Agen for SaaS is designed with security and compliance at every layer. Every AI agent interaction passes through a multi-layered governance pipeline that enforces authentication, authorization, policy evaluation, data protection, and full audit logging.
The Agen for SaaS MCP Gateway enforces the following security layers on every request:
| Layer | Purpose |
|---|---|
| Authentication | Every request must include a valid identity token. Supports Frontegg and any OIDC-compliant provider. |
| Access control | JWT-based role and permission checks ensure only authorized users can invoke specific tools. |
| Policies | Conditional rules evaluate request context and enforce deny, step-up, or approval actions. |
| Approval flows | Human-in-the-loop review for sensitive operations with multi-step, multi-channel notifications. |
| Data protection | Automatic masking of PII, PHI, PCI, and other sensitive data types in tool responses. |
| Hooks | Custom JavaScript code for additional validation, transformation, and enforcement logic. |
| Monitoring | Full audit trail of every interaction, policy decision, and approval event. |
Agen for SaaS helps you meet requirements for:
| Framework | How Agen for SaaS helps |
|---|---|
| SOC 2 | Full audit logging of all AI agent actions, policy enforcement, and approval workflows. |
| GDPR | Data protection policies with GDPR-specific masking types. Conditional targeting for EU data subjects. |
| HIPAA | PHI masking with 39 predefined health data types. Access control and approval flows for health data tools. |
| PCI DSS | Payment card data masking. Tool-level access restrictions for payment endpoints. |
| CCPA | California-specific data type masking and conditional enforcement. |