Salesforce Agent Platform Governance for Developers

Enterprise Agent Platform: Enforcing Identity, Data, and API Governance

As enterprises rapidly deploy AI agents, governance strategies often become siloed. Traditional approaches that enforce identity, data access, and API security independently create security gaps, especially as agents interact across multiple systems. Salesforce Engineering has shifted focus to platform-level governance, integrating Agentforce, Data 360, MuleSoft, Informatica, and the core platform to secure every interaction.

This document details how Salesforce addresses three critical governance challenges:

1. Propagating Identity and Authorization across multi-system agent workflows.
2. Centralizing Enforcement to prevent governance bypasses.
3. Unifying Governance across data, APIs, and AI models.

Propagating Identity and Authorization Across Multi-System Agent Workflows

Complex agent workflows involve multiple downstream API calls, inter-platform service invocations, and coordinated agent actions. Without consistent identity propagation, attributing, governing, and auditing these actions becomes difficult.

The core Salesforce platform propagates identity throughout the execution chain:

• User-driven agents: Propagate the invoking user's identity.
• Autonomous agents: Rely on their own system identity.

This ensures a consistent identity context for every action, irrespective of workflow complexity. This architectural choice differentiates between agents acting independently and those acting as user proxies, a critical distinction given the expanded impact of agent-driven workflows.

Authorization builds upon this identity model using the Principle of Least Privilege. Tokens are scoped to the minimum required permissions. The platform also governs which agent actions are discoverable and usable, aligning with authorization policies. By propagating both user and agent identities, access policies can be granularly applied.

This consistent propagation of identities makes them durable and reliable authorization attributes, governing every interaction in distributed workflows, not just point-in-time checks.

Centralized Enforcement to Prevent Governance Bypasses

Agentic workflows significantly increase data access and connectivity, straining traditional governance models. Data flows through APIs, unstructured search, external connectors, and multi-step orchestrations, creating potential bypass opportunities.

To mitigate this, Data 360 and the core Salesforce platform route all data access through a unified enforcement layer. This layer acts as a gatekeeper between access patterns and underlying systems, ensuring uniform policy application.

This centralized model integrates several control layers:

• Role-based and Attribute-based policies
• Object, field, and row-level security
• Dynamic masking

Data 360 facilitates Agentforce agents' access to unified enterprise data, including real-time and zero-copy sources, while applying platform-managed data governance. These controls extend to both structured and unstructured data, with capabilities for sensitive information detection and tagging during ingestion for consistent enforcement at retrieval. This reduces the risk of exposing restricted content in agent responses. Governance is maintained even when agents access external systems via zero-copy architectures through the platform's data access and policy enforcement mechanisms.

A key design principle is independence from agent behavior. An agent only retrieves data permitted by the underlying access model, regardless of request construction or system involvement.

Unifying Governance Across Data, APIs, and AI Models

Isolated governance layers are insufficient when agents interact across systems, APIs, and AI models. Identity, data, and API controls must be enforced consistently as workflows cross platform boundaries and involve external services.

• MuleSoft provides a unified policy enforcement layer for consistent controls across APIs, integrations, and external systems. It evaluates API traffic against policies like authentication, authorization, and rate limiting, enforcing governance at configured points.
• Informatica enhances policy enforcement through automated data discovery and classification across enterprise architecture. By mapping data lineage and enriching semantic context from external systems (ERPs, third-party data warehouses), it eliminates governance blind spots, ensuring AI agents comply with data handling policies and respect sensitive data boundaries.

The rapid adoption of enterprise AI has led to fragmented model access and governance, lacking cost controls, audit trails, and consistent policy enforcement for LLM interactions. This often results in an auditable, optimizable, and trustable AI estate.

MuleSoft's AI Gateway offers a unified access layer for multiple LLM providers, enabling governance, intelligent routing, and cost management for AI applications.

Beyond real-time enforcement, the platform provides visibility for governance validation and improvement. Trace data from agentic interactions is aggregated in Data 360, serving as a unified observability layer for tracking activity across Salesforce and external systems. This enables:

• End-to-end reconstruction of agent behavior.
• Auditing of data access across systems.
• Identification of unexpected patterns or anomalies.

AI model interactions introduce unique risks (data persistence, sensitive information sharing) requiring new governance controls. The Agentforce Trust Layer addresses these by enforcing responses grounded in enterprise data, masking sensitive information, and preventing external model providers from retaining customer data.

These layers operate collaboratively. Every request is evaluated across identity, data governance, API policies, and AI trust. Actions failing any constraint are blocked or restricted.

The Path Forward

AI agents enhance enterprise system capabilities but also expand the potential risk surface. Securing these environments demands embedding governance into every decision and execution layer, not relying solely on edge controls.

Salesforce integrates identity, data access, API interactions, and AI behavior into a single, cohesive system. This ensures governance remains robust even as agents operate in complex, distributed environments.

As agent ecosystems evolve, Agentforce will continue to enforce trust, governance, and interoperability. This architectural foundation supports future growth and complexity.

This approach establishes a framework for the industry where effective governance is continuously enforced, fully observable, and designed to adapt alongside the systems it protects.

Key Takeaways

• Implement platform-level governance to address fragmented AI agent security.
• Propagate user and system identity consistently across multi-system workflows.
• Utilize a unified enforcement layer for data access, integrating role-based, attribute-based, and fine-grained security controls.
• Leverage integration platforms like MuleSoft and data governance tools like Informatica for comprehensive API and data policy enforcement.
• Implement centralized AI gateways and trust layers to manage LLM interactions and mitigate associated risks.
• Establish robust observability through trace data aggregation for auditing and anomaly detection.
• Design for adaptability, ensuring governance evolves with agent ecosystem complexity.