AI identities are non-human identities used for AI agents. AI identity supports custom attributes, owner relationships, and on-behalf-of configurations. It can authenticate using tokens and participate in access management policies.
Creating AI Identities
Log in to Britive with administrator privileges.
Click Admin -> Identity Management.
Select the AI Identities tab and click on the Add AI Identity button.
Enter the following in the Add AI Identity dialog box:
Enter the name and description of an AI identity.
Select the Access Type:
Static: Enter Token Validity in days. This is the duration of the workload token.
Federated:
Select the identity provider from the list.
Enter Token Validity in seconds. This is the duration of the workload token and depends on the type of identity provider. For more information, see Token Validity.
Enter the Job Function of this AI identity.
Enter the Business Use description of this AI identity.
Click the Add button. For Static AI identities, a token is created and displayed. Copy and save the token.
Token Validity
The duration of the workload token depends on the type of identity provider token being used. Each service identity, when selecting the workload identity provider to associate, can configure the token duration in seconds of the tokens issued by the identity provider.
OIDC: The ID Token duration is the lesser of the duration between the current date/time the ID token is being validated and the ID Token’s expiration date claim (exp) and the mapped service identity’s configured token duration when the OIDC provider is assigned.
AWS STS: The AWS token validity period is determined by the lesser of the AWS identity provider configured maximum token validity period, the service identity configured token duration in seconds for the assigned identity provider, and the duration between the current time the token is first validated and the expiration time in the AWS “token” if requested.
Validation Window
A validation window is configured for each workload identity provider, specifying the amount of time in seconds after the workload identity token was issued/signed, and the Britive app verifies the token is valid. Once verified/validated, the token is considered valid until the token's validity period expires as specified in the Token Validity.
Managing AI Identities
Edit: You can edit any Static or Federated AI identity parameters.
Switch access by clicking the Switch Access button on the Edit page. This switches access from Static to Federated or vice versa.
For static AI identities: Reset the token and change the validity of tokens from the Edit page.
For federated AI identities: Change the identity provider, token validity period, and federated attribute values.
Owner: Grant ownership of service/AI identity to users and/or tags by clicking Select Users or Select Tags.
On Behalf of: Configure a non-human identity such as an AI Identity to act on behalf of a user (user/tag that user is part of) using the On-Behalf-Of (OBO) flow, allowing the service to execute operations within the user’s security context while preserving their identity, permissions, and audit visibility.
Edit custom attributes. These are used to map AI identities that the token is for. These attributes are defined while creating/managing an identity provider.
Disable Identity: If this identity is assigned to one or more profiles, disabling it automatically unassigns it from all the associated profiles.
Delete Identity: If this identity is assigned to one or more profiles, deleting it automatically unassigns it from all the associated profiles.