All posts
June 18, 20263 min read

Just-in-time access for autonomous agents on Entra

Autonomous agents can request just-in-time access to a database exactly when they need it, and the request is granted, recorded, and revoked automatically. The result is a system where no long‑lived credential ever sits idle, every operation is visible to auditors, and sensitive fields are hidden from the agent unless explicitly allowed. In many organizations, agents are given a service‑account key that never expires. The key is copied into CI pipelines, stored in vaults, and often shared acros

Free White Paper

Just-in-Time Access + Single Sign-On (SSO): The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Autonomous agents can request just-in-time access to a database exactly when they need it, and the request is granted, recorded, and revoked automatically. The result is a system where no long‑lived credential ever sits idle, every operation is visible to auditors, and sensitive fields are hidden from the agent unless explicitly allowed.

In many organizations, agents are given a service‑account key that never expires. The key is copied into CI pipelines, stored in vaults, and often shared across multiple jobs. Because the credential never changes, any compromise gives an attacker unrestricted, perpetual access to every downstream system the agent can reach. Auditors cannot tell which job actually issued a query, and developers cannot enforce data‑level protection without building custom code into each application.

Switching to Entra as the source of identity solves the first part of the problem. Entra issues a short‑lived OIDC token that proves who the agent is and what groups it belongs to. The token can be scoped to a specific role and revoked centrally. However, the token alone does not stop the agent from connecting directly to the target resource. The request still travels straight to the database, SSH server, or Kubernetes API without any intermediate check, meaning there is still no real‑time approval, no command‑level audit, and no data masking.

Why a data‑path gateway is required for just-in-time access

The missing piece is a place where policy can be enforced before the request reaches the target. The gateway sits on the network, intercepts the protocol, and decides whether to allow, block, or transform each operation. Because the gateway is the only point that sees both the Entra identity and the actual traffic, it can apply fine‑grained controls that no upstream identity provider can enforce.

In this architecture, the setup stage, creating Entra applications, issuing short‑lived tokens, and assigning groups, determines who the request is and whether it may start. That step is necessary, but it does not provide any protection on its own. The enforcement must happen in the data path, and that is where hoop.dev operates.

Implementing just-in-time access with Entra

hoop.dev acts as an identity‑aware proxy for the supported targets. When an autonomous agent initiates a connection, hoop.dev first validates the Entra token, extracts the group membership, and maps it to a policy that defines what actions are allowed. The gateway then keeps the credential needed to talk to the backend resource, so the agent never handles a password or private key.

Once the request is authorized, hoop.dev grants access for the duration of the session only. If a command matches a risky pattern, such as a destructive SQL statement or a privileged kubectl operation, hoop.dev blocks it in real time. For queries that return sensitive columns, hoop.dev masks those fields before they are sent back to the agent. hoop.dev records every command, response, and approval decision in an audit log that can be replayed for forensic analysis.

Continue reading? Get the full guide.

Just-in-Time Access + Single Sign-On (SSO): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Because the enforcement point is the gateway, hoop.dev guarantees the following outcomes:

  • hoop.dev grants just-in-time access based on the Entra identity.
  • hoop.dev blocks disallowed commands before they reach the target.
  • hoop.dev masks sensitive data in responses.
  • hoop.dev records the entire session for replay and audit.

These capabilities close the gap left by token‑only authentication and turn an open, standing credential model into a controlled, auditable, and reversible workflow.

Getting started

To try this approach, follow the getting‑started guide. It walks you through deploying the gateway, registering an Entra application, and defining a policy that grants just‑in‑time access to a PostgreSQL instance. The same pattern applies to other supported targets such as MySQL, SSH, or Kubernetes.

For deeper insight into how policies are expressed and how masking rules are defined, explore the learning center. The documentation shows real‑world examples of command‑level approval workflows and data‑masking configurations.

FAQ

Do I need to change my existing Entra applications?

No. hoop.dev consumes the existing OIDC tokens. You only need to add the groups or scopes that represent the permissions you want to enforce at the gateway.

Will hoop.dev introduce latency to my database queries?

The gateway operates at Layer 7 and adds minimal processing time for policy checks, masking, and logging. In most environments the added latency is measured in milliseconds and is outweighed by the security benefits.

Can I still use my existing CI pipelines?

Yes. CI jobs simply request an Entra token, point their client (psql, kubectl, etc.) at the hoop.dev endpoint, and let the gateway handle authentication and enforcement.

Explore the source code and contribute on GitHub

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot