Security model

Security model
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

Agen for SaaS operates on a zero-trust security model. Every request from an AI agent is treated as potentially untrusted and must pass through multiple verification and enforcement layers before reaching your APIs.

Zero-trust principles

Principle	Implementation
Verify explicitly	Every request must include a valid authentication token. No implicit trust based on network location.
Least-privilege access	Tools are only accessible to users with explicitly assigned roles or permissions via access control rules.
Assume breach	All actions are logged, all sensitive data is masked, and all critical operations require human approval.

Identity and authentication

All requests must include a valid JWT issued by your configured auth provider (Frontegg or OIDC).
JWTs are validated on every request — expired, malformed, or unsigned tokens are rejected.
The authorization server federation URL provides the endpoint for token validation.
Custom domains can be configured for both authentication and MCP Gateway endpoints.

Multi-tenant isolation

Each tenant's data and policy context is isolated.
JWT claims (tenant ID, roles, permissions) drive all access control and policy decisions.
Tenant-level policy delegation allows customers to add their own governance within platform boundaries.
Global policies set by the platform provider cannot be overridden by tenant-level policies.

Backend verification

Agen for SaaS signs requests forwarded to your backend APIs with cryptographic signatures (SHA-256 HMAC). This allows your backend to verify that requests originate from your MCP Gateway and have not been tampered with.

For implementation details, see Backend trust and verification.

Defense-in-depth layers

Requests pass through the following layers in order:

TLS encryption — All communication is encrypted in transit.
Authentication — Token validation and identity verification.
Access control — Role and permission-based tool restrictions.
Policies — Conditional rule evaluation (deny, step-up, approval).
Hooks — Custom code execution for additional validation.
Data protection — Sensitive data masking in responses.
Monitoring — Complete audit trail of the entire interaction.

Security modelCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from ClaudeConnect to CursorInstall MCP server on CursorConnect to VS CodeInstall MCP server on VS Code