Agent ID Guard centrally encrypts and hosts OAuth 2.0 and API Key credentials to enable identity-based outbound authorization and fine-grained access control for third-party service nodes. - Identity as a Service

Overview

As AI agent technology gains broad adoption, agents need secure access to various external services including large model services, third-party SaaS services, and internal enterprise services. Outbound authorization management for third-party service nodes is a core capability of Agent ID Guard, designed for third-party SaaS services to provide security control for external SaaS/API calls.

Credential support: Compatible with both OAuth 2.0 and static API keys. Agent ID Guard automatically handles OAuth token acquisition and refresh, so agents do not need to manage protocol details.
Centralized encrypted hosting: All credentials are stored in the Agent ID Guard credential service and encrypted by Alibaba Cloud KMS, eliminating scattered secrets.
Isolation and least privilege: Outbound authorization is established per agent identity, with fully isolated credentials to prevent unauthorized access.
Low-code integration: Developers only need a credential identifier to obtain access, significantly reducing integration and maintenance costs.

Core concepts

Concept	Description
Agent node	A machine identity managed by Agent ID Guard, corresponding to an underlying M2M (Machine-to-Machine) application.
Third-party service node	An outbound node in the agent workflow that represents an external third-party service. Each node is associated with one OAuth credential provider or API key credential.
OAuth credential provider	Applicable to third-party services that support OAuth 2.0 (such as GitHub, GitLab, etc.). Agent ID Guard automatically manages OAuth access token acquisition, so agents do not need to handle OAuth protocol details.
API key credential	Applicable to third-party services that use static key authentication (such as Amap MCP Server, etc.). Agents retrieve the API key directly through the credential identifier.
Credential identifier	A unique identifier for a credential. Agents use the credential identifier in their code to retrieve the corresponding plaintext value.
Outbound authorization	The authorization between an agent node and a third-party service node, consisting of functional authorization and data authorization. Only agents with established outbound authorization can retrieve credentials for that third-party service.
Functional authorization	Controls what operations an agent can perform. The system automatically completes functional authorization when an agent is registered, granting it permission to retrieve credentials.
Data authorization	Controls which specific OAuth credential provider or API key credential an agent can access. Defined as rules in the form of associated identity + authorized asset. The system automatically creates an authorization rule for each agent at registration, and credentials are automatically added to the rule when third-party service nodes are added.

Credential management

Outbound authorization for third-party service credentials is tightly integrated with credential lifecycle management:

When adding a node:
- Whether it is an OAuth service's Client Secret or a third-party service API Key, all are centrally hosted in the Agent ID Guard credential service and protected by Alibaba Cloud Key Management Service (KMS). API keys and client secrets are encrypted into ciphertext when stored in KMS, using industry-standard encryption algorithms with dedicated hardware security module protection.
- The system automatically adds the credential to the agent's dedicated authorization rule, and the authorization takes effect immediately.
When deleting a node: The system automatically removes the credential from the agent's dedicated authorization rule. Access permissions are revoked immediately, but the credential itself is not deleted and remains available for other agents to use.
Automatic OAuth token management: For OAuth credential providers, Agent ID Guard automatically handles access token acquisition and caching. Agents receive a valid token with each request without needing to implement the OAuth protocol flow themselves.
Key rotation: When administrators update an API key or OAuth credential provider in the credential service, all associated agents automatically receive the new credentials on their next retrieval, without requiring individual notifications or redeployments.

Prerequisites

An IDaaS EIAM Enterprise Edition instance has been created with machine identity management enabled.
Agent identity registration has been completed in Agent ID Guard. For more information, see Agent identity registration and authentication configuration guide.
You have obtained the API key or OAuth credential information (Client ID, Client Secret, Token Endpoint, etc.) from the third-party service.

