---
title: "Identities and Agents"
slug: "identities-and-agents-in-the-policy-builder"
updated: 2026-03-01T15:14:38Z
published: 2026-03-01T15:14:38Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.plainid.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Identities and Agents

*Early Access Capability*

          
  

In this section, we introduce the first two **Policy** building blocks: **Identities** and **Agents**. Together, they define who is allowed initiate AI interactions in your **Application**.

---

## Defining Identities

**Identities** answer a fundamental question:

> **Who is allowed to start this interaction?**

**Identities** represent the entities that initiate an interaction with the AI system. These may include:

- **Human users**, such as employees or partners.
- **Non-human Identities (NHIs)**, such as service accounts or system Identities.

In practice, **Identities** are defined using **Dynamic Groups (DGs)** sourced from your Identity providers. For more information, see [Managing Dynamic Groups](/v1/docs/managing-dynamic-groups).

---

### Prerequisites

To use **Dynamic Groups** in a **Policy**, they must already exist in the **PlainID Authorization Platform**. This can be achieved by:

- Integrating with an external **Identity Provider (IdP)**, such as Okta.
- Defining **Dynamic Groups** manually in the custom **Identity Workspace**.

Once available, these groups can be referenced directly within **Policies**.

---

### Adding Identities to a Policy

You can add **Identities** through the **Policy Canvas** or by using the AI assistant.

**To add Identities using the Policy Canvas:**

1. In the Policies section, choose the relevant **Workspace**,
2. Open an existing **Policy** or create a new one by clicking the plus (+) button.
3. In the **Policy Canvas**, click the plus (+) icon under **Identities**.
4. Select an **Identity Provider (IdP)** from the dropdown list.  

![Image](https://cdn.document360.io/726c7002-05a9-480e-b986-42c9e8824acd/Images/Documentation/image(398).png)
5. In the side panel, review the available **Dynamic Groups** under the selected IdP.
6. Select one or more groups by checking the corresponding boxes. Use the search field to locate specific groups.  

![Image](https://cdn.document360.io/726c7002-05a9-480e-b986-42c9e8824acd/Images/Documentation/image(400).png)
7. Confirm your selection. The selected groups appear under the corresponding IdP widget in the **Identities** section.

To include groups from another **Identity Provider (IdP)**:

1. Click the plus (+) icon under **Identities** again.
2. Select a different IdP.
3. Choose additional **Dynamic Groups**.

All selected groups are displayed under their respective IdP widgets.

---

## Defining Agents

After defining **Identities**, the next step is selecting which **Agents** they are permitted to access.

**Agents** represent the AI execution layer, including models, runtimes, or agent instances running on supported frameworks. **Identities** do not access data or tools directly. All access is mediated through **Agents**.

Together, **Identities** and **Agents** define who can invoke specific AI capabilities and establish the foundation for downstream access to tools, databases, and other organizational **Assets**.

---

### Adding Agents to a Policy

Adding **Agents** follows a similar flow to adding **Identities** and supports both visual and AI-assisted interaction.

**To add an Agent:**

1. In the Policies section, choose the relevant **Workspace**,
2. In the **Policy Canvas**, click the plus (+) icon under **Agents**.
3. Select an agent framework from the list of integrated frameworks, such as AWS AgentCore or Google Vertex.  

![Image](https://cdn.document360.io/726c7002-05a9-480e-b986-42c9e8824acd/Images/Documentation/image(401).png)
4. In the side panel, review the available **Agents** under the selected framework. Use the search field to locate specific **Agents** or select them directly from the list.  

![Image](https://cdn.document360.io/726c7002-05a9-480e-b986-42c9e8824acd/Images/Documentation/image(402).png)
5. Confirm your selection. The selected **Agents** appear under the corresponding framework widget in the **Agents** section.

To include **Agents** from another framework:

1. Click the plus (+) icon under **Agents** again.
2. Select a different agent framework.
3. Choose the relevant **Agents**.

At this stage, you have defined who can initiate an interaction and which **Agents** they are authorized to access. Next, proceed to **Controls and Guardrails**, where you define what data, tools, and constraints apply to those interactions.