v1.4 · AD-native RBAC for agents

Secure, authenticated agent runtimes — orchestrated like infrastructure.

Powerloom is the control plane for managed agent fleets. Directory-grade RBAC, OUs, and audit — so the agents your teams ship have the same identity story as the humans.

Start for free →See how it works
SOC 2 Type II SSO + SCIM on every plan Self-hosted available
LIVE · policy decisions · 4.3k calls / min across 14 OUs
support-triagerun-as · kaipg-writerrun-as · servicerepo-analyzerrun-as · janefiles-supportpg-analyticsslack-opsgmail-sendPOWERLOOM · POLICY PLANErbac.checkokou.bindingsokdeny.mergeokpolicy.evalokDECISIONS files.read slack.post gmail.sendfiles.read
How it works

Three concepts. Every auth decision in your agent fleet.

If you've configured Active Directory, you've already used Powerloom's mental model. OUs, security groups, role bindings, deny precedence — ported to agents, their tools, and their runtime.

Step 01

Model your org

Nest OUs the way engineering already does — by team, environment, or tenant. Agents, MCP deployments, and human members live inside an OU and inherit its policy.

▸ acme
▸ engineering
▾ platform · 2 agents · 2 MCPs
• pg-writer (service)
• repo-analyzer (user)
▸ support
▸ accounting
Step 02

Bind roles, merge denies

Grant AgentAuthor to eng-leads. Deny invocations outside business hours. Stacked bindings resolve with AD semantics — deny always wins, inheritance flows down.

allow
eng-leads
OUAdmin
allow
usr.raj
AgentAuthor
deny
contractors
inherited · acme
AgentAuthor
allow
svc.pg-writer
DeploymentOperator
Step 03

Run, and see every call

Agents call MCP tools through the Powerloom runtime. Every request is checked against the merged policy, logged with a decision, and streamed to the session console in real time.

14:22:07session.startpg-writer · usr.raj
14:22:08tool.callsql.explain
14:22:08policy.check✓ allow · rbac
14:22:09tool.resultrows=84 · 612ms
14:22:11tool.callsql.migrate
14:22:11policy.check✗ deny · out-of-hours
14:22:11session.idle_endreason=policy
Platform

A full control plane, not a wrapper.

Every surface the IT admin already expects — directory, RBAC, deployment, audit — designed for agents from the ground up. No SaaS glue.

Organizational units

Nest agents and MCP deployments under OUs that mirror your org chart. Inheritance, delegated admin, and cross-OU policy just like AD.

OUsinheritancedelegation

RBAC with deny precedence

Built-in roles (OrgAdmin, AgentAuthor, DeploymentOperator) + custom roles scoped to an OU or the whole org. Deny wins; merges are deterministic.

built-in + customdeny-mergeSCIM

Authored agent runtimes

Write an agent once, deploy to an OU. Managed Claude runtime, scoped tools, sandboxed sessions, and pinned MCP server versions.

Claude Sonnet 4.5sandboxedversioned

Managed MCP deployments

Deploy postgres, files, slack, and custom MCP templates with health-checked rollouts. Config, secrets, and RBAC are all part of the same manifest.

templatesrolloutsdrift-aware

Session streams + audit

Every agent turn, tool call, and policy decision lands in an append-only session log. Replay, export to SIEM, redact at read time.

append-onlySIEMredaction

Workflows

Compose agents into DAGs with approvals and branches. Run in design mode to trace; in run mode to ship. Same policy plane.

DAGapproval gatessub-workflows
Infra-as-code

Declarative, reviewable, diff-able.

Every OU, binding, agent, and MCP deployment is a YAML manifest. Apply with the CLI, review in PR, roll back on drift.

  • powerloom apply — plan, diff, rollout
  • Policy simulator runs in CI on every PR
  • Git-native: the manifest is the source of truth
  • Drift detection alerts when the live state diverges
$ powerloom apply -f acme/
// planning changes against ou=acme …

+ ou               acme/engineering/platform
+ role-binding     eng-leads → OUAdmin        (scope=platform)
~ role-binding     contractors ✗ AgentAuthor  (effect: allow → deny)
+ agent            pg-writer                  (model=claude-opus-4-1)
+ mcp-deployment   pg-analytics               (template=postgres v3)

// 5 changes · 0 warnings. apply? [y/N] y
 applied in 1.4s · run apl_9f2ac4
Security & compliance

Designed for IT admins. Audited like infrastructure.

Zero-trust by default. Every agent action is authenticated, authorized, and logged — and every policy decision is reproducible.

RBAC
AD-native

OUs, security groups, role bindings, and deny precedence. Import from Okta, Entra ID, Google Workspace via SCIM.

Identity
SSO + SCIM

SAML 2.0 and OIDC with any IdP. SCIM 2.0 for user and group provisioning. Service-account identities for agents.

Audit
Append-only

Every session, tool call, and policy decision. Streamed to Splunk, Datadog, S3. Cryptographically signed.

Compliance
SOC 2 · ISO 27001

Audited annually. HIPAA available on Enterprise. FedRAMP Moderate in progress.

The console

A single pane. Every agent, every call, every policy.

Ship agents from the CLI or the console. Either way, your team sees the same directory, the same policy tree, and the same live sessions.

powerloom.app / console / ou / acme / engineering / platform
Powerloom
Overview
OUs
Agents
Sessions
MCPs
Workflows
acme / engineering / platform
Platform
MembersGroupsRole bindingsPoliciesAgentsDeployments
alloweng-leadsgroupOUAdmindirect
allowusr.rajuserAgentAuthordirect
allowusr.meiuserDeploymentOperatordirect
allowsvc.pg-writeragentDeploymentOperatordirect
denycontractorsgroupAgentAuthorinherited from acme
Ship secure agents

The operator plane for agent fleets.

Start in your sandbox tenant in under 10 minutes. No quota, no CC.

Get started →Read the docs