Agent authorization, governed for financial services.

Northstar Wealth uses Auth0 and Auth0 FGA to govern AI agents as first-class principals. Register agents, assign policies, grant capabilities, filter tools, and revoke effective access with a single authorization gate.

Restricted access

Sign in to access the control plane

The live FGA demo, assistant, policies, agent modes, and architecture views require an approved Auth0 operator session.

Agent Authorization Control Plane

Auth0 identifies agents. FGA governs what they can do.

Auth0

Identifies the agent and issues the token.

Auth0 FGA

Evaluates effective access at runtime.

The API

Enforces identity and authorization before execution.

Same control plane, different agent mode

FGA provides reusable guardrails across autonomous agents, agents acting on behalf of users, and agent-to-agent delegation. The context changes, but the pattern stays the same: registration, current authorization, policy assignment, capability grants, and final can_* decisions.

Assigned authority vs effective authority

Policy membership, role assignment, and tool grants describe assigned authority. Runtime decisions describe effective authority. The authorized_agent tuple is included in final decisions so one kill switch can revoke effective access without deleting assignments, grants, or audit history.

Works with third-party systems

FGA governs whether an agent may use an integration or capability at all. Salesforce, Google Drive, Slack, GitHub, and other downstream systems still enforce native permissions with the delegated token—without requiring a migration of external ACLs.