the AI Identity Gateway provides organizations with a reliable way to authenticate, authorize, and observe every action an agent performs against upstream services in real time.

Strata has also released the Maverics Sandbox for Agentic Identity, which functions like a flight simulator for agents, enabling enterprises to safely and easily experiment with pre-integrated identity providers (IdPs), MCPs, APIs, and live policy enforcement using the AI Identity Gateway.

The Maverics Sandbox spins up in less than 5 minutes, without exposing production systems or requiring any infrastructure setup overhead. Users can immediately see how policies, tokens, and agent identity controls behave across real agent-to-API calls within a working demo app, providing a practical path for understanding and validating secure agent behavior.

“AI agents are the new digital workforce, but without identity they’re invisible and ungoverned,” said Eric Olden, CEO of Strata Identity. “With the AI Identity Gateway and the Maverics Sandbox, organizations can for the first time experiment with applying policy to every agent action and enforcing access at runtime. We are giving enterprises a working environment, not future promises, for testing real-world AI identity controls today.”

AI agents now act on behalf of people and systems, accessing APIs, data, and enterprise workflows. Traditional IAM controls can’t keep up. Maverics for Agentic Identity delivers unified identity controls that manage both human and agent interactions in real time, integrating with existing IDPs such as Okta, Microsoft Entra, Ping, and Keycloak. It also connects with agent-specific registries including the AGNTCY open source working group and custom databases.

AI Identity Gateway: Air-gapped runtime policy enforcement for MCP and agents

Acting as a runtime enforcement proxy, the AI Identity Gateway extends enterprise identity and access controls directly into MCP. It ensures that every agent tool call carries a verified identity, has gone through fine grained authorization, and audited at every hop.

The AI Identity Gateway enforces least-privilege access via OPA/Rego policy-based authorization at multiple layers, including both initial access and delegated token exchange for short-lived credentials. By validating proof of possession and maintaining comprehensive audit logs of all agent requests, responses, and token exchanges, it prevents over-privileged security threats while ensuring full operational visibility.

While the AI Identity Gateway operates completely within the customer’s environment of choice, these admin-time policies are easily configured via the Maverics Cloud Console. This hybrid deployment model enables the AI Identity Gateway to operate in air-gapped, disconnected states such as on-prem agent environments and for regulated industries with strict network security considerations.

Built on the Maverics platform

Both Maverics for Agentic Identity and the AI Identity Gateway are part of Strata’s Maverics platform which serves as the foundation for all agentic identity operations. It abstracts and connects disparate identity systems across clouds, directories and IDPs, allowing organizations to:

• Work with multiple IDPs, cloud and on-prem, without code or API rewrites
• Apply identity, policy, and access signals across agents, humans, and APIs
• Integrate telemetry and audit data with SIEM tools such as Splunk, Palo Alto Networks, and CrowdStrike.

The result is a unified, standards-based identity layer that continuously enforces authentication, authorization, and auditability across the entire AI lifecycle.