search

robotAgent Authentication

Tutorials for Agent Authentication and Delegation

hashtag
What is Agent IAM?

Agent IAM extends GL IAM to support AI agents as first-class principals. Just like users authenticate with passwords and services authenticate with API keys, agents authenticate through delegation — a human or another agent explicitly grants limited authority to act on their behalf.

circle-info

New to GL IAM? Start with Introduction to GL IAM to understand the core concepts before diving into agents.

hashtag
The Three Principal Types

Principal
Authenticates via
Typical Use Case

User

Password, OAuth, SAML

Human end-users

API Key

Secret token

Service-to-service

Agent

Delegation token

AI agents acting on behalf of users

hashtag
How Agent Delegation Works

hashtag
Key Concepts

Concept
Description

AgentType

Classification of agent role: ORCHESTRATOR, WORKER, TOOL, AUTONOMOUS

DelegationScope

What an agent can do — scopes, resource constraints, action budget, expiry

DelegationChain

Ordered list of principals from root (user) to leaf (current agent)

DelegationToken

JWT encoding the chain, scope, and task context

TaskContext

Why the delegation exists — task ID, purpose, data sensitivity

Scope Attenuation

Each hop in the chain can only narrow scopes, never widen them

Kill Switch

Suspend or permanently revoke an agent to block future delegations

hashtag
Tutorials

1

Register Agent

Register Your First Agent

What You'll Learn: Register an agent with a type, owner, and allowed scopes.

2

Delegate to Agent

Delegate Authority to an Agent

What You'll Learn: Create a delegation token granting limited authority to an agent.

3

Validate Delegation Token

Validate Delegation Tokens

What You'll Learn: Validate delegation tokens in receiving services using a minimal gateway.

4

Delegation Chain

Multi-Hop Delegation Chains

What You'll Learn: Build multi-hop delegation chains where agents sub-delegate to other agents.

5

Scope & Budget

Scope Attenuation & Action Budgets

What You'll Learn: Control what agents can do with scope narrowing, resource constraints, and budgets.

6

Agent Lifecycle

Suspend, Revoke & Kill Switch

What You'll Learn: Manage agent lifecycle — suspend, reactivate, and permanently revoke agents.

circle-info

Found an issue on this page? Report it on our feedback formarrow-up-right.

PreviousGenerate ProofNextRegister Agent

Last updated

Was this helpful?