Situation Card — Recognition and Handoff
Recognition Cues
The conversation has moved past a Copilot deployment or a citizen-facing chatbot. Listen for these.
Stop and note if you hear any of the following:
- "We're building a pipeline where one agent calls another" — or any description of agents delegating work to downstream agents to complete subtasks
- "MCP" or "Model Context Protocol" — the agency is connecting AI models to internal systems and data sources through standardized tool connectors
- Named agentic frameworks: LangChain, AutoGen, CrewAI, or "we built our own orchestration layer"
- "The agents need access to [system]" — where the access question is about the agent itself, not the user operating it
- "We're trying to figure out governance" or "we're not sure who owns the identity question for these agents"
- Agents described as running autonomously — on a schedule, overnight, or without a human approving each action
A single chatbot has one identity surface: the service account it runs under. A multi-agent workflow has as many identity surfaces as it has agents, tool connections, and delegation hops.
That gap is what you're now selling into.
Confirm the Scope — Ask These
You don't need SE support to ask these questions. Get the answers before you bring one in.
-
"When one of these agents needs to access a system or pull data, how is it authenticating right now — does each agent have its own credential, or are they sharing something?"
-
"If an agent accessed something it shouldn't have, how would you know? What does your audit trail look like across the workflow?"
-
"Who owns the decision about what each agent is allowed to do — is that a written policy somewhere, or is it embedded in the workflow code?"
These three questions surface whether the agency has thought about identity governance for their agentic environment at all. Most haven't. The answers also give the SE exactly what they need to open a technical conversation without starting from scratch.
Why This Is the Hardest NHI Problem
Traditional non-human identity governance was built for static service accounts: one credential, one system, one owner. Multi-agent orchestration breaks every one of those assumptions.
In an agentic workflow, each agent may carry its own credential, delegate a subset of its permissions to a downstream agent, and make access decisions at runtime without a human in the loop. The credential chain is dynamic and often ephemeral — tokens minted for a single workflow execution, scoped to a task, and then (ideally) revoked. The audit trail is fragmented across the orchestration layer, the tools the agents connected to, and whatever logging the agency has in place. The result is an authorization architecture problem, and identity governance sits at the center of it.
A 2025 Forrester survey of federal IT and security leaders found that 71% of agencies actively piloting agentic AI had no formal policy governing how agent credentials are scoped, delegated, or revoked across orchestration layers. (Forrester Research, "Governing the Agentic Enterprise," Q1 2025.)
If the buyer seems uncertain about whether this is a real governance gap, that number closes the question.
What Not to Say
Don't say Okta "solves" the orchestration problem. Okta addresses the identity governance layer within an agentic architecture — credential issuance, scoping, policy enforcement, and audit for non-human actors. The orchestration architecture itself is not our product. Blur that line and you'll lose the room the moment technical questions start.
Don't position agentic NHI capabilities as fully GA across all federal deployment patterns. Some of Okta's capabilities in this space are in Early Access. If the buyer asks for a production reference in a FedRAMP-authorized environment specifically for multi-agent governance, that question belongs to the SE — not to you, not today.
Don't let the conversation drift into PAM. If the buyer raises privileged access management for agents, acknowledge it briefly ("that's a related but distinct conversation") and redirect to the identity governance question. Developing that thread here will take you somewhere you can't navigate without help.
Your Handoff Trigger
Bring in the SE the moment the buyer asks how Okta would integrate with their specific orchestration framework to enforce policy at each agent hop.
The call is already technical. The specific moment is when they want to know how Okta connects to LangChain, AutoGen, their custom pipeline, or their MCP-connected layer, and how authorization policy travels across agent-to-agent delegation. You cannot answer that accurately without the SE. More importantly, you shouldn't try. An AE who wings this answer and gets it wrong has just made the SE's first call harder.
Say this:
"That's exactly the right question, and I want to make sure you get a precise answer. Let me bring in our identity architect — this is their domain and they'll walk through the integration specifics with you."
That's the win. You recognized the signal, confirmed the scope, and got the right person in the room. Everything else follows from that.
Card last reviewed: May 2026. Verify Early Access status of agentic NHI features before any federal procurement conversation.