Getting Started with AI Access Control
AI agents are not users. They operate autonomously, chain actions across multiple systems, and act on behalf of humans — all without a browser or a consent screen. Traditional authentication (shared API keys, user credentials) was not built for this.
LumoAuth gives every agent its own verified identity: scoped to exactly what it needs, auditable at every step, and revocable instantly.
The AI Access Control Model
Agent Registration
Every agent is registered in LumoAuth as a first-class identity — like a user, but for software. Registration defines what the agent is, what it's allowed to do, and how it proves its identity. Agents authenticate with signed JWTs (Ed25519 recommended) or workload identity tokens — no passwords.
Workload Federation
Agents running in cloud infrastructure (Kubernetes, AWS, GCP) can authenticate using the platform's own identity — no static secrets to rotate or leak. The agent's pod or function identity becomes its credential.
Scoped Capabilities
Agent permissions are explicit and bounded. Instead of a service account that can do everything, each agent declares the capabilities it needs (document.read, payments.authorize). Access is denied by default for anything not in scope.
Chain of Agency
When an agent acts on behalf of a user, LumoAuth uses Token Exchange (RFC 8693) to produce a delegation token encoding the full chain: "Search Tool, called by Research Bot, acting for Alice." Every hop is cryptographically verifiable and appears in the audit log.
JIT Permissions
For sensitive operations, agents request just-in-time approval rather than holding standing permissions. A human approver is notified in real time; the granted token is scoped to that single operation and expires automatically.
Your First Agent in 5 Steps
1. Register your agent — In the tenant portal (or via API), create an agent identity with a name and the capabilities it will request. This is the agent's permanent identity record.
2. Generate credentials — Create an Ed25519 key pair. The public key goes into the agent registration; the private key goes into your secret manager. Running in Kubernetes or a cloud function? Skip this — use workload federation instead.
3. Get an access token — The agent signs a short-lived JWT assertion with its private key and exchanges it for a LumoAuth access token. The token is scoped to the capabilities declared at registration (the agent can request a subset, but never more).
4. Authorize actions — Before taking a sensitive action, the agent calls the Ask API ("Can I read and summarize documents for user alice@acme.com?") or the standard authorization check. LumoAuth returns allow/deny with a reason.
5. Request JIT approval for sensitive ops — For high-risk operations (payment processing, data deletion), the agent requests a just-in-time permission. A human approves or denies in real time. The granted token expires after the operation completes.
Framework Integrations
| Framework | Registry Guide | JIT Guide |
|---|---|---|
| LangChain / LangGraph | Registry | JIT |
| CrewAI | Registry | JIT |
| OpenAI Agents SDK | Registry | JIT |
| Agno | Registry | JIT |
| Google ADK | Registry | JIT |
Next Step
- Agent Quick Start → — Full walkthrough with code in Node.js and Python
- Agent Registry → — Deep dive into registration, credentials, and key management