Product
Tie agent usage to identity
Speakeasy Team
June 16, 2026 - 3 min read
MCP authorization gave you the controls to decide what agents can do: roles, per-server and per-tool scoping, all enforced against a sanctioned registry of approved servers.
But controls only answer half the question. When something goes wrong with an agent, the first thing security asks is simple: who did this, and why were they allowed to? If the answer is “the agent used the service account,” you don’t have an answer.
This release is the other half: every action behind those controls is now tied to a real identity, and every allow-or-deny decision can be explained after the fact. The controls decide what’s allowed, identity tells you who, and the audit trail tells you why.
Identity that comes from your IdP
Roles only mean something if they track the people they’re attached to. Speakeasy syncs directly with your identity provider through a directory sync — users, groups, and their attributes flow in and stay current. Someone joins a team in Okta or Entra, the matching access appears. They leave, it’s gone. No wiki to update, no manual cleanup, no stale grant that outlives the person who needed it.
That sync is what lets a tool call carry a real subject. The directory snapshot — the user’s attributes, their current groups, their role slugs — is stamped onto telemetry at the moment the call is logged. So a record isn’t just “a tool was called.” It’s this person, in these groups, holding these roles, at that instant.
Decisions that hold their shape
Access decisions get more precise too. Grants now evaluate with deny-wins semantics, the same safe default behind network-level access: when multiple grants touch the same resource, a deny beats an allow, so the safe outcome is the one that survives a complicated rule set. And access can be scoped with project-level MCP selectors, so a grant reaches exactly the servers it should and no further.
The result is an authorization model you can reason about. The rules don’t quietly contradict each other, and “allowed” never happens by accident because two grants overlapped.
Answer “why” after the fact
The hardest question in access control is retrospective: not “what can this person do” but “why was this specific call allowed three weeks ago.” Authorization challenges answer it. Speakeasy can record each access decision — who was challenged, what scope was required, whether it was allowed or denied, and how many grants were evaluated to reach that outcome.
When access is denied and it shouldn’t have been, an admin sees the challenge, understands what was missing, and grants the right role straight from the review — no guesswork about which permission to add. When access was allowed and someone asks why, the record is there. That’s the difference between an audit you can stand behind and a log you have to interpret.
Rolling out
Directory sync and identity-stamped telemetry are available now. Authorization challenge logging is gated per organization — reach out to have it enabled for yours.
Get started
Directory sync is configured from the Identity section of your org settings through the WorkOS admin portal. Once it’s connected, roles track your IdP automatically and every tool call carries a real subject. From there, turn on challenge logging to start building the record of who can touch what, and why.
Need to prove who did what across your agents? Book time with our team and we’ll walk through it with you.