Building an Enterprise Agent Platform: Enforcing Identity, Data, and API Governance

While enterprises deploy AI agents at a rapid pace, their governance strategies often remain fragmented. Most organizations enforce identity, data access, and API security in separate silos, which creates dangerous gaps as agents move across systems. Salesforce Engineering addresses this by shifting the focus from securing individual agents to enforcing governance at the platform level.

We designed a unified governance system across Agentforce, Data 360, MuleSoft, Informatica, and our core platform to address these gaps and ensure that identity, data, and APIs work together to protect every interaction.

Join us as we explore how our team addresses three critical challenges. We show how identity and authorization propagate across multi-system workflows to keep every action secure. We examine how data access controls remain active regardless of how agents process data. Finally, we demonstrate how a unified control model integrates identity, data governance, API enforcement, and AI trust into a single safeguard for every interaction.

Propagating Identity and Authorization Across Multi-System Agent Workflows

Agent workflows exacerbate the challenges of enforcing identity across systems. A single request often triggers multiple downstream API calls, invokes services across platforms, and coordinates with other agents. This complexity means that without consistent identity propagation, organizations struggle to attribute, govern, and audit actions across systems.

To solve this, the core Salesforce platform propagates identity across each step of execution. When an agent operates on behalf of a user, that user’s identity also flows through every downstream interaction, whereas autonomous agents rely on their own (system) identity. This continuous flow ensures every action occurs within a consistent identity context regardless of the workflow complexity.

This architectural choice allows systems to distinguish between agents operating as independent identities and those acting as proxies for users. Because agent-driven workflows expand the potential impact of actions compared to deterministic systems, this distinction remains vital. Consistent identity propagation actively limits unintended consequences across downstream systems.

Authorization then builds on this identity model by enforcing data and feature access controls based on Principle of Least Privilege, with tokens scoped to only the permissions required. The platform also governs which actions an agent can discover and use in alignment with these authorization policies. Because both user and agent identities are propagated, access policies can be applied to grant the appropriate level of permissions for each.

Ultimately, the consistent propagation of human and agent identities ensures that these identities can be durable and reliable authorization attributes, governing every interaction across distributed workflows rather than a simple point-in-time check.

Centralized Enforcement to Prevent Governance Bypasses 

Agentic workflows dramatically increase the volume of data being accessed and connected; this stresses traditional governance and demands uniform enforcement to prevent unintentional exposure. Data moves through APIs, unstructured search, external connectors, and multi-step orchestration. Without centralized enforcement, these complex paths allow users or agents to bypass governance entirely.

To prevent these gaps, Data 360 and the core Salesforce platform route all data access through a unified enforcement layer. This layer sits between access patterns and underlying systems to ensure the same policies apply to every request. Whether an action originates from a user interface, an API, or an autonomous agent, the system evaluates security before returning any data.

Data 360 provides the foundation for Agentforce agents to access unified enterprise data, including real-time and zero-copy sources, while applying data governance controls managed within the platform. These controls extend to both structured and unstructured data, with capabilities to detect and tag sensitive information during ingestion so policies can be enforced consistently at retrieval. This helps reduce the risk of exposing restricted content in agent responses. Even when agents access external systems through zero-copy architectures, governance is applied through the platform’s data access and policy enforcement mechanisms.

The defining property of this design centers on its independence from agent behavior. An agent only retrieves what the underlying access model permits, regardless of how it constructs a request or how many systems it involves.

Unifying Governance Across Data, APIs and AI Models

Enforcing governance in isolated layers fails as agents interact across systems, APIs, and AI models. Identity, data, and API controls must be enforced consistently even as workflows cross platform boundaries and involve external services. Because agents operate across these layers, governance must function as a unified model within Agentforce-driven workflows.

MuleSoft provides a unified policy enforcement layer that helps apply consistent controls across APIs, integrations, and external systems. The system evaluates API traffic against defined policies, such as authentication, authorization, and rate limiting, ensuring governance is applied where those policies are configured and enforced.

Informatica strengthens policy enforcement by providing automated discovery and classification of data across the enterprise architecture. By mapping data lineage and enriching semantic context from external systems, including ERPs and third-party data warehouses, it helps eliminate governance ‘blind spots.’ This ensures AI agents comply with data handling policies and respect sensitive data boundaries, regardless of whether the data originated in Salesforce or was integrated from an external environment.

The rapid pace of enterprise AI adoption has resulted in fragmented model access and governance that lacks the comprehensive cost controls, durable audit trails, and consistent policy enforcement required for enterprise-scale LLM interactions. Consequently, most organizations maintain an AI estate that is difficult to audit, expensive to optimize, and challenging to trust at scale, often leading to unforeseen cloud costs when requests default to the most expensive models.

MuleSoft’s AI Gateway addresses these challenges by providing a unified access layer for multiple Large Language Model (LLM) providers. It enables governance, intelligent routing, and cost management for AI applications.

Furthermore, AI model interactions introduce unique risks, such as data persistence and sharing of sensitive information, that require a new set of governance controls. The Agentforce Trust Layer addresses these challenges by enforcing responses grounded in enterprise data, masking sensitive information, and preventing external model providers from retaining or persisting customer data.

Ultimately, these layers operate together rather than independently. The platform evaluates every request across identity, data governance, API policies, and AI trust. If the interaction fails to satisfy any constraint, the system blocks or restricts the action.

The Path Forward

AI agents expand the capabilities of enterprise systems while simultaneously increasing the surface area for potential risks. Securing these environments requires more than simple edge controls. It demands that organizations embed governance into every layer where the system makes decisions and executes actions.

Salesforce meets this requirement by treating identity, data access, API interactions, and AI behavior as a single, integrated system. This integration ensures that governance remains intact even as agents operate across complex, distributed environments.

As these agent ecosystems evolve, Agentforce continues to play a central role in enforcing trust, governance, and interoperability across enterprise agent systems. This architectural foundation provides the necessary framework for future growth and complexity.

This approach defines the path forward for the industry. Effective governance must be continuously enforced, fully observable, and designed to evolve alongside the very systems it protects.