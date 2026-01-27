Descope has updated its Agentic Identity Hub to provide MCP developers and AI agent builders with standards-based identity infrastructure for their AI systems. Organizations can now use Descope to manage AI agents as first-class identities alongside human users, add OAuth 2.1 and tool-level scopes to their internal and external MCP servers, and govern agent access to MCP servers with enterprise-grade policy enforcement.

Dedicated agentic identity management (Source: Descope)

2025 was the year AI agents began to go mainstream, but identity continues to be a bottleneck for both developers and security teams. MCP builders and AI agent developers struggle to meet the production-readiness needs of enterprise security teams, with a recent Descope survey of 400+ identity decision-makers finding that while 88% were using or planning to use AI agents, only 37% had progressed past pilots.

At the same time, security teams struggle to secure agentic AI initiatives without stifling innovation. With every threat on the OWASP Top 10 for Agentic Applications citing identity-related remediations, the need for a dedicated identity provider for AI agents is clear.

Moreover, the rapid growth of protocols like MCP has led to security gaps–with 2000 MCP servers possessing no security–and an increased engineering burden as MCP developers are expected to implement OAuth 2.1, PKCE, DCR, CIMD, and other recommendations laid out in the MCP specification.

The Descope no-code identity platform helps organizations easily create and modify identity journeys for their customers, partners, AI agents, and MCP servers using visual workflows. Over 1000 organizations including GoFundMe, Databricks, GoodRx, Navan, and You.com use Descope to enhance customer experience, prevent account takeover, and get a 360 view of their customer and machine identities.

The new Descope Agentic Identity Hub is designed with both builders and security teams in mind–providing developers with secure, easy to use identity infrastructure and helping security teams with policy-based governance and AI agent lifecycle management.

Descope Agentic Identity Hub capabilities include:

Agentic identity management , which provides a centralized view of all agentic identities, dynamically created or manually registered, connecting to an organization’s applications, APIs, and MCP servers. Each agent gets a dedicated identity and attributes such as the associated user, tenant, tool-level scopes granted, and OAuth client ID.

, which provides a centralized view of all agentic identities, dynamically created or manually registered, connecting to an organization’s applications, APIs, and MCP servers. Each agent gets a dedicated identity and attributes such as the associated user, tenant, tool-level scopes granted, and OAuth client ID. Comprehensive MCP auth , which helps MCP server developers add protocol-compliant auth and access control to their internal and external-facing MCP servers. Organizations can support user consent flows, hardened DCR, CIMD, per-agent and per-tool authorization scopes, and tenant-level isolation for B2B MCP use cases.

, which helps MCP server developers add protocol-compliant auth and access control to their internal and external-facing MCP servers. Organizations can support user consent flows, hardened DCR, CIMD, per-agent and per-tool authorization scopes, and tenant-level isolation for B2B MCP use cases. Credential vault , which manages, stores, and refreshes credentials (OAuth tokens and API keys) that AI agents can use to access third-party systems. AI agent builders can choose from 50+ prebuilt connection templates and utilize DCR presets to dynamically connect their AI agents to third-party MCP servers and securely call external APIs on users’ behalf.

, which manages, stores, and refreshes credentials (OAuth tokens and API keys) that AI agents can use to access third-party systems. AI agent builders can choose from 50+ prebuilt connection templates and utilize DCR presets to dynamically connect their AI agents to third-party MCP servers and securely call external APIs on users’ behalf. Enterprise-grade policy controls , which help organizations define granular authorization controls to govern which AI agents can access their MCP servers and which tool-level scopes they are allowed to invoke. Policies can be created based on user roles, JWT claims, tenants, and agent types, among other attributes.

, which help organizations define granular authorization controls to govern which AI agents can access their MCP servers and which tool-level scopes they are allowed to invoke. Policies can be created based on user roles, JWT claims, tenants, and agent types, among other attributes. AI agent logging and auditing, which provides organizations with comprehensive visibility into every AI agent action. Organizations can monitor what agents are accessing and when, identify access control misconfigurations, revoke access for potentially rogue agents, and stream audit events to third-party SIEM platforms.

“AI agents are breaking traditional identity systems,” said Slavik Markovich, CEO of Descope. “They’re autonomous, scalable, and non-deterministic, meaning they can’t be managed like human users or service accounts. The Descope Agentic Identity Hub is a dedicated identity provider for AI agents, giving developers the abstraction layers they need to securely take their AI systems to market while ensuring least privilege access and ongoing protocol compliance. We’re grateful to the several customers already using the Agentic Identity Hub and are excited to be a part of the infrastructure layer needed for secure AI adoption.”

“The Descope Agentic Identity Hub frees up our developers from tooling and integration work so they can spend more time shipping core features instead,” said Soham Mazumdar, CEO of WisdomAI, a Descope customer. “Our customer-facing MCP server uses Descope as the auth layer–this MCP server is used by Fortune 500 customers and helps us show the value of our AI-powered analytics platform while having the confidence that identity controls are baked-in.”

“Descope is a key under-the-hood component of the Cequence AI Gateway,” said Shreyans Mehta, CTO of Cequence Security, a Descope customer. “Descope’s flexible, developer-friendly handling of MCP auth has played an important role in helping Cequence AI Gateway customers securely connect their applications, APIs, and data to AI agents.”