← Back to Site

IDX

Identity Exchange

When a human gives an AI agent the authority to act, that authority needs a container. IDX issues machine identities and synthetic agent IDs from within your existing enterprise trust plane — federated to your IdP, scoped to your policies, and revocable at any time. No external accounts. No trust bootstrapping from scratch.

Core Job

No agent acts without a verified identity.

Issue

Creates machine identities and synthetic agent IDs — each cryptographically bound to an issuing human or organization.

Configure

Assigns personas, roles, and delegation scope. An agent can be given a buying persona, a compliance persona, or a read-only observer persona — each with different authority.

Anchor

Embeds the identity into every downstream action. When an agent interacts with another system, its IDX credential is what KYA reads to decide whether to trust it.

Enterprise-Native Issuance

Issued from within your trust plane. Not from outside it.

A Grainger buyer doesn't create an external account to issue an agent identity. They create it from inside Grainger — linked to their existing corporate credential, inside Grainger's controlled trust environment. IDX federates with the identity infrastructure already in place: Okta, Azure AD, or any enterprise IdP. The agent inherits the trust the enterprise already governs.

No new accounts

Employees link to existing corporate identities. No external signup, no shadow IT, no credentials outside the enterprise perimeter.

Federated trust

IDX connects to your existing IdP via standard federation protocols. Enterprise SSO, MFA policies, and access controls apply automatically.

Inside the perimeter

Agent identities are issued, stored, and revoked within the enterprise trust boundary. IT and security retain full control without managing a new system.

The old problem

KYC verified humans. KYB verified businesses. The rails were built assuming a person or a legal entity was on the other end of every transaction.

The new problem

AI agents now initiate transactions, sign contracts, and move money — with no human in the loop. There is no rails infrastructure for verifying machine identity. IDX builds it.

Identity Lifecycle

From human intent to machine accountability.

1. Human authorizes an agent

An operator or end-user defines what the agent is allowed to do — scope, spend limits, counterparty permissions, and duration.

2. IDX issues a synthetic identity

A machine credential is minted: cryptographically signed, bound to the authorizing human, and carrying the exact scope granted — no more, no less.

3. Agent acts under that identity

Every action the agent takes carries its IDX credential. Counterparty systems can verify who issued it, under what authority, and whether it is still valid.

4. KYA reads the credential at the gate

Before any transaction clears, KYA scores the agent's identity, delegation chain, and behavioral signals. IDX is the root of that trust chain.

5. Revocation is instant

If an agent is compromised, misbehaves, or its authorization expires, the IDX credential is revoked — and every downstream system stops accepting it immediately.

The Network Effect

An IDX credential doesn't stop at your firewall.

When a Grainger agent carries an IDX credential and connects to a supplier system that also trusts IDX, no new trust negotiation is needed. The identity is already verifiable. The scope is already declared. The delegation chain is already auditable.

This is not a separate mesh product. It is IDX operating beyond the boundary of a single organization. As more systems recognize IDX credentials, the trust fabric grows — not because anyone built a network, but because participants share a common identity standard. The same pattern SWIFT established for inter-bank settlement, applied to software agents crossing organizational boundaries.

Portable identity

IDX credentials travel with the agent. Any connected counterparty can verify who issued it, under what authority, and whether it is still valid — without calling back to the originating enterprise.

No bilateral agreements

Counterparties do not need a direct trust relationship with each other. Trust is mediated through a shared identity standard — the same model that made email, TLS, and SWIFT work at scale.

Complete observability

Every cross-boundary interaction produces an identity-rich, policy-evaluated, auditable event. At scale, every agent connection becomes a traceable record: who, what, when, which policy applied, and what the outcome was.