Redson Dev brief · PRIMARY SOURCE
Implement on-behalf-of token exchange for multi-tenant agents with Amazon Bedrock AgentCore Gateway
AWS Machine Learning · July 13, 2026
For developers and organizations scaling AI agents, this article provides a crucial architectural pattern for securely managing user identity and data access across multiple tenants. The essence of the piece is an implementation guide demonstrating how to use AWS Bedrock AgentCore Gateway to facilitate an "on-behalf-of" (OBO) token exchange. This sophisticated security mechanism allows multi-tenant AI agents to act with the specific permissions of an individual user, even when that user’s identity is managed by an external system like Okta, all while maintaining stringent access controls through JSON Web Token transformations and audience binding. This technical deep dive directly addresses the security and scalability concerns inherent in building AI-powered applications that serve diverse user groups within a shared infrastructure. Consider an independent SaaS founder in Portland, Oregon, developing an AI assistant for project management. Their platform might serve numerous small businesses, each with its own users and data. By implementing OBO token exchange, the founder can ensure that when a user from "Rose City Creative" asks the agent to summarize tasks, the agent only accesses Rose City Creative’s data, even if another tenant, "Cascadia Design," uses the same underlying AI agent. Similarly, a logistics startup in Chicago deploying an AI agent to optimize delivery routes could securely allow individual freight managers to interact with the agent using their existing company credentials, knowing that the agent's actions and data access are precisely limited to their scope, preventing unauthorized cross-tenant data exposure. Even for internal teams, the pattern holds value. An IT department at a mid-sized financial services firm in New York City could leverage this for internal AI tools. If they build an agent to assist with compliance inquiries, OBO token exchange would ensure that an agent responding to a request from the fraud detection team only accesses fraud-related data, while the same agent, when queried by the audit team, accesses audit-specific datasets, all without needing to re-authenticate or build separate agents for each internal group. This approach streamlines development, reduces operational overhead, and significantly enhances the security posture of multi-tenant or multi-team AI agent deployments. To begin exploring this, consider a small internal tool where an AI agent interacts with simulated user data. Set up a basic multi-tenant structure, perhaps with just two dummy tenants, and attempt to implement a simple token exchange mechanism using a placeholder identity provider to understand the flow and the transformations involved.
Source / further reading
Learn more at AWS Machine Learning →