One identity fabric.
For people and machines.
Enterprise IAM for humans and agents alike — SSO, hybrid RBAC + ABAC, row-level security and mTLS for machine-to-machine trust, all federated to the identity provider you already run.
Most AI platforms treat identity as an afterthought. Archon treats it as the floor the whole platform stands on. Every API call, every agent action, every data read is authenticated against your corporate directory and authorized against the same policy engine — so the person running AI at 2 a.m. can’t accidentally do what their role was never supposed to do.
What it is, in plain terms.
Federated authentication
Okta, Entra, Google, custom OIDC and SAML 2.0. Your directory is the source of truth — not a spreadsheet of service accounts.
Humans and agents, equal citizens
Every agent has a real identity, with its own scopes and credentials. No shared admin accounts, no “let the bot be root.”
Hybrid RBAC + ABAC
Not just roles, but attributes. “Finance analyst, owns budget code XX, approved for international contracts” is a decision the platform can make in milliseconds.
Row-level security
Multi-tenant isolation enforced in the database, not just in the application. A business unit cannot see what it is not allowed to see — even if the query would otherwise return it.
What changes for the business.
Your corporate directory governs access across every Archon module and every Crucible-forged app. One revoke; everywhere revoked.
Agents and apps receive scoped, short-lived credentials at runtime. No rotating secrets in config files, no “break-glass admin.”
Every request — human or agent — is checked against the same policy engine. There is no back door. There is no exception flag.
Enterprise-grade by default.
OAuth 2.1, OIDC, SAML 2.0, LDAP/AD
Works with the identity provider you already have. No forklift. No migration drama.
Open Policy Agent integration
Policies authored and versioned like code. Review them, test them, ship them through change control.
mTLS and certificate authority
Mutual-TLS for every service-to-service call, with a built-in CA that handles issuance, rotation and revocation.
Scoped agent credentials
Agents request the narrowest possible credential for the task at hand — and IAM expires it when the task is done.
Step-up and risk-based authentication
High-value actions demand higher assurance. The policy engine asks for more evidence when the stakes rise.
Audit-ready access events
Every auth and authz decision streams to the audit ledger. Access reviews become a query, not a quarter-long project.
AI gets power only where a human would. And only as much as policy allows.
The Inversion Principle hinges on trust — not blind trust, earned trust. For AI to do the work, humans must be certain that every agent is acting within a boundary that their own role could have drawn.
Archon Identity & Access is that boundary, made enforceable. It is how a business can confidently say yes to agents operating on its behalf — because yes is conditional on the same policy that governs the human who asked.
Explore the rest of the platform.
Be the first to build on
Archon Crucible.
We're onboarding a small cohort of design partners. Register now to reserve your spot and help shape the platform.