<ciso brief/>
Tag Banner

All news with #workload identity tag

all tags →

Wed, November 19, 2025

AWS IAM Adds Outbound Identity Federation with JWTs

#AWS #AWS IAM #Workload Identity #Token Exchange #Product Release

🔐 AWS Identity and Access Management (IAM) now supports outbound identity federation, enabling customers to exchange AWS credentials for short‑lived, cryptographically signed JSON Web Tokens (JWTs) to authenticate workloads with third‑party clouds, SaaS providers, and self‑hosted applications. Tokens include workload context so external services can enforce fine‑grained access control. Administrators can restrict who can generate tokens and configure token properties such as lifetime, audience, and signing algorithm via IAM policies, and audit issuance and usage through CloudTrail. The capability is available in all AWS commercial Regions, AWS GovCloud (US) Regions, and China Regions.

read more →

Tue, October 14, 2025

AgentCore Identity: Secure Identity for AI Agents at Scale

#AI Security #Agentic AI #Amazon Bedrock #AWS Secrets Manager #AWS KMS #OAuth Misconfig #Workload Identity

🔐 Amazon Bedrock AgentCore Identity centralizes and secures identities and credentials for AI agents, integrating with existing identity providers such as Amazon Cognito to avoid user migration and rework of authentication flows. It provides a token vault encrypted with AWS KMS, native AWS Secrets Manager support, and orchestrates OAuth 2.0 flows (2LO and 3LO). Declarative SDK annotations and built-in error handling simplify credential injection and refresh workflows, helping teams deploy agentic workloads securely at scale.

read more →

Mon, September 22, 2025

Regaining Control of AI Agents and Non-Human Identities

#Okta #AWS #AI Security #Workload Identity #Secrets Management #IAM #Least Privilege

🔐 Enterprises are struggling to secure thousands of non-human identities—service accounts, API tokens, and increasingly autonomous AI agents—that proliferate across cloud and CI/CD environments without clear ownership. These NHIs often use long-lived credentials, lack contextual signals for adaptive controls, and become over-permissioned or orphaned, creating major lateral-movement and compliance risks. The article recommends an identity security fabric—including discovery, risk-based privilege management, automated lifecycle policies, and integrations such as Okta with AWS—to regain visibility and enforce least-privilege at scale.

read more →