Skip to main content

Agentic & Non-Human Identity Governance

AI agents and service identities (NHIs) act on their own — so nexusID governs their actions with the same approval chains and audit trail as human access. High-risk agent actions route through human-in-the-loop (HITL) approval before they execute.

Admin console: /admin/agent-actions

Concepts

  • Agent action request — a record of an action an agent (a non-human identity) wants to take, with its risk tier and current status.
  • Risk-tiered gating:
    • LOW / MEDIUM — auto-approved and recorded.
    • HIGH / CRITICAL — gated through an approval chain; a human must approve before the agent proceeds. If no chain is configured, it falls back to auto-approve.
  • Decision write-back — the approval verdict is recorded against the action so the agent knows whether to continue.

How it works

When an agent submits an action, AgentGovernanceService evaluates its risk. High/critical actions create an approval instance (subject type AGENT_ACTION) on the configured chain; an admin approves or denies from the same approvals surface used for access requests. The decision is written back, and every step is audited.

Typical setup

  1. Configure an approval chain for AGENT_ACTION.
  2. Agents submit actions to /admin/api/agent-actions; review the queue at /admin/agent-actions.
  3. Approve/deny high-risk actions; low-risk actions clear automatically.