News
Summer promotion: 20% discount on all IDABUS products!
Benefit from our exclusive summer discount of 20% on the basic price of the IDABUS Identity Engine, the IDABUS Identity Portal and all IDABUS components. Our solution not
25. July 2023
AI agents are gradually becoming part of everyday life in many companies. Initially often intended as assistants, they are increasingly taking on specific tasks: they analyse data, prepare decisions or access systems themselves.
It is at this point, if not before, that things get interesting – and also critical. For as soon as an AI agent takes action, the question inevitably arises:
This is precisely where it becomes clear that traditional approaches to identity and access management are not necessarily sufficient. Neither a standard user account nor a generic technical account accurately reflects what an AI agent actually is: an autonomous entity that operates within the context of an organisation.
In IDABUS, this problem is solved using a proprietary approach. The key term here is MAIA – Managed AI Agent.
MAIA is essentially nothing more than an AI agent that does not exist ‘freely’ within the system, but is deliberately managed. It is given its own identity, is assigned to a real person, and is granted its permissions not at random, but according to clearly defined rules.
That sounds simple at first – but it’s crucial. Because it transforms an abstract technical construct into a perfectly ordinary identity within the IAM system.
A key component of the model is the link to a so-called owner. This means that there is always a real person behind every MAIA.
This is not a technical detail, but rather an organisational decision. It ensures that it is clear who is responsible – both from a technical and a governance perspective.
In practice, this offers several advantages:
This makes a huge difference, particularly in larger environments. Without this mapping, structures can quickly emerge where nobody can say exactly why a system has certain rights.
A common reaction might be: “Then the AI agent simply gets the same rights as its owner.” But that is precisely what is deliberately not happening here.
Instead, IDABUS uses an intelligent filtering mechanism. Whilst the user’s roles serve as a starting point, they are not adopted on a one-to-one basis. What matters is which of these are actually relevant to the specific purpose for which MAIA is being used.
This filtering is carried out using what are known as role profiles. They determine which roles are actually allowed through.
The principle behind it is simple:
The owner has many rights – but a MAIA is only granted those that are actually needed, based on its deployment scenario. The result is a significantly leaner and more manageable permissions framework.
Role profiles are ultimately at the heart of the whole system. They determine not only which rights are granted, but also how flexibly the model can be adapted. A MAIA can have several such profiles, depending on the specific task at hand.
This allows for very precise control over whether an agent focuses on reading, performs analytical tasks or actually intervenes in processes.
It is important to note that the logic remains clear. It is always obvious why a particular permission exists – because it was granted via a specific profile.
Of course, there are cases where the derived roles are not sufficient.
For situations like these, there are deliberately simple options for extending permissions. A MAIA user can be assigned additional roles directly or – where appropriate – inherit certain basic permissions from the organisational unit.
However, this does not happen automatically, but rather in a targeted manner. The basic principle remains the same: inheritance is the default; everything else is an exception.
Auf den ersten Blick könnte man das Modell als reine technische Lösung sehen. In Wirklichkeit geht es aber um etwas Grundsätzlicheres.
As soon as AI agents actively intervene in systems, they become part of a company’s security architecture. And that is precisely where the same requirements apply as for human users:
Ultimately, this is in line with the classic principle of least privilege, which also plays a central role in modern IAM systems.
The real added value becomes apparent in everyday life.
With a model like MAIA, AI agents can be deployed without losing control. Permissions aren’t assigned arbitrarily within the system, but follow a clear logic. This makes many things much easier:
Above all, however, the system remains manageable – even as the number of AI agents grows.
AI agents will only be viable for long-term use in businesses if their identities and permissions are properly managed.
IDABUS provides a clear model for this: MAIA enables the management of AI agents with their own identity, owner association and permissions derived in a controlled manner.
The model’s key strength lies in filtered role inheritance. The owner’s roles can be utilised, but only to the extent permitted by the role profiles for the specific use case. Additional role sources remain possible, but are deliberately treated as supplementary mechanisms.
In this way, IDABUS combines three requirements that are crucial for AI governance:
IDABUS doesn’t just make AI agents usable.
IDABUS makes them manageable.
Benefit from our exclusive summer discount of 20% on the basic price of the IDABUS Identity Engine, the IDABUS Identity Portal and all IDABUS components. Our solution not
Are you looking for a new IAM system? Are you currently using MIM 2016 and would like to find out about possible migration scenarios? Then register today for
Register now for the IDABUS User Group Meeting in Tivat, Montenegro!