Procedure

Step 1: Add a third-party service node

Log on to the IDaaS EIAM console.
Click Agent Identity Security to go to the Agent ID Guard list page.
Select the target agent and click Edit in the Actions column. On the agent details page, click the Agent module in the flow diagram at the bottom of the page.
Confirm that Agent identity registration is complete. A green checkmark icon appears to the right of the Agent module name, indicating that the Agent is ready for enterprise service node configuration.
In the upper-right corner of the topology diagram, click Add Node, and then select External Service from the menu.

Note

Each third-party service node is associated with one credential (either an OAuth credential provider or an API key). If an agent needs to access multiple third-party services, you must add separate third-party service nodes for each.

Step 2: Configure third-party service credentials

In the configuration panel of the third-party service node, select either an OAuth credential provider or a static API key credential based on the authentication method of the third-party service. The two credential types differ in their authentication mechanisms, lifecycle management, and security characteristics.

OAuth is better suited for complex, high-security scenarios. It uses temporary tokens and automatic refresh mechanisms to address the risk of long-term key exposure, while enabling fine-grained control over permitted actions. Agent ID Guard handles the complex OAuth flow, so agents do not need to implement token acquisition and refresh logic themselves.
Static API keys are better suited for simple, internal, or low-risk scenarios. They are easy to integrate but lack fine-grained control and automatic rotation capabilities. Therefore, they must be centrally encrypted and access-controlled through Agent ID Guard to compensate for their native security limitations.
In OAuth mode, Agent ID Guard proxies the OAuth token acquisition before returning the result. In API key mode, Agent ID Guard directly returns the managed static API key. For agents, both modes have a consistent invocation pattern: credentials are retrieved through the credential identifier.

Configure an OAuth credential provider

On the OAuth Credential Provider tab, choose to Add OAuth Credential Provider or search by name to select an existing OAuth credential provider.

Add OAuth Credential Provider: If the required OAuth credential provider does not exist in the list, click Add OAuth Credential Provider and fill in the following information:

Parameter	Description	Example
Credential Provider Name	The display name in the console.	GitHub OAuth
Description	A description of the credential's purpose.	GitHub API OAuth credential for managing code repositories
Credential Provider Identifier	A unique identifier for the credential. Agents use this identifier to retrieve the OAuth access token.	github-oauth
Client ID	The OAuth client ID of the third-party service.	Ov23lixxxxx
Client Secret	The OAuth client secret of the third-party service.	a1b2xxxxx
Token Endpoint	The OAuth token endpoint of the third-party service.	https://github.com/login/oauth/access_token
Default Scope	The OAuth permission scope for the third-party service.	repo read:org

Select an existing OAuth credential provider: If the required OAuth credential provider already exists in the list (for example, another agent has already been associated with the same OAuth credential provider), select it directly from the list.

Configure an API key credential

Switch to the API Key Credential tab, and choose to Add API Key Credential or search by name to select an existing API key credential.

Add API Key Credential: If the required API key credential does not exist in the list, click Add API Key Credential and fill in the following information:

Parameter	Description	Example
Credential Name	The display name in the console.	Amap MCP Server Key
Description	A description of the credential's purpose.	Amap MCP Server API key for map service calls
API Key Identifier	A unique identifier for the credential. Agents use this identifier to retrieve the API key plaintext.	amap-apikey
API Key Value	The plaintext API key. After entry, it is encrypted and stored via KMS.	sk-xxxxx

Select an existing API key credential: If the required API key credential already exists in the list (for example, another agent has already been associated with the same API key credential), select it directly from the list.

Step 3: Complete outbound authorization (automatic)

After credential selection or creation is complete, the system automatically adds the credential to the agent's dedicated authorization rule without requiring manual configuration.

You can verify the result in the topology diagram:

An outbound authorization connection is displayed between the agent node and the third-party service node, indicating that authorization has been established.
Click the connection to view authorization details, including the associated credential identifier and status.

Note

To revoke an agent's access to a third-party service, delete the corresponding third-party service node. The system will automatically remove the credential from the dedicated authorization rule.