Non-Human Identities for the Claude Agent SDK: A Practical Guide

Many assume that the Claude Agent SDK can only authenticate using human‑centric credentials like passwords or interactive logins. In reality, the SDK can work with non-human identity, which means a service account or machine principal issued by an identity provider.

Teams that skip this option often embed a shared user token inside the agent’s configuration, or they grant the agent a broad IAM role that covers many workloads. The result is an over‑privileged AI that can read or modify data it never needs, and every action it takes is indistinguishable from a human operator. Auditors cannot tell whether a query came from a person or an autonomous process, and any accidental data leak leaves no clear trail.

This unsanitized state is common because the Claude Agent SDK talks directly to the target service, whether a database, a Kubernetes API, or an internal HTTP endpoint. The SDK presents the token it received from the identity provider, and the target accepts it without any additional checks. The connection bypasses any enforcement layer, so there is no inline data masking, no command‑level approval, and no session recording. The setup decides who may start a request, but it provides no guardrails once the request reaches the resource.

Why a dedicated non-human identity matters

Non-human identity solves two problems at once. First, it lets you assign the minimum set of permissions required for the Claude agent’s specific task, satisfying the principle of least privilege. Second, it creates a stable, auditable subject that can be referenced in policy decisions. When the agent is granted a service account that only allows read‑only access to a particular database schema, any attempt to write will be rejected by the identity system before it even reaches the database.

However, using a service account alone does not give you visibility into what the agent actually does. The request still travels straight to the backend, and the backend records only the fact that a service account made a connection. It cannot capture the exact SQL statements, redact personally identifiable information, or require a human to approve risky commands.

Introducing hoop.dev as the data‑path enforcement point

hoop.dev provides the missing layer that turns a bare non-human identity into a fully governed access channel. It sits in the Layer 7 data path between the Claude Agent SDK and the target service. When the agent presents its OIDC token, hoop.dev validates the token, extracts the service‑account claims, and then applies policy before forwarding the request.

Because hoop.dev is the gateway, it can enforce every required outcome:

• hoop.dev records each session, creating a replayable audit log that ties every command back to the non-human identity.
• hoop.dev masks sensitive fields in responses, ensuring that downstream logs or dashboards never expose credit‑card numbers or social security numbers.
• hoop.dev blocks commands that fall outside the approved scope, such as DDL statements when the service account is meant only for SELECT queries.
• hoop.dev routes high‑risk operations to a human approver, adding a just‑in‑time approval step before the command reaches the database.

All of these controls happen because the gateway is the only place where traffic can be inspected and altered. The identity setup alone cannot provide them.

Practical steps to bind a Claude agent to a non-human identity through hoop.dev

1. Create a service account in your identity provider (Okta, Azure AD, Google Workspace, etc.) and assign it the exact permissions the Claude agent needs. This is the setup phase: it decides who the request is and whether it may start.

2. Register the target resource (for example, a PostgreSQL instance) in hoop.dev. During registration, supply the service‑account credentials that hoop.dev will use to authenticate to the backend. hoop.dev stores those credentials securely; the agent never sees them.

3. Configure the Claude Agent SDK to obtain an OIDC token for the service account. The SDK sends that token to hoop.dev instead of directly to the database.

4. When the agent initiates a query, hoop.dev validates the token, checks the policy attached to the non-human identity, and then proxies the request. The data path enforces masking, command blocking, and approval as described above.

5. Review the session recordings and audit logs in hoop.dev’s UI or export them to your SIEM. Because hoop.dev generated the evidence, you have a complete audit trail for compliance and incident response.

For detailed configuration steps, see the getting‑started guide and the learn section, which cover service‑account registration, policy authoring, and audit‑log access.

FAQ

Can I use the same non-human identity for multiple Claude agents?

Yes, but you should limit the permissions to the common subset required by all agents. If an agent needs broader rights, create a separate service account with a tighter policy.

What happens if the service account is compromised?

Because hoop.dev validates every request, you can revoke the account in the IdP and the gateway will immediately reject any further tokens. All prior sessions remain recorded for forensic analysis.

Do I still need to rotate credentials on the backend?

hoop.dev stores the backend credentials, so you should follow your normal rotation schedule. The gateway will pick up the new secret without requiring changes to the Claude agent.

Ready to see the code in action? View the open‑source repository on GitHub.