Omada’s announcement of agent governance capabilities extending identity governance to AI agents represents a significant evolution in how identity platforms are interpreting the scope of identity governance administration. For IGA practitioners, the announcement signals that the market is coalescing around a consensus definition of what comprehensive identity governance must cover: not just human user identities but autonomous AI agents operating within enterprise infrastructure.

The agent governance challenge that Omada is addressing has two dimensions: discovery and lifecycle management. Enterprise environments typically lack systematic visibility into the AI agents deployed across their infrastructure. Security teams know about formally approved agent deployments, but shadow AI deployments are common — agents that business teams have provisioned without formal security review, agents that inherit credentials from their parent systems, agents that accumulate permissions as their responsibilities expand without corresponding governance review.

Omada’s extension of identity governance to agents addresses this through the same foundational capabilities that govern human user identities: defining what an agent is authorised to access, reviewing that access periodically, and responding to changes in agent responsibilities through structured access modification. This is identity governance administration applied to a new class of identities — and it applies the same governance discipline that IGA programmes have developed over the past decade specifically to the AI identity challenge.

The implementation complexity is real, but Omada’s approach signals that this complexity is solvable within existing IGA frameworks rather than requiring entirely new governance models. An AI agent can be provisioned like a user, assigned to roles like a user, reviewed in access certification campaigns like a user, and deprovisioned when its use case changes. The governance mechanics are familiar — the identity class is new.

The market implications are significant. IGA vendors that do not extend their platforms to govern AI agent identities are creating a governance gap that grows with every AI deployment. Organisations that deploy AI at pace without governing those deployments through their identity governance infrastructure are accumulating machine identity debt that will eventually require remediation.

Source: PR Newswire