Today, Okta announced general availability of Okta for AI Agents - Core for regulated environments-including FedRAMP and HIPAA environments. By extending its unified identity fabric into regulated environments, Okta elevates AI agents to first-class identities managed alongside human workforces. This allows federal agencies and healthcare organizations to register, protect and govern AI agents within the same secure boundary they already trust Okta to manage.

\r\n

Okta for AI Agents - Core now manages the agent lifecycle for AI agents operating on regulated data, all inside the regulated boundary. By unifying AI, machine and human governance into a single control plane, compliance and security leaders can answer three key questions to discover, protect and govern their AI agents:

• \r\n

• Where are my agents? Organizations can discover & onboard known agents operating within regulated boundaries, verifying they are each registered to an accountable human owner to satisfy strict administration, custody and audit requirements.

  \r\n
• \r\n

• What can they connect to? Organizations can protect valuable data knowing that agent access to resources is managed with scoped, least-privilege access. This ensures that agents never cross-contaminate regulated data cells or access unauthorized backend systems.

  \r\n
• \r\n

• What can they do? Standard compliance protocols like access certifications and entitlement reviews are seamlessly extended to agent identities. Authorized administrators can quickly review agent activity, process access requests, or initiate manual deactivation serving as an emergency "kill switch" to isolate a non-compliant or malfunctioning agent.

  \r\n
• \r\n

Federal agencies facing AI mandates can now deploy AI agents against federal data inside their FedRAMP Moderate and High boundaries without standing up new infrastructure or delaying mission-critical adoption. Meanwhile, providers and payers needing HIPAA standards can run AI agents against patient data for clinical workflows, claims, or operations inside a HIPAA-aligned environment, with BAAs and controls already in place.

Why it matters:
\r\n Driven by the mandates of both the National Cyber Strategy and the zero-trust principles of Executive Order 14028, federal agencies are accelerating their secure adoption of agentic AI. This urgency is echoed across other regulated sectors, with 85% of healthcare organizations planning to increase agentic AI investment in the next two years, according to Deloitte.

Until now, organizations have struggled to secure these AI systems because they treated them as static service accounts or hardcoded API keys. Okta for AI Agents - Core fundamentally changes this paradigm by elevating AI agents to first-class citizens in the identity ecosystem. Just like human employees, AI agents now have their own dynamic profiles, context-aware access policies, and continuous security monitoring.

Today, Okta announced general availability of Okta for AI Agents - Core for regulated environments-including FedRAMP and HIPAA environments. By extending its unified identity fabric into regulated environments, Okta elevates AI agents to first-class identities managed alongside human workforces. This allows federal agencies and healthcare organizations to register, protect and govern AI agents within the same secure boundary they already trust Okta to manage.

Okta for AI Agents - Core now manages the agent lifecycle for AI agents operating on regulated data, all inside the regulated boundary. By unifying AI, machine and human governance into a single control plane, compliance and security leaders can answer three key questions to discover, protect and govern their AI agents:

• Where are my agents? Organizations can discover & onboard known agents operating within regulated boundaries, verifying they are each registered to an accountable human owner to satisfy strict administration, custody and audit requirements.

• What can they connect to? Organizations can protect valuable data knowing that agent access to resources is managed with scoped, least-privilege access. This ensures that agents never cross-contaminate regulated data cells or access unauthorized backend systems.

• What can they do? Standard compliance protocols like access certifications and entitlement reviews are seamlessly extended to agent identities. Authorized administrators can quickly review agent activity, process access requests, or initiate manual deactivation serving as an emergency "kill switch" to isolate a non-compliant or malfunctioning agent.

Federal agencies facing AI mandates can now deploy AI agents against federal data inside their FedRAMP Moderate and High boundaries without standing up new infrastructure or delaying mission-critical adoption. Meanwhile, providers and payers needing HIPAA standards can run AI agents against patient data for clinical workflows, claims, or operations inside a HIPAA-aligned environment, with BAAs and controls already in place.

Why it matters:
Driven by the mandates of both the National Cyber Strategyopens in a new tab and the zero-trust principles of Executive Order 14028opens in a new tab, federal agencies are accelerating their secure adoption of agentic AI. This urgency is echoed across other regulated sectors, with 85% of healthcare organizations planning to increase agentic AI investment in the next two years, according to Deloitteopens in a new tab.

Until now, organizations have struggled to secure these AI systems because they treated them as static service accounts or hardcoded API keys. Okta for AI Agents - Core fundamentally changes this paradigm by elevating AI agents to first-class citizens in the identity ecosystem. Just like human employees, AI agents now have their own dynamic profiles, context-aware access policies, and continuous security monitoring.